diff options
| -rw-r--r-- | BoardConfigCommon.mk | 1 | ||||
| -rw-r--r-- | selinux/init.te | 1 | ||||
| -rwxr-xr-x | selinux/rild.te | 4 | ||||
| -rw-r--r-- | selinux/shell.te | 1 |
4 files changed, 7 insertions, 0 deletions
diff --git a/BoardConfigCommon.mk b/BoardConfigCommon.mk index 908fe49..024a8fb 100644 --- a/BoardConfigCommon.mk +++ b/BoardConfigCommon.mk @@ -60,6 +60,7 @@ BOARD_SEPOLICY_UNION += \ qmux.te \ rild.te \ secril.te \ + shell.te \ sysinit.te \ system.te \ ueventd.te \ diff --git a/selinux/init.te b/selinux/init.te index 37c38ef..5b87e48 100644 --- a/selinux/init.te +++ b/selinux/init.te @@ -3,3 +3,4 @@ allow init init:process { execmem }; allow init init:tcp_socket { read write create }; allow init port:tcp_socket name_connect; allow init self:tcp_socket { read write getopt connect }; +allow init kernel:system syslog_read; diff --git a/selinux/rild.te b/selinux/rild.te index 51d3f53..f88bea5 100755 --- a/selinux/rild.te +++ b/selinux/rild.te @@ -19,3 +19,7 @@ allow rild radio_data_file:dir setattr; allow rild self:capability dac_override; allow rild unlabeled:dir search; allow rild unlabeled:file { read getattr open setattr }; + +allow rild dumpstate_exec:file getattr; +allow rild system_data_file:dir write; +allow rild unlabeled:file write; diff --git a/selinux/shell.te b/selinux/shell.te new file mode 100644 index 0000000..f528d9c --- /dev/null +++ b/selinux/shell.te @@ -0,0 +1 @@ +allow shell dalvikcache_data_file:file write; |