diff options
Diffstat (limited to 'selinux')
| -rw-r--r-- | selinux/device.te | 5 | ||||
| -rw-r--r-- | selinux/file.te | 2 | ||||
| -rw-r--r-- | selinux/file_contexts | 4 | ||||
| -rw-r--r-- | selinux/init.te | 6 | ||||
| -rw-r--r-- | selinux/netd.te | 4 | ||||
| -rwxr-xr-x | selinux/rild.te | 6 | ||||
| -rw-r--r-- | selinux/system_server.te | 2 | ||||
| -rw-r--r-- | selinux/untrusted_app.te | 2 |
8 files changed, 24 insertions, 7 deletions
diff --git a/selinux/device.te b/selinux/device.te index 087a624..d3b63c0 100644 --- a/selinux/device.te +++ b/selinux/device.te @@ -5,4 +5,7 @@ type diagnostic_device, dev_type; type efs_block_device, dev_type; #device type for smd device nodes, ie /dev/smd* -type smd_device, dev_type;
\ No newline at end of file +type smd_device, dev_type; + +# RIL /dev/umts_* +type ril_device, dev_type; diff --git a/selinux/file.te b/selinux/file.te index 185b1c2..4e005df 100644 --- a/selinux/file.te +++ b/selinux/file.te @@ -1,8 +1,6 @@ type radio_efs_file, fs_type; - type firmware_mfc, file_type; type firmware_camera, file_type; - type qmuxd_socket, file_type; type kickstart_data_file, file_type, data_file_type; type sensors_data_file, file_type, data_file_type; diff --git a/selinux/file_contexts b/selinux/file_contexts index fe80da5..e733c9e 100644 --- a/selinux/file_contexts +++ b/selinux/file_contexts @@ -11,6 +11,10 @@ /dev/ttyUSB0 u:object_r:radio_device:s0 /dev/diag u:object_r:diagnostic_device:s0 +/dev/umts_boot0 u:object_r:ril_device:s0 +/dev/umts_ipc0 u:object_r:ril_device:s0 +/dev/umts_rfs0 u:object_r:ril_device:s0 + # GPS /dev/ttySAC1 u:object_r:gps_device:s0 diff --git a/selinux/init.te b/selinux/init.te index 27935d9..37c38ef 100644 --- a/selinux/init.te +++ b/selinux/init.te @@ -1,5 +1,5 @@ allow init wpa_socket:unix_dgram_socket { bind create }; allow init init:process { execmem }; -allow init init:tcp_socket { create }; - - +allow init init:tcp_socket { read write create }; +allow init port:tcp_socket name_connect; +allow init self:tcp_socket { read write getopt connect }; diff --git a/selinux/netd.te b/selinux/netd.te index d1c2662..0983293 100644 --- a/selinux/netd.te +++ b/selinux/netd.te @@ -1 +1,3 @@ -allow netd init:tcp_socket { read write };
\ No newline at end of file +allow netd init:tcp_socket { read write getopt setopt }; +allow netd kernel:system module_request; +allow netd unlabeled:file { read getattr open }; diff --git a/selinux/rild.te b/selinux/rild.te index 3b0595d..51d3f53 100755 --- a/selinux/rild.te +++ b/selinux/rild.te @@ -13,3 +13,9 @@ allow rild diagnostic_device:chr_file rw_file_perms; # XXX label with own type? allow rild sysfs:file { read open write getattr }; + +allow rild ril_device:chr_file { read write ioctl open }; +allow rild radio_data_file:dir setattr; +allow rild self:capability dac_override; +allow rild unlabeled:dir search; +allow rild unlabeled:file { read getattr open setattr }; diff --git a/selinux/system_server.te b/selinux/system_server.te new file mode 100644 index 0000000..f017b31 --- /dev/null +++ b/selinux/system_server.te @@ -0,0 +1,2 @@ +allow system_server efs_file:dir search; +allow system_server default_prop:property_service set; diff --git a/selinux/untrusted_app.te b/selinux/untrusted_app.te new file mode 100644 index 0000000..c81150b --- /dev/null +++ b/selinux/untrusted_app.te @@ -0,0 +1,2 @@ +allow untrusted_app unlabeled:file getattr; +allow untrusted_app efs_file:dir getattr; |