diff options
author | sbrissen <sbrissen@hotmail.com> | 2015-03-13 09:37:00 -0400 |
---|---|---|
committer | sbrissen <sbrissen@hotmail.com> | 2015-03-13 09:39:12 -0400 |
commit | 77686ea73b34bed50c65750cd9b0cba0fab997f1 (patch) | |
tree | fdd092c4ab23333a952457b1fda05588ec36330d | |
parent | 3f7af15c43750e5fd5ee64b1860025ef27c7a4ff (diff) | |
download | device_samsung_kona-common-77686ea73b34bed50c65750cd9b0cba0fab997f1.zip device_samsung_kona-common-77686ea73b34bed50c65750cd9b0cba0fab997f1.tar.gz device_samsung_kona-common-77686ea73b34bed50c65750cd9b0cba0fab997f1.tar.bz2 |
kona: address more selinux denials
-fixes bluetooth and video
Change-Id: I86c7709533970eddee3647a1283ac1e12fc01437
-rw-r--r-- | BoardConfigCommon.mk | 2 | ||||
-rw-r--r-- | selinux/bluetooth.te | 2 | ||||
-rw-r--r-- | selinux/device.te | 4 | ||||
-rw-r--r-- | selinux/file_contexts | 2 | ||||
-rw-r--r-- | selinux/mediaserver.te | 4 | ||||
-rw-r--r-- | selinux/netd.te | 1 |
6 files changed, 14 insertions, 1 deletions
diff --git a/BoardConfigCommon.mk b/BoardConfigCommon.mk index cba82a0..d495cc8 100644 --- a/BoardConfigCommon.mk +++ b/BoardConfigCommon.mk @@ -45,6 +45,7 @@ BOARD_SEPOLICY_DIRS += \ device/samsung/kona-common/selinux BOARD_SEPOLICY_UNION += \ + bluetooth.te \ file_contexts \ te_macros \ device.te \ @@ -54,6 +55,7 @@ BOARD_SEPOLICY_UNION += \ init.te \ kickstart.te \ mediaserver.te \ + netd.te \ netmgrd.te \ qmux.te \ rild.te \ diff --git a/selinux/bluetooth.te b/selinux/bluetooth.te new file mode 100644 index 0000000..a6e68b8 --- /dev/null +++ b/selinux/bluetooth.te @@ -0,0 +1,2 @@ +allow bluetooth smd_device:chr_file { read write ioctl open }; +allow bluetooth sysfs:file { write };
\ No newline at end of file diff --git a/selinux/device.te b/selinux/device.te index c95050b..087a624 100644 --- a/selinux/device.te +++ b/selinux/device.te @@ -1,4 +1,8 @@ type mali_device, dev_type, mlstrustedobject; +type mfc_device, dev_type; type rfkill_device, dev_type; type diagnostic_device, dev_type; type efs_block_device, dev_type; + +#device type for smd device nodes, ie /dev/smd* +type smd_device, dev_type;
\ No newline at end of file diff --git a/selinux/file_contexts b/selinux/file_contexts index e0dc817..fe80da5 100644 --- a/selinux/file_contexts +++ b/selinux/file_contexts @@ -3,6 +3,8 @@ /dev/ump u:object_r:mali_device:s0 /dev/fimg2d u:object_r:mali_device:s0 +/dev/s3c-mfc u:object_r:mfc_device:s0 + # RIL /dev/mdm u:object_r:radio_device:s0 /dev/hsicctl[0-3]* u:object_r:radio_device:s0 diff --git a/selinux/mediaserver.te b/selinux/mediaserver.te index 011f7c6..d2c07f4 100644 --- a/selinux/mediaserver.te +++ b/selinux/mediaserver.te @@ -1,7 +1,9 @@ -qmux_socket(mediaserver) +qmux_socket(mediaserver); allow mediaserver self:socket create_socket_perms; allow mediaserver { firmware_camera }:file r_file_perms; allow mediaserver firmware_camera:dir r_dir_perms; allow mediaserver camera_data_file:file rw_file_perms; allow mediaserver volume_data_file:file create_file_perms; allow mediaserver volume_data_file:dir create_dir_perms; +allow mediaserver mfc_device:chr_file rw_file_perms; +allow mediaserver system_data_file:file { write open };
\ No newline at end of file diff --git a/selinux/netd.te b/selinux/netd.te new file mode 100644 index 0000000..d1c2662 --- /dev/null +++ b/selinux/netd.te @@ -0,0 +1 @@ +allow netd init:tcp_socket { read write };
\ No newline at end of file |