From 8ebe113a54443eb8553736d361329626a9e21c17 Mon Sep 17 00:00:00 2001
From: Ziyan <jaraidaniel@gmail.com>
Date: Tue, 2 Dec 2014 00:46:15 +0100
Subject: tuna: fix most selinux denials

---
 sepolicy/fRom.te        | 5 +++++
 sepolicy/file_contexts  | 5 +++++
 sepolicy/init.te        | 2 ++
 sepolicy/mediaserver.te | 1 +
 sepolicy/pvrsrvinit.te  | 8 ++++++++
 sepolicy/rild.te        | 2 ++
 6 files changed, 23 insertions(+)
 create mode 100644 sepolicy/fRom.te
 create mode 100644 sepolicy/init.te
 create mode 100644 sepolicy/mediaserver.te
 create mode 100644 sepolicy/pvrsrvinit.te
 create mode 100644 sepolicy/rild.te

(limited to 'sepolicy')

diff --git a/sepolicy/fRom.te b/sepolicy/fRom.te
new file mode 100644
index 0000000..c5adba0
--- /dev/null
+++ b/sepolicy/fRom.te
@@ -0,0 +1,5 @@
+# fRom
+type fRom, domain;
+type fRom_exec, exec_type, file_type;
+
+init_daemon_domain(fRom)
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index e92704e..99b4a16 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -3,6 +3,7 @@
 /dev/block/mmcblk0p4            u:object_r:radio_device:s0
 /dev/block/mmcblk0p9            u:object_r:radio_device:s0
 /dev/block/platform/omap/omap_hsmmc.0/by-name/radio     u:object_r:radio_device:s0
+/dev/an30259a_leds              u:object_r:video_device:s0
 /dev/cdma_.*                    u:object_r:radio_device:s0
 /dev/lte_.*                     u:object_r:radio_device:s0
 /dev/tiler                      u:object_r:video_device:s0
@@ -33,3 +34,7 @@
 
 # Accelerometer
 /dev/accelirq                   u:object_r:sensors_device:s0
+
+# System binaries
+/system/bin/pvrsrvinit u:object_r:pvrsrvinit_exec:s0
+/system/vendor/bin/fRom u:object_r:fRom_exec:s0
diff --git a/sepolicy/init.te b/sepolicy/init.te
new file mode 100644
index 0000000..c18764f
--- /dev/null
+++ b/sepolicy/init.te
@@ -0,0 +1,2 @@
+allow init radio_device:lnk_file relabelto;
+allow init self:capability sys_module;
diff --git a/sepolicy/mediaserver.te b/sepolicy/mediaserver.te
new file mode 100644
index 0000000..dab508b
--- /dev/null
+++ b/sepolicy/mediaserver.te
@@ -0,0 +1 @@
+allow mediaserver system_server:unix_stream_socket { read write };
diff --git a/sepolicy/pvrsrvinit.te b/sepolicy/pvrsrvinit.te
new file mode 100644
index 0000000..8b388a0
--- /dev/null
+++ b/sepolicy/pvrsrvinit.te
@@ -0,0 +1,8 @@
+# pvrsrvinit
+type pvrsrvinit, domain;
+type pvrsrvinit_exec, exec_type, file_type;
+
+init_daemon_domain(pvrsrvinit)
+
+allow pvrsrvinit gpu_device:chr_file { read write ioctl open };
+allow pvrsrvinit self:capability sys_module;
diff --git a/sepolicy/rild.te b/sepolicy/rild.te
new file mode 100644
index 0000000..25381a0
--- /dev/null
+++ b/sepolicy/rild.te
@@ -0,0 +1,2 @@
+allow rild radio_data_file:dir setattr;
+allow rild self:process execmem;
-- 
cgit v1.1