klte-common: Update SELinux configuration
Change-Id: Ia7140d0cd2c1c80d4811988a3cb4e7960eba1261
This commit is contained in:
Ethan Chen
parent
48529d198a
commit
cc9392254e
18 changed files with 39 additions and 40 deletions
|
|
@ -1,2 +1,2 @@
|
||||||
allow bluetooth bluetooth_device:chr_file { open write };
|
allow bluetooth bluetooth_device:chr_file rw_file_perms;
|
||||||
allow bluetooth proc_bluetooth_writable:dir search;
|
allow bluetooth proc_bluetooth_writable:dir search;
|
||||||
|
|
|
||||||
|
|
@ -3,7 +3,6 @@
|
||||||
|
|
||||||
# Bluetooth
|
# Bluetooth
|
||||||
/dev/btlock u:object_r:bluetooth_device:s0
|
/dev/btlock u:object_r:bluetooth_device:s0
|
||||||
/dev/block/mmcblk0(.*) u:object_r:mmc_block_device:s0
|
|
||||||
/dev/rfkill u:object_r:bluetooth_device:s0
|
/dev/rfkill u:object_r:bluetooth_device:s0
|
||||||
/efs/bluetooth(/.*)? u:object_r:bluetooth_efs_file:s0
|
/efs/bluetooth(/.*)? u:object_r:bluetooth_efs_file:s0
|
||||||
|
|
||||||
|
|
@ -17,11 +16,11 @@
|
||||||
# Display
|
# Display
|
||||||
/sys/devices/virtual/lcd/panel/power_reduce u:object_r:sysfs_display:s0
|
/sys/devices/virtual/lcd/panel/power_reduce u:object_r:sysfs_display:s0
|
||||||
|
|
||||||
# GPS
|
# EFS
|
||||||
/data/misc/gsiff_ctrl_q u:object_r:location_data_file:s0
|
/dev/block/bootdevice/by-name/efs u:object_r:modem_efs_partition_device:s0
|
||||||
|
|
||||||
# Mpdecision
|
# Macloader
|
||||||
/data/system/default_values u:object_r:mpctl_data_file:s0
|
/system/bin/macloader u:object_r:macloader_exec:s0
|
||||||
|
|
||||||
# NFC
|
# NFC
|
||||||
/dev/bcm2079x u:object_r:nfc_device:s0
|
/dev/bcm2079x u:object_r:nfc_device:s0
|
||||||
|
|
@ -37,12 +36,10 @@
|
||||||
/efs/gyro_cal_data u:object_r:sensors_efs_file:s0
|
/efs/gyro_cal_data u:object_r:sensors_efs_file:s0
|
||||||
/efs/prox_cal u:object_r:sensors_efs_file:s0
|
/efs/prox_cal u:object_r:sensors_efs_file:s0
|
||||||
|
|
||||||
# Time
|
# Thermal
|
||||||
/data/time/time.log u:object_r:time_data_file:s0
|
/system/bin/thermal-engine u:object_r:thermal-engine_exec:s0
|
||||||
|
|
||||||
# WiFi
|
# WiFi
|
||||||
|
/data/.cid.info u:object_r:wifi_data_file:s0
|
||||||
/data/.wifiver.info u:object_r:wifi_data_file:s0
|
/data/.wifiver.info u:object_r:wifi_data_file:s0
|
||||||
/efs/wifi(/.*)? u:object_r:wifi_efs_file:s0
|
/efs/wifi(/.*)? u:object_r:wifi_efs_file:s0
|
||||||
|
|
||||||
# Vold
|
|
||||||
/etc/blkid.tab u:object_r:system_file:s0
|
|
||||||
|
|
|
||||||
1
sepolicy/fsck.te
Normal file
1
sepolicy/fsck.te
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
allow fsck modem_efs_partition_device:blk_file rw_file_perms;
|
||||||
|
|
@ -1 +1 @@
|
||||||
allow init kernel:system syslog_read;
|
allow init sysfs_sec:lnk_file r_file_perms;
|
||||||
|
|
|
||||||
1
sepolicy/kernel.te
Normal file
1
sepolicy/kernel.te
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
allow kernel audio_device:chr_file rw_file_perms;
|
||||||
9
sepolicy/macloader.te
Normal file
9
sepolicy/macloader.te
Normal file
|
|
@ -0,0 +1,9 @@
|
||||||
|
type macloader, domain;
|
||||||
|
type macloader_exec, exec_type, file_type;
|
||||||
|
init_daemon_domain(macloader)
|
||||||
|
|
||||||
|
allow macloader efs_file:dir search;
|
||||||
|
allow macloader self:capability { chown dac_override fowner };
|
||||||
|
allow macloader wifi_data_file:file create_file_perms;
|
||||||
|
allow macloader wifi_efs_file:dir search;
|
||||||
|
allow macloader wifi_efs_file:file r_file_perms;
|
||||||
|
|
@ -1,2 +1,3 @@
|
||||||
allow mediaserver sysfs_camera:dir search;
|
allow mediaserver sysfs_camera:dir search;
|
||||||
allow mediaserver sysfs_camera:file { getattr open read };
|
allow mediaserver sysfs_camera:file { getattr open read };
|
||||||
|
allow mediaserver system_file:file execmod; # for libmmjpeg
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,6 @@
|
||||||
allow mm-qcamerad media_rw_data_file:dir search;
|
allow mm-qcamerad media_rw_data_file:dir search;
|
||||||
allow mm-qcamerad qdsp_device:chr_file { open read ioctl };
|
|
||||||
allow mm-qcamerad sysfs_camera:dir search;
|
allow mm-qcamerad sysfs_camera:dir search;
|
||||||
allow mm-qcamerad sysfs_camera:file { getattr open read write };
|
allow mm-qcamerad sysfs_camera:file rw_file_perms;
|
||||||
|
allow mm-qcamerad system_data_file:dir w_dir_perms;
|
||||||
|
allow mm-qcamerad system_file:file execmod; # for libmmcamera_faceproc
|
||||||
type_transition mm-qcamerad system_data_file:sock_file camera_socket "cam_socket3";
|
type_transition mm-qcamerad system_data_file:sock_file camera_socket "cam_socket3";
|
||||||
|
|
|
||||||
|
|
@ -1,4 +0,0 @@
|
||||||
allow mpdecision socket_device:dir rw_dir_perms;
|
|
||||||
allow mpdecision socket_device:sock_file { write create setattr };
|
|
||||||
allow mpdecision thermal_socket:sock_file write;
|
|
||||||
allow mpdecision thermal-engine:unix_stream_socket connectto;
|
|
||||||
|
|
@ -1,3 +1,2 @@
|
||||||
allow rild proc_net:file { write };
|
allow rild proc_net:file rw_file_perms;
|
||||||
allow rild sysfs_sec:file { getattr open read write };
|
allow rild self:capability dac_override;
|
||||||
allow rild zygote_exec:file execute;
|
|
||||||
|
|
|
||||||
|
|
@ -1 +0,0 @@
|
||||||
allow rmt_storage ssd_device:blk_file { open read write };
|
|
||||||
|
|
@ -1 +0,0 @@
|
||||||
allow system_app shell_data_file:dir search;
|
|
||||||
|
|
@ -1,7 +1,8 @@
|
||||||
allow system_server efs_file:dir search;
|
allow system_server efs_file:dir search;
|
||||||
allow system_server sensors_efs_file:file { open read };
|
allow system_server sensors_efs_file:file r_file_perms;
|
||||||
allow system_server sysfs_display:file { getattr open read write };
|
allow system_server sysfs_display:file rw_file_perms;
|
||||||
allow system_server sysfs_sec:dir search;
|
allow system_server sysfs_sec:dir search;
|
||||||
allow system_server sysfs_sec:file { getattr open read write };
|
allow system_server sysfs_sec:file rw_file_perms;
|
||||||
allow system_server sysfs_vibeamp:dir search;
|
allow system_server sysfs_vibeamp:dir search;
|
||||||
allow system_server sysfs_vibeamp:file { getattr open read write };
|
allow system_server sysfs_vibeamp:file rw_file_perms;
|
||||||
|
allow system_server wifi_efs_file:file r_file_perms;
|
||||||
|
|
|
||||||
3
sepolicy/thermal-engine.te
Normal file
3
sepolicy/thermal-engine.te
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
type_transition thermal-engine socket_device:sock_file thermal_socket "thermal-recv-client";
|
||||||
|
type_transition thermal-engine socket_device:sock_file thermal_socket "thermal-recv-passive-client";
|
||||||
|
type_transition thermal-engine socket_device:sock_file thermal_socket "thermal-send-client";
|
||||||
|
|
@ -1,6 +0,0 @@
|
||||||
allow time_daemon system_app:dir search;
|
|
||||||
allow time_daemon system_app:file { read open };
|
|
||||||
allow time_daemon system_server:dir search;
|
|
||||||
allow time_daemon system_server:file { open read };
|
|
||||||
allow time_daemon time_data_file:dir remove_name;
|
|
||||||
allow time_daemon time_data_file:file { getattr append unlink };
|
|
||||||
|
|
@ -1,3 +1,3 @@
|
||||||
allow ueventd sysfs_camera:file { open read write };
|
allow ueventd sysfs_camera:file rw_file_perms;
|
||||||
allow ueventd sysfs_sec:file { open read write };
|
allow ueventd sysfs_sec:file rw_file_perms;
|
||||||
allow ueventd sysfs_vibeamp:file { open read write };
|
allow ueventd sysfs_vibeamp:file rw_file_perms;
|
||||||
|
|
|
||||||
|
|
@ -1,2 +0,0 @@
|
||||||
allow vold efs_file:dir { getattr read };
|
|
||||||
allow vold mmc_block_device:blk_file { open read write ioctl getattr };
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
allow wpa bluetooth_device:chr_file { open read write };
|
allow wpa bluetooth_device:chr_file rw_file_perms;
|
||||||
allow wpa efs_file:dir search;
|
allow wpa efs_file:dir search;
|
||||||
allow wpa wifi_efs_file:dir search;
|
allow wpa wifi_efs_file:dir search;
|
||||||
allow wpa wifi_efs_file:file { open read };
|
allow wpa wifi_efs_file:file r_file_perms;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue