diff options
| author | Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de> | 2016-03-18 10:59:16 +0100 |
|---|---|---|
| committer | Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de> | 2016-03-18 10:59:16 +0100 |
| commit | be9e1314a1cc2e46d59707ea94c6ec8da8546689 (patch) | |
| tree | 78ab82a2146c303c0e5d2209cca2c3919fa5c685 /sepolicy | |
| parent | 9c205f060300a98bd58bda75ef0a8ea807153335 (diff) | |
| parent | b7c8dec762fa745dd1c06d2a8a007cfec31128b2 (diff) | |
| download | vendor_replicant-be9e1314a1cc2e46d59707ea94c6ec8da8546689.zip vendor_replicant-be9e1314a1cc2e46d59707ea94c6ec8da8546689.tar.gz vendor_replicant-be9e1314a1cc2e46d59707ea94c6ec8da8546689.tar.bz2 | |
Merge branch 'cm-13.0' of https://github.com/CyanogenMod/android_vendor_cm into replicant-6.0
Diffstat (limited to 'sepolicy')
| -rw-r--r-- | sepolicy/platform_app.te | 3 | ||||
| -rw-r--r-- | sepolicy/recovery.te | 3 | ||||
| -rw-r--r-- | sepolicy/service.te | 2 | ||||
| -rw-r--r-- | sepolicy/service_contexts | 2 | ||||
| -rw-r--r-- | sepolicy/su.te | 2 |
5 files changed, 12 insertions, 0 deletions
diff --git a/sepolicy/platform_app.te b/sepolicy/platform_app.te index db8647d..bbd4dd4 100644 --- a/sepolicy/platform_app.te +++ b/sepolicy/platform_app.te @@ -2,3 +2,6 @@ # This is a performance optimization that allows platform apps to bypass the FUSE layer allow platform_app sdcard_posix:dir create_dir_perms; allow platform_app sdcard_posix:file create_file_perms; + +# Allow Gallery3D to crop user images +allow platform_app system_app_data_file:file rw_file_perms; diff --git a/sepolicy/recovery.te b/sepolicy/recovery.te index 76e7a62..da6ddac 100644 --- a/sepolicy/recovery.te +++ b/sepolicy/recovery.te @@ -29,6 +29,9 @@ allow recovery sdcard_posix:file r_file_perms; # Control properties allow recovery recovery_prop:property_service set; +# Set property sys.usb.ffs.ready +allow recovery ffs_prop:property_service set; + # recursive rm for wipes... :( allow app_data_file self:filesystem associate; allow recovery app_data_file:file { read open create write }; diff --git a/sepolicy/service.te b/sepolicy/service.te index 579e2b8..1a6559f 100644 --- a/sepolicy/service.te +++ b/sepolicy/service.te @@ -9,3 +9,5 @@ type cm_telephony_service, system_api_service, system_server_service, service_ma type cm_hardware_service, system_api_service, system_server_service, service_manager_type; type cm_app_suggest_service, system_api_service, system_server_service, service_manager_type; type cm_performance_service, system_api_service, system_server_service, service_manager_type; +type cm_themes_service, system_api_service, system_server_service, service_manager_type; +type cm_iconcache_service, system_api_service, system_server_service, service_manager_type; diff --git a/sepolicy/service_contexts b/sepolicy/service_contexts index 4baf0f8..04efc6f 100644 --- a/sepolicy/service_contexts +++ b/sepolicy/service_contexts @@ -9,3 +9,5 @@ cmtelephonymanager u:object_r:cm_telephony_service:s0 cmhardware u:object_r:cm_hardware_service:s0 cmappsuggest u:object_r:cm_app_suggest_service:s0 cmperformance u:object_r:cm_performance_service:s0 +cmthemes u:object_r:cm_themes_service:s0 +cmiconcache u:object_r:cm_iconcache_service:s0 diff --git a/sepolicy/su.te b/sepolicy/su.te index 9cd6345..473386b 100644 --- a/sepolicy/su.te +++ b/sepolicy/su.te @@ -64,4 +64,6 @@ userdebug_or_eng(` allow system_app superuser_device:sock_file { read write create setattr unlink getattr }; allow system_app sudaemon:unix_stream_socket { connectto read write setopt ioctl }; allow system_app superuser_device:dir { create rw_dir_perms setattr unlink }; + + allow kernel sudaemon:fd { use }; ') |