diff options
| author | Ziyan <jaraidaniel@gmail.com> | 2014-12-02 00:46:15 +0100 |
|---|---|---|
| committer | Ziyan <jaraidaniel@gmail.com> | 2014-12-13 00:39:25 +0100 |
| commit | 8ebe113a54443eb8553736d361329626a9e21c17 (patch) | |
| tree | 4209c0d91968b399bb02a6c3520d5566b77564d8 /sepolicy | |
| parent | 8d27fc1a07c9b4c946431c2c408ed3394cbada02 (diff) | |
| download | device_samsung_tuna-8ebe113a54443eb8553736d361329626a9e21c17.zip device_samsung_tuna-8ebe113a54443eb8553736d361329626a9e21c17.tar.gz device_samsung_tuna-8ebe113a54443eb8553736d361329626a9e21c17.tar.bz2 | |
tuna: fix most selinux denials
Diffstat (limited to 'sepolicy')
| -rw-r--r-- | sepolicy/fRom.te | 5 | ||||
| -rw-r--r-- | sepolicy/file_contexts | 5 | ||||
| -rw-r--r-- | sepolicy/init.te | 2 | ||||
| -rw-r--r-- | sepolicy/mediaserver.te | 1 | ||||
| -rw-r--r-- | sepolicy/pvrsrvinit.te | 8 | ||||
| -rw-r--r-- | sepolicy/rild.te | 2 |
6 files changed, 23 insertions, 0 deletions
diff --git a/sepolicy/fRom.te b/sepolicy/fRom.te new file mode 100644 index 0000000..c5adba0 --- /dev/null +++ b/sepolicy/fRom.te @@ -0,0 +1,5 @@ +# fRom +type fRom, domain; +type fRom_exec, exec_type, file_type; + +init_daemon_domain(fRom) diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index e92704e..99b4a16 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -3,6 +3,7 @@ /dev/block/mmcblk0p4 u:object_r:radio_device:s0 /dev/block/mmcblk0p9 u:object_r:radio_device:s0 /dev/block/platform/omap/omap_hsmmc.0/by-name/radio u:object_r:radio_device:s0 +/dev/an30259a_leds u:object_r:video_device:s0 /dev/cdma_.* u:object_r:radio_device:s0 /dev/lte_.* u:object_r:radio_device:s0 /dev/tiler u:object_r:video_device:s0 @@ -33,3 +34,7 @@ # Accelerometer /dev/accelirq u:object_r:sensors_device:s0 + +# System binaries +/system/bin/pvrsrvinit u:object_r:pvrsrvinit_exec:s0 +/system/vendor/bin/fRom u:object_r:fRom_exec:s0 diff --git a/sepolicy/init.te b/sepolicy/init.te new file mode 100644 index 0000000..c18764f --- /dev/null +++ b/sepolicy/init.te @@ -0,0 +1,2 @@ +allow init radio_device:lnk_file relabelto; +allow init self:capability sys_module; diff --git a/sepolicy/mediaserver.te b/sepolicy/mediaserver.te new file mode 100644 index 0000000..dab508b --- /dev/null +++ b/sepolicy/mediaserver.te @@ -0,0 +1 @@ +allow mediaserver system_server:unix_stream_socket { read write }; diff --git a/sepolicy/pvrsrvinit.te b/sepolicy/pvrsrvinit.te new file mode 100644 index 0000000..8b388a0 --- /dev/null +++ b/sepolicy/pvrsrvinit.te @@ -0,0 +1,8 @@ +# pvrsrvinit +type pvrsrvinit, domain; +type pvrsrvinit_exec, exec_type, file_type; + +init_daemon_domain(pvrsrvinit) + +allow pvrsrvinit gpu_device:chr_file { read write ioctl open }; +allow pvrsrvinit self:capability sys_module; diff --git a/sepolicy/rild.te b/sepolicy/rild.te new file mode 100644 index 0000000..25381a0 --- /dev/null +++ b/sepolicy/rild.te @@ -0,0 +1,2 @@ +allow rild radio_data_file:dir setattr; +allow rild self:process execmem; |