From 18a0f846e9b5f4e5c6592ca8d6c7bf768a8508eb Mon Sep 17 00:00:00 2001
From: RGIB <gibellini.roberto@gmail.com>
Date: Wed, 1 Jun 2016 17:02:15 +0200
Subject: kona : update selinux

Change-Id: I9705e3d989f74a2d3f0279e886a789b628ea0876
---
 selinux/at_distributor.te | 1 +
 selinux/geomagneticd.te   | 5 +++--
 selinux/gpsd.te           | 7 ++++++-
 selinux/servicemanager.te | 6 ++++++
 selinux/system_server.te  | 3 ++-
 5 files changed, 18 insertions(+), 4 deletions(-)
 create mode 100644 selinux/servicemanager.te

(limited to 'selinux')

diff --git a/selinux/at_distributor.te b/selinux/at_distributor.te
index 2a289ca..b700a33 100644
--- a/selinux/at_distributor.te
+++ b/selinux/at_distributor.te
@@ -24,3 +24,4 @@ allow at_distributor servicemanager:binder call;
 allow at_distributor shell_exec:file { read execute open };
 allow at_distributor system_file:file execute_no_trans;
 allow at_distributor zygote_exec:file { read getattr open execute execute_no_trans };
+allow at_distributor system_server:binder { transfer call };
diff --git a/selinux/geomagneticd.te b/selinux/geomagneticd.te
index de18064..755c68e 100644
--- a/selinux/geomagneticd.te
+++ b/selinux/geomagneticd.te
@@ -10,7 +10,8 @@ allow geomagneticd gps_data_file:file { read getattr open };
 allow geomagneticd sysfs:file write;
 allow geomagneticd input_device:dir search;
 allow geomagneticd gps_data_file:dir { write remove_name add_name };
-allow geomagneticd gps_data_file:file { write rename create open setattr };
+allow geomagneticd gps_data_file:file { unlink write rename create open setattr };
 allow geomagneticd self:capability dac_override;
+allow geomagneticd self:capability fowner;
 # load SHIM libraries
-allow init geomagneticd:process noatsecure;
\ No newline at end of file
+allow init geomagneticd:process noatsecure;
diff --git a/selinux/gpsd.te b/selinux/gpsd.te
index 3022b98..c17b21e 100644
--- a/selinux/gpsd.te
+++ b/selinux/gpsd.te
@@ -3,5 +3,10 @@ domain_trans(init, rootfs, gpsd)
 allow gpsd rild:unix_stream_socket connectto;
 allow gpsd sysfs_wake_lock:file { read write open };
 allow gpsd gps_device:chr_file { read write ioctl open };
+allow gpsd servicemanager:binder call;
+allow gpsd cache_file:dir { write add_name };
+allow gpsd cache_file:fifo_file { unlink open create read getattr };
+allow gpsd cache_file:dir remove_name;
+allow gpsd system_server:binder call;
 # load SHIM libraries
-allow init gpsd:process noatsecure;
\ No newline at end of file
+allow init gpsd:process noatsecure;
diff --git a/selinux/servicemanager.te b/selinux/servicemanager.te
new file mode 100644
index 0000000..8d1d17e
--- /dev/null
+++ b/selinux/servicemanager.te
@@ -0,0 +1,6 @@
+allow servicemanager gpsd:dir search;
+allow servicemanager at_distributor:dir search;
+allow servicemanager at_distributor:file { read open };
+allow servicemanager at_distributor:process getattr;
+allow servicemanager gpsd:file { read open };
+allow servicemanager gpsd:process getattr;
diff --git a/selinux/system_server.te b/selinux/system_server.te
index 8f30fdc..cc0fbc4 100644
--- a/selinux/system_server.te
+++ b/selinux/system_server.te
@@ -3,4 +3,5 @@ allow system_server self:capability sys_module;
 allow system_server efs_file:dir search;
 allow system_server efs_file:file { read write open };
 allow system_server gps_data_file:file setattr;
-allow system_server gps_data_file:dir { search write add_name };
\ No newline at end of file
+allow system_server gps_data_file:dir { search write add_name };
+allow system_server at_distributor:binder call;
-- 
cgit v1.1