From 0bf7364ac512f26be0373bf8810bd5c2cdc5c99d Mon Sep 17 00:00:00 2001 From: tilaksidduram Date: Mon, 21 Dec 2015 21:36:04 +0530 Subject: n7100: Bring in Selinux for M * commits picked up from the i9300 device repo and made a few changes for n7100 credits to keepcalm444 --- selinux/gpsd.te | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 selinux/gpsd.te (limited to 'selinux/gpsd.te') diff --git a/selinux/gpsd.te b/selinux/gpsd.te new file mode 100644 index 0000000..4aa2b04 --- /dev/null +++ b/selinux/gpsd.te @@ -0,0 +1,25 @@ +type gpsd, domain; +type gpsd_exec, exec_type, file_type; + +init_daemon_domain(gpsd) + +allow gpsd shell_exec:file { rx_file_perms entrypoint }; + +#for text relocs & execution +allow gpsd system_file:file { execute_no_trans execmod }; +allow gpsd gps_device:chr_file { getattr setattr }; +allow gpsd gps_data_file:dir { search write add_name remove_name }; +allow gpsd gps_data_file:file { create rw_file_perms }; +allow gpsd gps_data_file:fifo_file { unlink create setattr getattr rw_file_perms }; + +allow gpsd node:udp_socket { node_bind name_bind }; +allow gpsd port:tcp_socket name_connect; +allow gpsd self:tcp_socket { getopt write read }; + +allow gpsd sysfs:file { setattr write }; +allow gpsd gps_device:chr_file { ioctl open read write }; +allow gpsd gpsd:udp_socket { create bind }; +allow gpsd gpsd:tcp_socket { create connect }; +allow gpsd fwmarkd_socket:sock_file write; +allow gpsd dnsproxyd_socket:sock_file write; +allow gpsd netd:unix_stream_socket connectto; -- cgit v1.1 From 537a053eafb489042077d08b0a33e12ba6a27248 Mon Sep 17 00:00:00 2001 From: tilaksidduram Date: Wed, 23 Dec 2015 10:26:19 +0530 Subject: n7100: selinux fixes for gpsd --- selinux/gpsd.te | 8 -------- 1 file changed, 8 deletions(-) (limited to 'selinux/gpsd.te') diff --git a/selinux/gpsd.te b/selinux/gpsd.te index 4aa2b04..6c54563 100644 --- a/selinux/gpsd.te +++ b/selinux/gpsd.te @@ -1,15 +1,7 @@ -type gpsd, domain; -type gpsd_exec, exec_type, file_type; - -init_daemon_domain(gpsd) - -allow gpsd shell_exec:file { rx_file_perms entrypoint }; - #for text relocs & execution allow gpsd system_file:file { execute_no_trans execmod }; allow gpsd gps_device:chr_file { getattr setattr }; allow gpsd gps_data_file:dir { search write add_name remove_name }; -allow gpsd gps_data_file:file { create rw_file_perms }; allow gpsd gps_data_file:fifo_file { unlink create setattr getattr rw_file_perms }; allow gpsd node:udp_socket { node_bind name_bind }; -- cgit v1.1