diff options
| -rw-r--r-- | BoardConfigCommon.mk | 1 | ||||
| -rw-r--r-- | selinux/init.te | 2 | ||||
| -rwxr-xr-x | selinux/rild.te | 1 | ||||
| -rwxr-xr-x | selinux/sysinit.te | 7 |
4 files changed, 11 insertions, 0 deletions
diff --git a/BoardConfigCommon.mk b/BoardConfigCommon.mk index bb2d9ef..cba82a0 100644 --- a/BoardConfigCommon.mk +++ b/BoardConfigCommon.mk @@ -58,6 +58,7 @@ BOARD_SEPOLICY_UNION += \ qmux.te \ rild.te \ secril.te \ + sysinit.te \ system.te \ ueventd.te \ wpa_supplicant.te diff --git a/selinux/init.te b/selinux/init.te index 2f29889..27935d9 100644 --- a/selinux/init.te +++ b/selinux/init.te @@ -1,3 +1,5 @@ allow init wpa_socket:unix_dgram_socket { bind create }; +allow init init:process { execmem }; +allow init init:tcp_socket { create }; diff --git a/selinux/rild.te b/selinux/rild.te index 04209b0..3b0595d 100755 --- a/selinux/rild.te +++ b/selinux/rild.te @@ -3,6 +3,7 @@ allow rild radio_device:chr_file rw_file_perms; allow rild { efs_file }:file rw_file_perms; allow rild self:netlink_socket { create bind read write }; allow rild self:netlink_route_socket { write }; +allow rild rild:process { execmem }; # Talk to qmuxd qmux_socket(rild) diff --git a/selinux/sysinit.te b/selinux/sysinit.te new file mode 100755 index 0000000..96a4719 --- /dev/null +++ b/selinux/sysinit.te @@ -0,0 +1,7 @@ +#allow sysinit mmc_block_device:file read; +allow sysinit firmware_camera:dir { read search open getattr }; +allow sysinit userinit_exec:file { getattr execute execute_no_trans read open }; +allow sysinit firmware_camera:dir { read search open getattr write remove_name add_name }; +allow sysinit firmware_camera:file { read open write getattr setattr create unlink }; +allow sysinit sysinit:capability { dac_override chown fowner fsetid }; +allow sysinit unlabeled:dir { search }; |