diff options
| author | RGIB <gibellini.roberto@gmail.com> | 2016-06-01 17:02:15 +0200 |
|---|---|---|
| committer | RGIB <gibellini.roberto@gmail.com> | 2016-06-01 17:02:15 +0200 |
| commit | 18a0f846e9b5f4e5c6592ca8d6c7bf768a8508eb (patch) | |
| tree | 49d98ad4602ee2c29f9a3ae65313cf8982dfba5a /selinux | |
| parent | 5c09772000d947042b77d85bda8af2a8939defd0 (diff) | |
| download | device_samsung_kona-common-18a0f846e9b5f4e5c6592ca8d6c7bf768a8508eb.zip device_samsung_kona-common-18a0f846e9b5f4e5c6592ca8d6c7bf768a8508eb.tar.gz device_samsung_kona-common-18a0f846e9b5f4e5c6592ca8d6c7bf768a8508eb.tar.bz2 | |
kona : update selinux
Change-Id: I9705e3d989f74a2d3f0279e886a789b628ea0876
Diffstat (limited to 'selinux')
| -rw-r--r-- | selinux/at_distributor.te | 1 | ||||
| -rw-r--r-- | selinux/geomagneticd.te | 5 | ||||
| -rw-r--r-- | selinux/gpsd.te | 7 | ||||
| -rw-r--r-- | selinux/servicemanager.te | 6 | ||||
| -rw-r--r-- | selinux/system_server.te | 3 |
5 files changed, 18 insertions, 4 deletions
diff --git a/selinux/at_distributor.te b/selinux/at_distributor.te index 2a289ca..b700a33 100644 --- a/selinux/at_distributor.te +++ b/selinux/at_distributor.te @@ -24,3 +24,4 @@ allow at_distributor servicemanager:binder call; allow at_distributor shell_exec:file { read execute open }; allow at_distributor system_file:file execute_no_trans; allow at_distributor zygote_exec:file { read getattr open execute execute_no_trans }; +allow at_distributor system_server:binder { transfer call }; diff --git a/selinux/geomagneticd.te b/selinux/geomagneticd.te index de18064..755c68e 100644 --- a/selinux/geomagneticd.te +++ b/selinux/geomagneticd.te @@ -10,7 +10,8 @@ allow geomagneticd gps_data_file:file { read getattr open }; allow geomagneticd sysfs:file write; allow geomagneticd input_device:dir search; allow geomagneticd gps_data_file:dir { write remove_name add_name }; -allow geomagneticd gps_data_file:file { write rename create open setattr }; +allow geomagneticd gps_data_file:file { unlink write rename create open setattr }; allow geomagneticd self:capability dac_override; +allow geomagneticd self:capability fowner; # load SHIM libraries -allow init geomagneticd:process noatsecure;
\ No newline at end of file +allow init geomagneticd:process noatsecure; diff --git a/selinux/gpsd.te b/selinux/gpsd.te index 3022b98..c17b21e 100644 --- a/selinux/gpsd.te +++ b/selinux/gpsd.te @@ -3,5 +3,10 @@ domain_trans(init, rootfs, gpsd) allow gpsd rild:unix_stream_socket connectto; allow gpsd sysfs_wake_lock:file { read write open }; allow gpsd gps_device:chr_file { read write ioctl open }; +allow gpsd servicemanager:binder call; +allow gpsd cache_file:dir { write add_name }; +allow gpsd cache_file:fifo_file { unlink open create read getattr }; +allow gpsd cache_file:dir remove_name; +allow gpsd system_server:binder call; # load SHIM libraries -allow init gpsd:process noatsecure;
\ No newline at end of file +allow init gpsd:process noatsecure; diff --git a/selinux/servicemanager.te b/selinux/servicemanager.te new file mode 100644 index 0000000..8d1d17e --- /dev/null +++ b/selinux/servicemanager.te @@ -0,0 +1,6 @@ +allow servicemanager gpsd:dir search; +allow servicemanager at_distributor:dir search; +allow servicemanager at_distributor:file { read open }; +allow servicemanager at_distributor:process getattr; +allow servicemanager gpsd:file { read open }; +allow servicemanager gpsd:process getattr; diff --git a/selinux/system_server.te b/selinux/system_server.te index 8f30fdc..cc0fbc4 100644 --- a/selinux/system_server.te +++ b/selinux/system_server.te @@ -3,4 +3,5 @@ allow system_server self:capability sys_module; allow system_server efs_file:dir search; allow system_server efs_file:file { read write open }; allow system_server gps_data_file:file setattr; -allow system_server gps_data_file:dir { search write add_name };
\ No newline at end of file +allow system_server gps_data_file:dir { search write add_name }; +allow system_server at_distributor:binder call; |