From 3f7af15c43750e5fd5ee64b1860025ef27c7a4ff Mon Sep 17 00:00:00 2001
From: sbrissen <sbrissen@hotmail.com>
Date: Mon, 9 Mar 2015 09:35:25 -0400
Subject: kona: selinux changes

Change-Id: Ida50e4b75295e9a284c3ec1774658cd4f307aed6
---
 selinux/init.te    | 2 ++
 selinux/rild.te    | 1 +
 selinux/sysinit.te | 7 +++++++
 3 files changed, 10 insertions(+)
 create mode 100755 selinux/sysinit.te

(limited to 'selinux')

diff --git a/selinux/init.te b/selinux/init.te
index 2f29889..27935d9 100644
--- a/selinux/init.te
+++ b/selinux/init.te
@@ -1,3 +1,5 @@
 allow init wpa_socket:unix_dgram_socket { bind create };
+allow init init:process { execmem };
+allow init init:tcp_socket { create };
 
 
diff --git a/selinux/rild.te b/selinux/rild.te
index 04209b0..3b0595d 100755
--- a/selinux/rild.te
+++ b/selinux/rild.te
@@ -3,6 +3,7 @@ allow rild radio_device:chr_file rw_file_perms;
 allow rild { efs_file }:file rw_file_perms;
 allow rild self:netlink_socket { create bind read write };
 allow rild self:netlink_route_socket { write };
+allow rild rild:process { execmem };
 
 # Talk to qmuxd
 qmux_socket(rild)
diff --git a/selinux/sysinit.te b/selinux/sysinit.te
new file mode 100755
index 0000000..96a4719
--- /dev/null
+++ b/selinux/sysinit.te
@@ -0,0 +1,7 @@
+#allow sysinit mmc_block_device:file read;
+allow sysinit firmware_camera:dir { read search open getattr };
+allow sysinit userinit_exec:file { getattr execute execute_no_trans read open };
+allow sysinit firmware_camera:dir { read search open getattr write remove_name add_name };
+allow sysinit firmware_camera:file { read open write getattr setattr create unlink };
+allow sysinit sysinit:capability { dac_override chown fowner fsetid };
+allow sysinit unlabeled:dir { search };
-- 
cgit v1.1