diff options
author | RGIB <gibellini.roberto@gmail.com> | 2015-11-11 12:25:20 +0100 |
---|---|---|
committer | sbrissen <sbrissen@hotmail.com> | 2015-11-11 16:31:15 -0500 |
commit | 8c9baef78e9aa0c0727709537c2b46e431338826 (patch) | |
tree | 889f675d387fcf47aa27af3c6dbdd9fedf4cd210 /selinux | |
parent | c597ed167ef3e896e3db214debd80684721235ed (diff) | |
download | device_samsung_kona-common-8c9baef78e9aa0c0727709537c2b46e431338826.zip device_samsung_kona-common-8c9baef78e9aa0c0727709537c2b46e431338826.tar.gz device_samsung_kona-common-8c9baef78e9aa0c0727709537c2b46e431338826.tar.bz2 |
kona-common : update selinux 2
Change-Id: I808eaff869d3f4641cf303c2f93446a00c7b8cef
Diffstat (limited to 'selinux')
-rw-r--r-- | selinux/debuggerd.te | 1 | ||||
-rw-r--r-- | selinux/dex2oat.te | 1 | ||||
-rw-r--r-- | selinux/init.te | 5 | ||||
-rw-r--r-- | selinux/platform_app.te | 2 | ||||
-rw-r--r-- | selinux/shell.te | 3 | ||||
-rw-r--r-- | selinux/system_app.te | 4 | ||||
-rw-r--r-- | selinux/system_server.te | 4 | ||||
-rw-r--r-- | selinux/untrusted_app.te | 2 | ||||
-rw-r--r-- | selinux/wpa.te | 2 |
9 files changed, 13 insertions, 11 deletions
diff --git a/selinux/debuggerd.te b/selinux/debuggerd.te index f60e6e3..1a03fb4 100644 --- a/selinux/debuggerd.te +++ b/selinux/debuggerd.te @@ -1 +1,2 @@ allow debuggerd log_device:chr_file { read open }; +allow debuggerd log_device:dir search; diff --git a/selinux/dex2oat.te b/selinux/dex2oat.te index 52e724a..73bde71 100644 --- a/selinux/dex2oat.te +++ b/selinux/dex2oat.te @@ -1,2 +1,3 @@ allow dex2oat kernel:system module_request; allow dex2oat log_device:chr_file { write open }; +allow dex2oat log_device:dir search; diff --git a/selinux/init.te b/selinux/init.te index 62841da..aac9a68 100644 --- a/selinux/init.te +++ b/selinux/init.te @@ -4,9 +4,4 @@ allow init init:tcp_socket { read write create }; allow init port:tcp_socket name_connect; allow init self:tcp_socket { read write getopt connect }; allow init kernel:system syslog_read; -allow init kernel:system module_request; -allow init log_device:chr_file write; -allow init property_socket:sock_file write; -allow init ril_device:chr_file write; -allow init sdcardd_exec:file { read execute open getattr execute_no_trans }; allow init system_file:file execute_no_trans; diff --git a/selinux/platform_app.te b/selinux/platform_app.te index 717139a..815dfd0 100644 --- a/selinux/platform_app.te +++ b/selinux/platform_app.te @@ -1 +1,3 @@ allow platform_app log_device:chr_file write; +allow platform_app kernel:system module_request; +allow platform_app log_device:dir search; diff --git a/selinux/shell.te b/selinux/shell.te deleted file mode 100644 index aff526f..0000000 --- a/selinux/shell.te +++ /dev/null @@ -1,3 +0,0 @@ -# allow shell dalvikcache_data_file:file write; -allow shell kernel:system module_request; - diff --git a/selinux/system_app.te b/selinux/system_app.te index 8422942..ef29468 100644 --- a/selinux/system_app.te +++ b/selinux/system_app.te @@ -1,2 +1,6 @@ allow system_app log_device:chr_file write; +<<<<<<< HEAD allow system_app sysfs:file write; +======= +# allow system_app sysfs:file write; +>>>>>>> c4949ef... kona-common : update selinux 2 diff --git a/selinux/system_server.te b/selinux/system_server.te index f1456dc..c8fa3e4 100644 --- a/selinux/system_server.te +++ b/selinux/system_server.te @@ -1,5 +1,5 @@ allow system_server efs_file:dir search; # allow system_server default_prop:property_service set; -allow system_server dex2oat_exec:file { read execute open execute_no_trans }; -allow system_server log_device:chr_file { write open }; +allow system_server dex2oat_exec:file execute; +allow system_server log_device:dir search; allow system_server system_file:file execmod; diff --git a/selinux/untrusted_app.te b/selinux/untrusted_app.te index b4f8b51..369e87a 100644 --- a/selinux/untrusted_app.te +++ b/selinux/untrusted_app.te @@ -1,4 +1,4 @@ allow untrusted_app unlabeled:file getattr; allow untrusted_app efs_file:dir getattr; allow untrusted_app kernel:system module_request; -allow untrusted_app log_device:chr_file { write open }; +allow untrusted_app log_device:dir search; diff --git a/selinux/wpa.te b/selinux/wpa.te index 09bbb8f..27e1c1a 100644 --- a/selinux/wpa.te +++ b/selinux/wpa.te @@ -1 +1,3 @@ allow wpa log_device:chr_file { write open }; +allow wpa log_device:dir search; + |