diff options
| author | RGIB <gibellini.roberto@gmail.com> | 2016-11-29 00:38:19 +0100 |
|---|---|---|
| committer | RGIB <gibellini.roberto@gmail.com> | 2016-11-29 00:38:19 +0100 |
| commit | 21ab75dbbec3cc2023ac32e1c31b6eb6288bcd0c (patch) | |
| tree | 82623095b6b3f2b8854c7b2afc44ba85f1950456 /selinux | |
| parent | 8695117a9279ee2f7c1715ebeaf249c526a1b7bc (diff) | |
| download | device_samsung_i9305-21ab75dbbec3cc2023ac32e1c31b6eb6288bcd0c.zip device_samsung_i9305-21ab75dbbec3cc2023ac32e1c31b6eb6288bcd0c.tar.gz device_samsung_i9305-21ab75dbbec3cc2023ac32e1c31b6eb6288bcd0c.tar.bz2 | |
i9305 : update selinux and fstab to avoid bootloop
Change-Id: Id3b4503f328b4dcc353cec4cf7b8d9d30c4e5e97
Diffstat (limited to 'selinux')
| -rw-r--r-- | selinux/device.te | 1 | ||||
| -rw-r--r-- | selinux/domain.te | 3 | ||||
| -rw-r--r-- | selinux/efsks.te | 1 | ||||
| -rw-r--r-- | selinux/file_contexts | 2 | ||||
| -rw-r--r-- | selinux/fsck.te | 3 | ||||
| -rw-r--r-- | selinux/ks.te | 1 | ||||
| -rw-r--r-- | selinux/macloader.te | 1 | ||||
| -rw-r--r-- | selinux/mediaserver.te | 10 | ||||
| -rw-r--r-- | selinux/qcks.te | 10 | ||||
| -rw-r--r-- | selinux/rild.te | 6 | ||||
| -rw-r--r-- | selinux/sysinit.te | 6 | ||||
| -rw-r--r-- | selinux/system_server.te | 10 | ||||
| -rw-r--r-- | selinux/ueventd.te | 3 | ||||
| -rw-r--r-- | selinux/vold.te | 1 |
14 files changed, 25 insertions, 33 deletions
diff --git a/selinux/device.te b/selinux/device.te index 53e4bf4..abb0e19 100644 --- a/selinux/device.te +++ b/selinux/device.te @@ -1,3 +1,2 @@ type mmc_block_device, dev_type; type efs_device_file, file_type; - diff --git a/selinux/domain.te b/selinux/domain.te new file mode 100644 index 0000000..74c7d76 --- /dev/null +++ b/selinux/domain.te @@ -0,0 +1,3 @@ +allow domain kernel:system module_request; +allow domain log_device:chr_file { read write open }; +allow domain log_device:dir search; diff --git a/selinux/efsks.te b/selinux/efsks.te index 3635159..2fb76b1 100644 --- a/selinux/efsks.te +++ b/selinux/efsks.te @@ -3,4 +3,3 @@ type efsks_exec, exec_type, file_type; init_daemon_domain(efsks) domain_trans(init, rootfs, efsks) - diff --git a/selinux/file_contexts b/selinux/file_contexts index 1b3d289..a0cddd3 100644 --- a/selinux/file_contexts +++ b/selinux/file_contexts @@ -33,6 +33,8 @@ /data/misc/radio(/.*)? u:object_r:radio_data_file:s0 /tombstones/qcks(/.*)? u:object_r:radio_data_file:s0 +/efs/FactoryApp(/.*)? u:object_r:radio_data_file:s0 +/efs/imei u:object_r:radio_data_file:s0 /dev/block/mmcblk0p0 u:object_r:mmc_block_device:s0 /dev/block/mmcblk0p1 u:object_r:mmc_block_device:s0 diff --git a/selinux/fsck.te b/selinux/fsck.te index d2fcb8f..533eedd 100644 --- a/selinux/fsck.te +++ b/selinux/fsck.te @@ -1,3 +1,2 @@ -allow fsck mmc_block_device:blk_file ioctl; allow fsck self:capability dac_override; -allow fsck mmc_block_device:blk_file { read write getattr open }; +allow fsck mmc_block_device:blk_file { ioctl read write getattr open }; diff --git a/selinux/ks.te b/selinux/ks.te index 62dc281..e4667b3 100644 --- a/selinux/ks.te +++ b/selinux/ks.te @@ -3,4 +3,3 @@ type ks_exec, exec_type, file_type; init_daemon_domain(ks) domain_trans(init, rootfs, ks) - diff --git a/selinux/macloader.te b/selinux/macloader.te index 000a711..386dfe5 100644 --- a/selinux/macloader.te +++ b/selinux/macloader.te @@ -1 +1,2 @@ allow macloader efs_file:file { read getattr open }; +allow macloader wifi_data_file:file create; diff --git a/selinux/mediaserver.te b/selinux/mediaserver.te index 3ebbf85..5f41f1a 100644 --- a/selinux/mediaserver.te +++ b/selinux/mediaserver.te @@ -1,11 +1,9 @@ -allow mediaserver camera_data_file:file write; +allow mediaserver camera_data_file:file { write open }; allow mediaserver mnt_user_file:dir search; allow mediaserver storage_file:dir search; allow mediaserver storage_file:lnk_file read; allow mediaserver self:socket create; -allow mediaserver socket_device:dir write; -allow mediaserver socket_device:dir add_name; -allow mediaserver socket_device:sock_file create; -allow mediaserver socket_device:sock_file write; +allow mediaserver socket_device:dir { add_name write }; +allow mediaserver socket_device:sock_file { setattr write create }; allow mediaserver qmuxd:unix_stream_socket connectto; -allow mediaserver socket_device:sock_file setattr; +allow mediaserver mnt_user_file:lnk_file read; diff --git a/selinux/qcks.te b/selinux/qcks.te index cb72379..7e8ac4a 100644 --- a/selinux/qcks.te +++ b/selinux/qcks.te @@ -6,18 +6,14 @@ domain_trans(init, rootfs, qcks) allow qcks efsks_exec:file { read getattr open execute execute_no_trans }; allow qcks ks_exec:file { read getattr open execute execute_no_trans }; -allow qcks mmc_block_device:blk_file getattr; +allow qcks mmc_block_device:blk_file { read open write getattr }; allow qcks radio_device:chr_file { read getattr open ioctl }; allow qcks self:capability setuid; allow qcks serial_device:chr_file { read write getattr open ioctl }; -allow qcks shell_exec:file execute_no_trans; allow qcks vfat:file { read getattr open }; -allow qcks mmc_block_device:blk_file { read open }; allow qcks radio_data_file:dir search; -allow qcks radio_data_file:file { read write getattr open }; -allow qcks radio_data_file:file setattr; -allow qcks mmc_block_device:blk_file write; +allow qcks radio_data_file:file { setattr read write getattr open }; allow qcks vfat:dir search; -allow qcks shell_exec:file { read execute open }; +allow qcks shell_exec:file { execute_no_trans read execute open }; allow qcks radio_device:dir search; allow qcks unlabeled:dir search; diff --git a/selinux/rild.te b/selinux/rild.te index d55d205..45d2b59 100644 --- a/selinux/rild.te +++ b/selinux/rild.te @@ -1,6 +1,4 @@ allow rild proc_net:file write; allow rild qmuxd:unix_stream_socket connectto; -allow rild socket_device:dir { write add_name }; -allow rild socket_device:sock_file { write create setattr }; -allow rild socket_device:dir remove_name; -allow rild socket_device:sock_file unlink; +allow rild socket_device:dir { remove_name write add_name }; +allow rild socket_device:sock_file { unlink write create setattr }; diff --git a/selinux/sysinit.te b/selinux/sysinit.te index 1185361..6ba2577 100644 --- a/selinux/sysinit.te +++ b/selinux/sysinit.te @@ -1,5 +1,3 @@ -allow sysinit camera_data_file:dir { read open }; -allow sysinit camera_data_file:file setattr; allow sysinit self:capability { fowner chown fsetid }; -allow sysinit camera_data_file:dir getattr; -allow sysinit camera_data_file:file { read write getattr open }; +allow sysinit camera_data_file:file { create setattr read write getattr open }; +allow sysinit camera_data_file:dir { read open search write add_name getattr }; diff --git a/selinux/system_server.te b/selinux/system_server.te index 5f36b6f..0212c0a 100644 --- a/selinux/system_server.te +++ b/selinux/system_server.te @@ -1,8 +1,8 @@ allow system_server efs_file:dir search; -allow system_server uhid_device:chr_file { read write }; +allow system_server uhid_device:chr_file { ioctl open read write }; allow system_server self:capability sys_module; -allow system_server socket_device:dir write; allow system_server sensors_device:chr_file { read write }; -allow system_server socket_device:dir add_name; -allow system_server uhid_device:chr_file open; -allow system_server efs_file:file read; +allow system_server socket_device:dir { write add_name }; +allow system_server efs_file:file { open read }; +allow system_server qmuxd:unix_stream_socket connectto; +allow system_server socket_device:sock_file { write create setattr }; diff --git a/selinux/ueventd.te b/selinux/ueventd.te index c26cdeb..6cc7795 100644 --- a/selinux/ueventd.te +++ b/selinux/ueventd.te @@ -1,2 +1 @@ -allow ueventd radio_device:file getattr; -allow ueventd radio_device:file { write open }; +allow ueventd radio_device:file { getattr write open }; diff --git a/selinux/vold.te b/selinux/vold.te new file mode 100644 index 0000000..e6b5f60 --- /dev/null +++ b/selinux/vold.te @@ -0,0 +1 @@ +allow vold efs_file:dir { open read ioctl }; |