From 3097f42bb33999120e394f644917899f2f8935cc Mon Sep 17 00:00:00 2001
From: Ziyan <jaraidaniel@gmail.com>
Date: Thu, 6 Aug 2015 00:03:28 +0200
Subject: tuna: update SELinux policies

Change-Id: I0509465046ae5b22f4ab1e857db0645075d66628
---
 sepolicy/bluetooth.te   |  2 ++
 sepolicy/dumpdcc.te     | 10 ++++++++++
 sepolicy/fRom.te        |  5 -----
 sepolicy/file_contexts  |  5 +++--
 sepolicy/init.te        |  1 +
 sepolicy/mediaserver.te |  1 +
 sepolicy/rild.te        |  6 +++++-
 7 files changed, 22 insertions(+), 8 deletions(-)
 create mode 100644 sepolicy/bluetooth.te
 create mode 100644 sepolicy/dumpdcc.te
 delete mode 100644 sepolicy/fRom.te

(limited to 'sepolicy')

diff --git a/sepolicy/bluetooth.te b/sepolicy/bluetooth.te
new file mode 100644
index 0000000..1493bf9
--- /dev/null
+++ b/sepolicy/bluetooth.te
@@ -0,0 +1,2 @@
+# bluetooth
+allow bluetooth sysfs:file { write read };
diff --git a/sepolicy/dumpdcc.te b/sepolicy/dumpdcc.te
new file mode 100644
index 0000000..abe4a69
--- /dev/null
+++ b/sepolicy/dumpdcc.te
@@ -0,0 +1,10 @@
+# dumpdcc
+type dumpdcc, domain;
+type dumpdcc_exec, exec_type, file_type;
+
+init_daemon_domain(dumpdcc)
+allow dumpdcc camera_device:chr_file { read write open ioctl };
+allow dumpdcc mtd_device:chr_file {read open };
+allow dumpdcc mtd_device:dir search;
+allow dumpdcc camera_data_file:dir { write add_name search };
+allow dumpdcc camera_data_file:file { create write open };
diff --git a/sepolicy/fRom.te b/sepolicy/fRom.te
deleted file mode 100644
index c5adba0..0000000
--- a/sepolicy/fRom.te
+++ /dev/null
@@ -1,5 +0,0 @@
-# fRom
-type fRom, domain;
-type fRom_exec, exec_type, file_type;
-
-init_daemon_domain(fRom)
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 99b4a16..8f33998 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -16,6 +16,7 @@
 /dev/umts_ipc0                  u:object_r:radio_device:s0
 /dev/umts_ramdump0              u:object_r:radio_device:s0
 /dev/umts_rfs0                  u:object_r:radio_device:s0
+/dev/i2c-2			u:object_r:camera_device:s0
 /factory(/.*)?                  u:object_r:efs_file:s0
 /factory/bluetooth(/.*)?        u:object_r:bluetooth_efs_file:s0
 /factory/nv_data.bin.*          u:object_r:radio_data_file:s0
@@ -36,5 +37,5 @@
 /dev/accelirq                   u:object_r:sensors_device:s0
 
 # System binaries
-/system/bin/pvrsrvinit u:object_r:pvrsrvinit_exec:s0
-/system/vendor/bin/fRom u:object_r:fRom_exec:s0
+/system/bin/pvrsrvinit 		u:object_r:pvrsrvinit_exec:s0
+/system/bin/dumpdcc		u:object_r:dumpdcc_exec:s0
diff --git a/sepolicy/init.te b/sepolicy/init.te
index c18764f..5684f92 100644
--- a/sepolicy/init.te
+++ b/sepolicy/init.te
@@ -1,2 +1,3 @@
+# init
 allow init radio_device:lnk_file relabelto;
 allow init self:capability sys_module;
diff --git a/sepolicy/mediaserver.te b/sepolicy/mediaserver.te
index dab508b..007fdc4 100644
--- a/sepolicy/mediaserver.te
+++ b/sepolicy/mediaserver.te
@@ -1 +1,2 @@
+# mediaserver
 allow mediaserver system_server:unix_stream_socket { read write };
diff --git a/sepolicy/rild.te b/sepolicy/rild.te
index 25381a0..975a054 100644
--- a/sepolicy/rild.te
+++ b/sepolicy/rild.te
@@ -1,2 +1,6 @@
-allow rild radio_data_file:dir setattr;
+# rild
+allow rild radio_data_file:dir { r_dir_perms setattr };
+allow rild system_data_file:dir create_dir_perms;
+allow rild system_data_file:file create_file_perms;
 allow rild self:process execmem;
+allow rild block_device:dir search;
-- 
cgit v1.1