Move SELinux diag_device policy to userdebug/eng.
Also just remove all specific domain access and instead allow diag_device access for all domains on the userdebug/user builds. Change-Id: I2dc79eb47e05290902af2dfd61a361336ebc8bca Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
This commit is contained in:
Robert Craig
parent
62d77eeceb
commit
ba571057fa
|
|
@ -113,6 +113,7 @@ BOARD_SEPOLICY_UNION += \
|
|||
camera.te \
|
||||
conn_init.te \
|
||||
device.te \
|
||||
domain.te \
|
||||
file.te \
|
||||
file_contexts \
|
||||
irsc_util.te \
|
||||
|
|
|
|||
|
|
@ -8,9 +8,6 @@ init_daemon_domain(bridge)
|
|||
# Uevent for usb connection
|
||||
allow bridge self:netlink_kobject_uevent_socket { create bind read };
|
||||
|
||||
# Allow logging diagnostic items to /dev/diag
|
||||
allow bridge diag_device:chr_file rw_file_perms;
|
||||
|
||||
# Talk to qmuxd (qmux_radio)
|
||||
qmux_socket(bridge)
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
userdebug_or_eng(`
|
||||
allow domain diag_device:chr_file rw_file_perms;
|
||||
')
|
||||
|
|
@ -20,9 +20,6 @@ allow netmgrd self:netlink_route_socket create_socket_perms;
|
|||
# Talk to qmuxd (qmux_radio)
|
||||
qmux_socket(netmgrd)
|
||||
|
||||
# Allow logging diagnostic items (/dev/diag)
|
||||
allow netmgrd diag_device:chr_file rw_file_perms;
|
||||
|
||||
# Tries to access /data/data_test/ with toolbox. The data_test
|
||||
# directory doesn't exist so deny access.
|
||||
dontaudit netmgrd shell_exec:file rx_file_perms;
|
||||
|
|
|
|||
|
|
@ -12,8 +12,5 @@ allow qmux qmuxd_socket:sock_file { create setattr getattr unlink };
|
|||
# /dev/hsicctl* node access
|
||||
allow qmux radio_device:chr_file rw_file_perms;
|
||||
|
||||
# Allow logging diagnostic items
|
||||
allow qmux diag_device:chr_file rw_file_perms;
|
||||
|
||||
# wake lock access
|
||||
allow qmux sysfs_wake_lock:file { open append };
|
||||
|
|
|
|||
|
|
@ -1,5 +1 @@
|
|||
userdebug_or_eng(`
|
||||
allow rild diag_device:chr_file rw_file_perms;
|
||||
')
|
||||
|
||||
qmux_socket(rild)
|
||||
|
|
|
|||
|
|
@ -14,9 +14,6 @@ dontaudit sensors self:capability fsetid;
|
|||
# Access /data/misc/sensors/debug and /data/system/sensors/settings
|
||||
allow sensors self:capability { dac_read_search dac_override };
|
||||
|
||||
# Log diagnostic items (/dev/diag)
|
||||
allow sensors diag_device:chr_file rw_file_perms;
|
||||
|
||||
# Create /data/app/sensor_ctl_socket (Might want to change location).
|
||||
type_transition sensors apk_data_file:sock_file sensors_socket "sensor_ctl_socket";
|
||||
allow sensors sensors_socket:sock_file create_file_perms;
|
||||
|
|
|
|||
|
|
@ -14,8 +14,8 @@ allow thermald self:capability net_admin;
|
|||
# Talk to qmuxd (/dev/socket/qmux_radio)
|
||||
qmux_socket(thermald)
|
||||
|
||||
# Access shared logger (/dev/smem_log) and diagnostic logger (/dev/diag)
|
||||
allow thermald { shared_log_device diag_device }:chr_file rw_file_perms;
|
||||
# Access shared logger (/dev/smem_log)
|
||||
allow thermald shared_log_device:chr_file rw_file_perms;
|
||||
|
||||
# Access /sys/devices/system/cpu/
|
||||
allow thermald sysfs_devices_system_cpu:file rw_file_perms;
|
||||
|
|
|
|||
Loading…
Reference in New Issue