kona: selinux changes

Change-Id: Ida50e4b75295e9a284c3ec1774658cd4f307aed6

3 files changed, 10 insertions, 0 deletions

diff --git a/selinux/init.te b/selinux/init.te
index 2f29889..27935d9 100644
--- a/selinux/init.te
+++ b/selinux/init.te
@@ -1,3 +1,5 @@
 allow init wpa_socket:unix_dgram_socket { bind create };
+allow init init:process { execmem };
+allow init init:tcp_socket { create };
 
 
diff --git a/selinux/rild.te b/selinux/rild.te
index 04209b0..3b0595d 100755
--- a/selinux/rild.te
+++ b/selinux/rild.te
@@ -3,6 +3,7 @@ allow rild radio_device:chr_file rw_file_perms;
 allow rild { efs_file }:file rw_file_perms;
 allow rild self:netlink_socket { create bind read write };
 allow rild self:netlink_route_socket { write };
+allow rild rild:process { execmem };
 
 # Talk to qmuxd
 qmux_socket(rild)
diff --git a/selinux/sysinit.te b/selinux/sysinit.te
new file mode 100755
index 0000000..96a4719
--- /dev/null
+++ b/selinux/sysinit.te
@@ -0,0 +1,7 @@
+#allow sysinit mmc_block_device:file read;
+allow sysinit firmware_camera:dir { read search open getattr };
+allow sysinit userinit_exec:file { getattr execute execute_no_trans read open };
+allow sysinit firmware_camera:dir { read search open getattr write remove_name add_name };
+allow sysinit firmware_camera:file { read open write getattr setattr create unlink };
+allow sysinit sysinit:capability { dac_override chown fowner fsetid };
+allow sysinit unlabeled:dir { search };