summaryrefslogtreecommitdiffstats
path: root/sepolicy
diff options
context:
space:
mode:
authorTrulan Martin <trulanm@gmail.com>2016-07-10 08:00:03 -0400
committerDániel Járai <jaraidaniel@gmail.com>2016-07-20 10:29:16 -0700
commit6a6555ae303513bdaffd47bd8611654a35e9dffc (patch)
tree88f951e227191ac5138019fd3da4b77528f545db /sepolicy
parentaedd90bf67c7da7b91442fc0942fe13743ee1509 (diff)
downloaddevice_samsung_tuna-6a6555ae303513bdaffd47bd8611654a35e9dffc.zip
device_samsung_tuna-6a6555ae303513bdaffd47bd8611654a35e9dffc.tar.gz
device_samsung_tuna-6a6555ae303513bdaffd47bd8611654a35e9dffc.tar.bz2
sepolicy: add ioctl rules for rild
This fixes SELinux denials caused by restrictions to unix_stream_socket. Some of the rild ioctl commands may be device-specific, for toro or toroplus only. These could be moved into their respective device trees in the future. Change-Id: I82fdf498f068cc5462bd03e0da298819485d5f4c
Diffstat (limited to 'sepolicy')
-rw-r--r--sepolicy/rild.te10
1 files changed, 10 insertions, 0 deletions
diff --git a/sepolicy/rild.te b/sepolicy/rild.te
index b6013f0..0530e95 100644
--- a/sepolicy/rild.te
+++ b/sepolicy/rild.te
@@ -13,3 +13,13 @@ allow rild system_file:file { execute execmod };
# Have no idea why rild needs access to logcat,
# potentially to catch errors from some other components?
allow rild logcat_exec:file { getattr read open execute execute_no_trans };
+
+## Allow ioctl commands used by rild
+# These are needed for toro's ril. toroplus may not need 0x89a2, but needs the
+# other three. maguro may or may not need these.
+# Device-specific calls could be moved into their respective device trees
+# in the future.
+allow rild self:unix_stream_socket 0x89a0;
+allow rild self:unix_stream_socket 0x89a2;
+allow rild self:unix_stream_socket 0x89a3;
+allow rild self:unix_stream_socket 0x89f0;