sepolicy: Pie (bring up)
This commit is contained in:
parent
809df7c611
commit
e9d3739c75
|
@ -1 +1,16 @@
|
|||
# Interact with sockets
|
||||
unix_socket_send(cameraserver, camera, camera)
|
||||
allow cameraserver camera_data_file:sock_file write;
|
||||
allow cameraserver property_socket:sock_file { open read write ioctl };
|
||||
allow cameraserver init:unix_stream_socket connectto;
|
||||
|
||||
#allow cameraserver system_file:file execmod;
|
||||
allow cameraserver vendor_file:file execmod;
|
||||
allow cameraserver camera_device:chr_file { open read write ioctl };
|
||||
allow cameraserver cameraserver:fd use;
|
||||
|
||||
# Allow writing to mpdecision
|
||||
unix_socket_send(cameraserver, mpdecision, mpdecision)
|
||||
|
||||
# Allow access to sysfs
|
||||
allow cameraserver sysfs:file { getattr read open };
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
# Qualcomm MSM Interface (QMI) socket
|
||||
type qmuxd_socket, file_type;
|
||||
type sensors_socket, file_type;
|
||||
type camera_socket, file_type;
|
||||
type sensors_socket, file_type, data_file_type, core_data_file_type;
|
||||
type camera_socket, file_type, data_file_type, core_data_file_type;
|
||||
|
||||
type sensors_data_file, file_type, data_file_type;
|
||||
type sensors_data_file, file_type, data_file_type, core_data_file_type;
|
||||
|
||||
type kickstart_data_file, file_type, data_file_type;
|
||||
type kickstart_data_file, file_type, data_file_type, core_data_file_type;
|
||||
|
||||
type mpdecision_socket, file_type;
|
||||
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
# Reading from /persist/wifi/.macaddr
|
||||
allow hostapd persist_file:dir r_dir_perms;
|
||||
r_dir_file(hostapd, persist_wifi_file)
|
||||
#allow hostapd persist_file:dir r_dir_perms;
|
||||
#r_dir_file(hostapd, persist_wifi_file)
|
||||
|
|
|
@ -3,8 +3,8 @@ type mpdecision, domain, device_domain_deprecated;
|
|||
type mpdecision_exec, exec_type, file_type;
|
||||
|
||||
# DAC overrides
|
||||
allow mpdecision self:capability dac_override;
|
||||
auditallow mpdecision self:capability dac_override;
|
||||
#allow mpdecision self:capability dac_override;
|
||||
#auditallow mpdecision self:capability dac_override;
|
||||
|
||||
# Started by init
|
||||
init_daemon_domain(mpdecision)
|
||||
|
|
|
@ -30,3 +30,7 @@ allow rmt uio_device:chr_file rw_file_perms;
|
|||
|
||||
# rmt_storage shuts itself down if there is an unknown value of ro.baseband
|
||||
set_prop(rmt, ctl_rmt_prop)
|
||||
|
||||
# Access to sysfs
|
||||
allow rmt sysfs:file { open append read getattr write };
|
||||
#allow rmt sysfs:dir rw_dir_perms;
|
||||
|
|
|
@ -12,7 +12,7 @@ allow sensors self:capability chown;
|
|||
dontaudit sensors self:capability fsetid;
|
||||
|
||||
# Access /data/misc/sensors/debug and /data/system/sensors/settings
|
||||
allow sensors self:capability { dac_read_search dac_override };
|
||||
#allow sensors self:capability { dac_read_search dac_override };
|
||||
|
||||
# Create /data/app/sensor_ctl_socket (Might want to change location).
|
||||
type_transition sensors apk_data_file:sock_file sensors_socket "sensor_ctl_socket";
|
||||
|
|
|
@ -6,8 +6,8 @@ type thermald_exec, exec_type, file_type;
|
|||
init_daemon_domain(thermald)
|
||||
|
||||
# DAC overrides
|
||||
allow thermald self:capability dac_override;
|
||||
auditallow thermald self:capability dac_override;
|
||||
#allow thermald self:capability dac_override;
|
||||
#auditallow thermald self:capability dac_override;
|
||||
|
||||
allow thermald self:socket create_socket_perms;
|
||||
allowxperm thermald self:socket ioctl msm_sock_ipc_ioctls;
|
||||
|
|
Loading…
Reference in New Issue