From 8c9baef78e9aa0c0727709537c2b46e431338826 Mon Sep 17 00:00:00 2001 From: RGIB Date: Wed, 11 Nov 2015 12:25:20 +0100 Subject: kona-common : update selinux 2 Change-Id: I808eaff869d3f4641cf303c2f93446a00c7b8cef --- selinux/debuggerd.te | 1 + selinux/dex2oat.te | 1 + selinux/init.te | 5 ----- selinux/platform_app.te | 2 ++ selinux/shell.te | 3 --- selinux/system_app.te | 4 ++++ selinux/system_server.te | 4 ++-- selinux/untrusted_app.te | 2 +- selinux/wpa.te | 2 ++ 9 files changed, 13 insertions(+), 11 deletions(-) delete mode 100644 selinux/shell.te (limited to 'selinux') diff --git a/selinux/debuggerd.te b/selinux/debuggerd.te index f60e6e3..1a03fb4 100644 --- a/selinux/debuggerd.te +++ b/selinux/debuggerd.te @@ -1 +1,2 @@ allow debuggerd log_device:chr_file { read open }; +allow debuggerd log_device:dir search; diff --git a/selinux/dex2oat.te b/selinux/dex2oat.te index 52e724a..73bde71 100644 --- a/selinux/dex2oat.te +++ b/selinux/dex2oat.te @@ -1,2 +1,3 @@ allow dex2oat kernel:system module_request; allow dex2oat log_device:chr_file { write open }; +allow dex2oat log_device:dir search; diff --git a/selinux/init.te b/selinux/init.te index 62841da..aac9a68 100644 --- a/selinux/init.te +++ b/selinux/init.te @@ -4,9 +4,4 @@ allow init init:tcp_socket { read write create }; allow init port:tcp_socket name_connect; allow init self:tcp_socket { read write getopt connect }; allow init kernel:system syslog_read; -allow init kernel:system module_request; -allow init log_device:chr_file write; -allow init property_socket:sock_file write; -allow init ril_device:chr_file write; -allow init sdcardd_exec:file { read execute open getattr execute_no_trans }; allow init system_file:file execute_no_trans; diff --git a/selinux/platform_app.te b/selinux/platform_app.te index 717139a..815dfd0 100644 --- a/selinux/platform_app.te +++ b/selinux/platform_app.te @@ -1 +1,3 @@ allow platform_app log_device:chr_file write; +allow platform_app kernel:system module_request; +allow platform_app log_device:dir search; diff --git a/selinux/shell.te b/selinux/shell.te deleted file mode 100644 index aff526f..0000000 --- a/selinux/shell.te +++ /dev/null @@ -1,3 +0,0 @@ -# allow shell dalvikcache_data_file:file write; -allow shell kernel:system module_request; - diff --git a/selinux/system_app.te b/selinux/system_app.te index 8422942..ef29468 100644 --- a/selinux/system_app.te +++ b/selinux/system_app.te @@ -1,2 +1,6 @@ allow system_app log_device:chr_file write; +<<<<<<< HEAD allow system_app sysfs:file write; +======= +# allow system_app sysfs:file write; +>>>>>>> c4949ef... kona-common : update selinux 2 diff --git a/selinux/system_server.te b/selinux/system_server.te index f1456dc..c8fa3e4 100644 --- a/selinux/system_server.te +++ b/selinux/system_server.te @@ -1,5 +1,5 @@ allow system_server efs_file:dir search; # allow system_server default_prop:property_service set; -allow system_server dex2oat_exec:file { read execute open execute_no_trans }; -allow system_server log_device:chr_file { write open }; +allow system_server dex2oat_exec:file execute; +allow system_server log_device:dir search; allow system_server system_file:file execmod; diff --git a/selinux/untrusted_app.te b/selinux/untrusted_app.te index b4f8b51..369e87a 100644 --- a/selinux/untrusted_app.te +++ b/selinux/untrusted_app.te @@ -1,4 +1,4 @@ allow untrusted_app unlabeled:file getattr; allow untrusted_app efs_file:dir getattr; allow untrusted_app kernel:system module_request; -allow untrusted_app log_device:chr_file { write open }; +allow untrusted_app log_device:dir search; diff --git a/selinux/wpa.te b/selinux/wpa.te index 09bbb8f..27e1c1a 100644 --- a/selinux/wpa.te +++ b/selinux/wpa.te @@ -1 +1,3 @@ allow wpa log_device:chr_file { write open }; +allow wpa log_device:dir search; + -- cgit v1.1