diff options
Diffstat (limited to 'selinux')
| -rw-r--r-- | selinux/init.te | 2 | ||||
| -rwxr-xr-x | selinux/rild.te | 1 | ||||
| -rwxr-xr-x | selinux/sysinit.te | 7 |
3 files changed, 10 insertions, 0 deletions
diff --git a/selinux/init.te b/selinux/init.te index 2f29889..27935d9 100644 --- a/selinux/init.te +++ b/selinux/init.te @@ -1,3 +1,5 @@ allow init wpa_socket:unix_dgram_socket { bind create }; +allow init init:process { execmem }; +allow init init:tcp_socket { create }; diff --git a/selinux/rild.te b/selinux/rild.te index 04209b0..3b0595d 100755 --- a/selinux/rild.te +++ b/selinux/rild.te @@ -3,6 +3,7 @@ allow rild radio_device:chr_file rw_file_perms; allow rild { efs_file }:file rw_file_perms; allow rild self:netlink_socket { create bind read write }; allow rild self:netlink_route_socket { write }; +allow rild rild:process { execmem }; # Talk to qmuxd qmux_socket(rild) diff --git a/selinux/sysinit.te b/selinux/sysinit.te new file mode 100755 index 0000000..96a4719 --- /dev/null +++ b/selinux/sysinit.te @@ -0,0 +1,7 @@ +#allow sysinit mmc_block_device:file read; +allow sysinit firmware_camera:dir { read search open getattr }; +allow sysinit userinit_exec:file { getattr execute execute_no_trans read open }; +allow sysinit firmware_camera:dir { read search open getattr write remove_name add_name }; +allow sysinit firmware_camera:file { read open write getattr setattr create unlink }; +allow sysinit sysinit:capability { dac_override chown fowner fsetid }; +allow sysinit unlabeled:dir { search }; |