diff options
| author | sbrissen <sbrissen@hotmail.com> | 2015-03-13 09:37:00 -0400 |
|---|---|---|
| committer | sbrissen <sbrissen@hotmail.com> | 2015-03-13 09:39:12 -0400 |
| commit | 77686ea73b34bed50c65750cd9b0cba0fab997f1 (patch) | |
| tree | fdd092c4ab23333a952457b1fda05588ec36330d /selinux | |
| parent | 3f7af15c43750e5fd5ee64b1860025ef27c7a4ff (diff) | |
| download | device_samsung_kona-common-77686ea73b34bed50c65750cd9b0cba0fab997f1.zip device_samsung_kona-common-77686ea73b34bed50c65750cd9b0cba0fab997f1.tar.gz device_samsung_kona-common-77686ea73b34bed50c65750cd9b0cba0fab997f1.tar.bz2 | |
kona: address more selinux denials
-fixes bluetooth and video
Change-Id: I86c7709533970eddee3647a1283ac1e12fc01437
Diffstat (limited to 'selinux')
| -rw-r--r-- | selinux/bluetooth.te | 2 | ||||
| -rw-r--r-- | selinux/device.te | 4 | ||||
| -rw-r--r-- | selinux/file_contexts | 2 | ||||
| -rw-r--r-- | selinux/mediaserver.te | 4 | ||||
| -rw-r--r-- | selinux/netd.te | 1 |
5 files changed, 12 insertions, 1 deletions
diff --git a/selinux/bluetooth.te b/selinux/bluetooth.te new file mode 100644 index 0000000..a6e68b8 --- /dev/null +++ b/selinux/bluetooth.te @@ -0,0 +1,2 @@ +allow bluetooth smd_device:chr_file { read write ioctl open }; +allow bluetooth sysfs:file { write };
\ No newline at end of file diff --git a/selinux/device.te b/selinux/device.te index c95050b..087a624 100644 --- a/selinux/device.te +++ b/selinux/device.te @@ -1,4 +1,8 @@ type mali_device, dev_type, mlstrustedobject; +type mfc_device, dev_type; type rfkill_device, dev_type; type diagnostic_device, dev_type; type efs_block_device, dev_type; + +#device type for smd device nodes, ie /dev/smd* +type smd_device, dev_type;
\ No newline at end of file diff --git a/selinux/file_contexts b/selinux/file_contexts index e0dc817..fe80da5 100644 --- a/selinux/file_contexts +++ b/selinux/file_contexts @@ -3,6 +3,8 @@ /dev/ump u:object_r:mali_device:s0 /dev/fimg2d u:object_r:mali_device:s0 +/dev/s3c-mfc u:object_r:mfc_device:s0 + # RIL /dev/mdm u:object_r:radio_device:s0 /dev/hsicctl[0-3]* u:object_r:radio_device:s0 diff --git a/selinux/mediaserver.te b/selinux/mediaserver.te index 011f7c6..d2c07f4 100644 --- a/selinux/mediaserver.te +++ b/selinux/mediaserver.te @@ -1,7 +1,9 @@ -qmux_socket(mediaserver) +qmux_socket(mediaserver); allow mediaserver self:socket create_socket_perms; allow mediaserver { firmware_camera }:file r_file_perms; allow mediaserver firmware_camera:dir r_dir_perms; allow mediaserver camera_data_file:file rw_file_perms; allow mediaserver volume_data_file:file create_file_perms; allow mediaserver volume_data_file:dir create_dir_perms; +allow mediaserver mfc_device:chr_file rw_file_perms; +allow mediaserver system_data_file:file { write open };
\ No newline at end of file diff --git a/selinux/netd.te b/selinux/netd.te new file mode 100644 index 0000000..d1c2662 --- /dev/null +++ b/selinux/netd.te @@ -0,0 +1 @@ +allow netd init:tcp_socket { read write };
\ No newline at end of file |