aboutsummaryrefslogtreecommitdiffstats
path: root/selinux
diff options
context:
space:
mode:
Diffstat (limited to 'selinux')
-rw-r--r--selinux/debuggerd.te1
-rw-r--r--selinux/dex2oat.te1
-rw-r--r--selinux/init.te5
-rw-r--r--selinux/platform_app.te2
-rw-r--r--selinux/shell.te3
-rw-r--r--selinux/system_app.te4
-rw-r--r--selinux/system_server.te4
-rw-r--r--selinux/untrusted_app.te2
-rw-r--r--selinux/wpa.te2
9 files changed, 13 insertions, 11 deletions
diff --git a/selinux/debuggerd.te b/selinux/debuggerd.te
index f60e6e3..1a03fb4 100644
--- a/selinux/debuggerd.te
+++ b/selinux/debuggerd.te
@@ -1 +1,2 @@
allow debuggerd log_device:chr_file { read open };
+allow debuggerd log_device:dir search;
diff --git a/selinux/dex2oat.te b/selinux/dex2oat.te
index 52e724a..73bde71 100644
--- a/selinux/dex2oat.te
+++ b/selinux/dex2oat.te
@@ -1,2 +1,3 @@
allow dex2oat kernel:system module_request;
allow dex2oat log_device:chr_file { write open };
+allow dex2oat log_device:dir search;
diff --git a/selinux/init.te b/selinux/init.te
index 62841da..aac9a68 100644
--- a/selinux/init.te
+++ b/selinux/init.te
@@ -4,9 +4,4 @@ allow init init:tcp_socket { read write create };
allow init port:tcp_socket name_connect;
allow init self:tcp_socket { read write getopt connect };
allow init kernel:system syslog_read;
-allow init kernel:system module_request;
-allow init log_device:chr_file write;
-allow init property_socket:sock_file write;
-allow init ril_device:chr_file write;
-allow init sdcardd_exec:file { read execute open getattr execute_no_trans };
allow init system_file:file execute_no_trans;
diff --git a/selinux/platform_app.te b/selinux/platform_app.te
index 717139a..815dfd0 100644
--- a/selinux/platform_app.te
+++ b/selinux/platform_app.te
@@ -1 +1,3 @@
allow platform_app log_device:chr_file write;
+allow platform_app kernel:system module_request;
+allow platform_app log_device:dir search;
diff --git a/selinux/shell.te b/selinux/shell.te
deleted file mode 100644
index aff526f..0000000
--- a/selinux/shell.te
+++ /dev/null
@@ -1,3 +0,0 @@
-# allow shell dalvikcache_data_file:file write;
-allow shell kernel:system module_request;
-
diff --git a/selinux/system_app.te b/selinux/system_app.te
index 8422942..ef29468 100644
--- a/selinux/system_app.te
+++ b/selinux/system_app.te
@@ -1,2 +1,6 @@
allow system_app log_device:chr_file write;
+<<<<<<< HEAD
allow system_app sysfs:file write;
+=======
+# allow system_app sysfs:file write;
+>>>>>>> c4949ef... kona-common : update selinux 2
diff --git a/selinux/system_server.te b/selinux/system_server.te
index f1456dc..c8fa3e4 100644
--- a/selinux/system_server.te
+++ b/selinux/system_server.te
@@ -1,5 +1,5 @@
allow system_server efs_file:dir search;
# allow system_server default_prop:property_service set;
-allow system_server dex2oat_exec:file { read execute open execute_no_trans };
-allow system_server log_device:chr_file { write open };
+allow system_server dex2oat_exec:file execute;
+allow system_server log_device:dir search;
allow system_server system_file:file execmod;
diff --git a/selinux/untrusted_app.te b/selinux/untrusted_app.te
index b4f8b51..369e87a 100644
--- a/selinux/untrusted_app.te
+++ b/selinux/untrusted_app.te
@@ -1,4 +1,4 @@
allow untrusted_app unlabeled:file getattr;
allow untrusted_app efs_file:dir getattr;
allow untrusted_app kernel:system module_request;
-allow untrusted_app log_device:chr_file { write open };
+allow untrusted_app log_device:dir search;
diff --git a/selinux/wpa.te b/selinux/wpa.te
index 09bbb8f..27e1c1a 100644
--- a/selinux/wpa.te
+++ b/selinux/wpa.te
@@ -1 +1,3 @@
allow wpa log_device:chr_file { write open };
+allow wpa log_device:dir search;
+