diff options
| author | Ziyan <jaraidaniel@gmail.com> | 2016-01-24 21:13:51 +0100 |
|---|---|---|
| committer | Michael Gernoth <michael@gernoth.net> | 2016-01-26 21:05:47 +0100 |
| commit | f3f76788de70e73851fcfc59f9a5894311320822 (patch) | |
| tree | d4c5e51f630ebf9b0d3f0c51999d8046ada59993 | |
| parent | 17b183085b9321f0dbdf48b5a73f6f32559ddb46 (diff) | |
| download | hardware_ti_omap4-f3f76788de70e73851fcfc59f9a5894311320822.zip hardware_ti_omap4-f3f76788de70e73851fcfc59f9a5894311320822.tar.gz hardware_ti_omap4-f3f76788de70e73851fcfc59f9a5894311320822.tar.bz2 | |
Add common sepolicy
Change-Id: Id08f4e07439763f6d5069dfbb82fab15648fd80e
| -rw-r--r-- | BoardConfigCommon.mk | 4 | ||||
| -rw-r--r-- | sepolicy/file.te | 2 | ||||
| -rw-r--r-- | sepolicy/file_contexts | 10 | ||||
| -rw-r--r-- | sepolicy/init.te | 2 | ||||
| -rw-r--r-- | sepolicy/pvrsrvinit.te | 8 | ||||
| -rw-r--r-- | sepolicy/system_server.te | 2 |
6 files changed, 28 insertions, 0 deletions
diff --git a/BoardConfigCommon.mk b/BoardConfigCommon.mk index a9983a6..6c6ef09 100644 --- a/BoardConfigCommon.mk +++ b/BoardConfigCommon.mk @@ -76,6 +76,10 @@ TARGET_BOOTANIMATION_PRELOAD := false TARGET_BOOTANIMATION_TEXTURE_CACHE := false TARGET_BOOTANIMATION_USE_RGB565 := true +# SELinux +BOARD_SEPOLICY_DIRS += \ + $(OMAP4_NEXT_FOLDER)/sepolicy + # Misc BOARD_USES_SECURE_SERVICES := true diff --git a/sepolicy/file.te b/sepolicy/file.te new file mode 100644 index 0000000..c29f1df --- /dev/null +++ b/sepolicy/file.te @@ -0,0 +1,2 @@ +# Hardware tunables +type sysfs_hardware, fs_type, sysfs_type; diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts new file mode 100644 index 0000000..08d1b38 --- /dev/null +++ b/sepolicy/file_contexts @@ -0,0 +1,10 @@ +# Device nodes +/dev/tiler u:object_r:video_device:s0 +/dev/dsscomp u:object_r:graphics_device:s0 + +# System binaries +/system/bin/pvrsrvinit u:object_r:pvrsrvinit_exec:s0 + +# Hardware tunables +/sys/devices/platform/omapdss/manager0/cpr_coef -- u:object_r:sysfs_hardware:s0 +/sys/devices/platform/omapdss/manager0/cpr_enable -- u:object_r:sysfs_hardware:s0 diff --git a/sepolicy/init.te b/sepolicy/init.te new file mode 100644 index 0000000..d269ef2 --- /dev/null +++ b/sepolicy/init.te @@ -0,0 +1,2 @@ +# Hardware tunables +allow init sysfs_hardware:file rw_file_perms; diff --git a/sepolicy/pvrsrvinit.te b/sepolicy/pvrsrvinit.te new file mode 100644 index 0000000..0a2a98e --- /dev/null +++ b/sepolicy/pvrsrvinit.te @@ -0,0 +1,8 @@ +type pvrsrvinit, domain; +type pvrsrvinit_exec, exec_type, file_type; + +init_daemon_domain(pvrsrvinit) + +allow pvrsrvinit gpu_device:chr_file rw_file_perms; +allow pvrsrvinit kernel:system module_request; +allow pvrsrvinit self:capability sys_module; diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te new file mode 100644 index 0000000..24ff30f --- /dev/null +++ b/sepolicy/system_server.te @@ -0,0 +1,2 @@ +# Hardware tunables +allow system_server sysfs_hardware:file rw_file_perms; |