smdk4412-common: add macloader and tinyplay sepolicy [1/2]

Change-Id: I1dcc6f97ba7f6d95ed92770d5f38d03b4e3b3d57

4 files changed, 24 insertions, 0 deletions

diff --git a/BoardCommonConfig.mk b/BoardCommonConfig.mk
index 41692b6..d257b34 100755
--- a/BoardCommonConfig.mk
+++ b/BoardCommonConfig.mk
@@ -150,6 +150,9 @@ BOARD_HAS_LARGE_FILESYSTEM := true
 BOARD_HAS_NO_MISC_PARTITION := true
 BOARD_HAS_NO_SELECT_BUTTON := true
 
+# SELinux
+BOARD_SEPOLICY_DIRS += device/samsung/smdk4412-common/selinux
+
 # Charging mode
 BOARD_CHARGING_MODE_BOOTING_LPM := /sys/class/power_supply/battery/batt_lp_charging
 BOARD_BATTERY_DEVICE_NAME := "battery"
diff --git a/selinux/file_contexts b/selinux/file_contexts
new file mode 100644
index 0000000..30f284f
--- /dev/null
+++ b/selinux/file_contexts
@@ -0,0 +1,2 @@
+/system/bin/macloader                   u:object_r:macloader_exec:s0
+/system/bin/tinyplay                    u:object_r:tinyplay_exec:s0
diff --git a/selinux/macloader.te b/selinux/macloader.te
new file mode 100644
index 0000000..a3eb4a2
--- /dev/null
+++ b/selinux/macloader.te
@@ -0,0 +1,11 @@
+type macloader, domain;
+type macloader_exec, exec_type, file_type;
+init_daemon_domain(macloader);
+
+allow macloader efs_file:dir search;
+allow macloader efs_device_file:dir search;
+allow macloader wifi_data_file:file { read getattr open write setattr };
+allow macloader self:capability { dac_override chown fowner fsetid };
+allow macloader system_data_file:dir w_dir_perms;
+
+domain_trans(init, rootfs, macloader)
diff --git a/selinux/tinyplay.te b/selinux/tinyplay.te
new file mode 100644
index 0000000..49a5f37
--- /dev/null
+++ b/selinux/tinyplay.te
@@ -0,0 +1,8 @@
+type tinyplay, domain;
+type tinyplay_exec, exec_type, file_type;
+init_daemon_domain(tinyplay)
+
+allow tinyplay audio_device:chr_file { open read write ioctl };
+allow tinyplay audio_device:dir search;
+
+domain_trans(init, rootfs, tinyplay)