From 77686ea73b34bed50c65750cd9b0cba0fab997f1 Mon Sep 17 00:00:00 2001
From: sbrissen <sbrissen@hotmail.com>
Date: Fri, 13 Mar 2015 09:37:00 -0400
Subject: kona: address more selinux denials

-fixes bluetooth and video

Change-Id: I86c7709533970eddee3647a1283ac1e12fc01437
---
 selinux/bluetooth.te   | 2 ++
 selinux/device.te      | 4 ++++
 selinux/file_contexts  | 2 ++
 selinux/mediaserver.te | 4 +++-
 selinux/netd.te        | 1 +
 5 files changed, 12 insertions(+), 1 deletion(-)
 create mode 100644 selinux/bluetooth.te
 create mode 100644 selinux/netd.te

(limited to 'selinux')

diff --git a/selinux/bluetooth.te b/selinux/bluetooth.te
new file mode 100644
index 0000000..a6e68b8
--- /dev/null
+++ b/selinux/bluetooth.te
@@ -0,0 +1,2 @@
+allow bluetooth smd_device:chr_file { read write ioctl open };
+allow bluetooth sysfs:file { write };
\ No newline at end of file
diff --git a/selinux/device.te b/selinux/device.te
index c95050b..087a624 100644
--- a/selinux/device.te
+++ b/selinux/device.te
@@ -1,4 +1,8 @@
 type mali_device, dev_type, mlstrustedobject;
+type mfc_device, dev_type;
 type rfkill_device, dev_type;
 type diagnostic_device, dev_type;
 type efs_block_device, dev_type;
+
+#device type for smd device nodes, ie /dev/smd*
+type smd_device, dev_type;
\ No newline at end of file
diff --git a/selinux/file_contexts b/selinux/file_contexts
index e0dc817..fe80da5 100644
--- a/selinux/file_contexts
+++ b/selinux/file_contexts
@@ -3,6 +3,8 @@
 /dev/ump                                u:object_r:mali_device:s0
 /dev/fimg2d                             u:object_r:mali_device:s0
 
+/dev/s3c-mfc                            u:object_r:mfc_device:s0
+
 # RIL
 /dev/mdm                                u:object_r:radio_device:s0
 /dev/hsicctl[0-3]*                      u:object_r:radio_device:s0
diff --git a/selinux/mediaserver.te b/selinux/mediaserver.te
index 011f7c6..d2c07f4 100644
--- a/selinux/mediaserver.te
+++ b/selinux/mediaserver.te
@@ -1,7 +1,9 @@
-qmux_socket(mediaserver)
+qmux_socket(mediaserver);
 allow mediaserver self:socket create_socket_perms;
 allow mediaserver { firmware_camera }:file r_file_perms;
 allow mediaserver firmware_camera:dir r_dir_perms;
 allow mediaserver camera_data_file:file rw_file_perms;
 allow mediaserver volume_data_file:file create_file_perms;
 allow mediaserver volume_data_file:dir create_dir_perms;
+allow mediaserver mfc_device:chr_file rw_file_perms;
+allow mediaserver system_data_file:file { write open };
\ No newline at end of file
diff --git a/selinux/netd.te b/selinux/netd.te
new file mode 100644
index 0000000..d1c2662
--- /dev/null
+++ b/selinux/netd.te
@@ -0,0 +1 @@
+allow netd init:tcp_socket { read write };
\ No newline at end of file
-- 
cgit v1.1