klte-common: Add device-specific SELinux policies
Change-Id: I076561a13f73dccf4919d9e05561ebc324c1d99e
This commit is contained in:
parent
2c1a62d7a0
commit
083fa02404
|
@ -79,6 +79,9 @@ TARGET_RECOVERY_FSTAB := $(LOCAL_PATH)/rootdir/etc/fstab.qcom
|
||||||
# SELinux
|
# SELinux
|
||||||
-include device/qcom/sepolicy/sepolicy.mk
|
-include device/qcom/sepolicy/sepolicy.mk
|
||||||
|
|
||||||
|
BOARD_SEPOLICY_DIRS += \
|
||||||
|
device/samsung/klte-common/sepolicy
|
||||||
|
|
||||||
# Wifi
|
# Wifi
|
||||||
BOARD_HAVE_SAMSUNG_WIFI := true
|
BOARD_HAVE_SAMSUNG_WIFI := true
|
||||||
BOARD_WLAN_DEVICE := bcmdhd
|
BOARD_WLAN_DEVICE := bcmdhd
|
||||||
|
|
|
@ -81,7 +81,7 @@ on fs
|
||||||
mount_all fstab.qcom
|
mount_all fstab.qcom
|
||||||
|
|
||||||
restorecon_recursive /persist
|
restorecon_recursive /persist
|
||||||
restorecon -R /efs
|
restorecon_recursive /efs
|
||||||
|
|
||||||
setprop ro.crypto.fuse_sdcard true
|
setprop ro.crypto.fuse_sdcard true
|
||||||
|
|
||||||
|
@ -133,6 +133,7 @@ on post-fs-data
|
||||||
mkdir /efs/wifi 0775 radio system
|
mkdir /efs/wifi 0775 radio system
|
||||||
chown system wifi /efs/wifi/.mac.info
|
chown system wifi /efs/wifi/.mac.info
|
||||||
chmod 0660 /efs/wifi/.mac.info
|
chmod 0660 /efs/wifi/.mac.info
|
||||||
|
restorecon /efs/wifi/.mac.info
|
||||||
chmod 0660 /efs/wifi/.mac.cob
|
chmod 0660 /efs/wifi/.mac.cob
|
||||||
|
|
||||||
# Create directory used by audio subsystem
|
# Create directory used by audio subsystem
|
||||||
|
@ -986,8 +987,11 @@ on boot
|
||||||
# permissions for bluetooth.
|
# permissions for bluetooth.
|
||||||
setprop ro.bt.bdaddr_path "/efs/bluetooth/bt_addr"
|
setprop ro.bt.bdaddr_path "/efs/bluetooth/bt_addr"
|
||||||
chown bluetooth net_bt_stack ro.bt.bdaddr_path
|
chown bluetooth net_bt_stack ro.bt.bdaddr_path
|
||||||
|
|
||||||
chown radio net_bt_stack /efs/bluetooth/bt_addr
|
chown radio net_bt_stack /efs/bluetooth/bt_addr
|
||||||
chmod 0640 /efs/bluetooth/bt_addr
|
chmod 0640 /efs/bluetooth/bt_addr
|
||||||
|
restorecon_recursive /efs/bluetooth
|
||||||
|
|
||||||
chmod 0660 /sys/class/rfkill/rfkill0/state
|
chmod 0660 /sys/class/rfkill/rfkill0/state
|
||||||
chown bluetooth net_bt_stack /sys/class/rfkill/rfkill0/state
|
chown bluetooth net_bt_stack /sys/class/rfkill/rfkill0/state
|
||||||
chown bluetooth net_bt_stack /sys/class/rfkill/rfkill0/type
|
chown bluetooth net_bt_stack /sys/class/rfkill/rfkill0/type
|
||||||
|
@ -1000,6 +1004,18 @@ on boot
|
||||||
chmod 0600 /dev/btlock
|
chmod 0600 /dev/btlock
|
||||||
chown bluetooth bluetooth /dev/btlock
|
chown bluetooth bluetooth /dev/btlock
|
||||||
|
|
||||||
|
# Sensors
|
||||||
|
chown system system /efs/prox_cal
|
||||||
|
chmod 0640 /efs/prox_cal
|
||||||
|
restorecon /efs/prox_cal
|
||||||
|
|
||||||
|
chown system system /efs/FactoryApp/baro_delta
|
||||||
|
chmod 0640 /efs/FactoryApp/baro_delta
|
||||||
|
restorecon /efs/FactoryApp/baro_delta
|
||||||
|
|
||||||
|
chown system system /efs/gyro_cal_data
|
||||||
|
chmod 0640 /efs/gyro_cal_data
|
||||||
|
restorecon /efs/gyro_cal_data
|
||||||
|
|
||||||
# Services begin here
|
# Services begin here
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,2 @@
|
||||||
|
allow bluetooth bluetooth_device:chr_file { open write };
|
||||||
|
allow bluetooth proc_bluetooth_writable:dir search;
|
|
@ -0,0 +1 @@
|
||||||
|
type bluetooth_device, dev_type;
|
|
@ -0,0 +1,6 @@
|
||||||
|
type sensors_efs_file, file_type;
|
||||||
|
type sysfs_camera, fs_type, sysfs_type;
|
||||||
|
type sysfs_display, fs_type, sysfs_type;
|
||||||
|
type sysfs_sec, fs_type, sysfs_type;
|
||||||
|
type sysfs_vibeamp, fs_type, sysfs_type;
|
||||||
|
type wifi_efs_file, file_type;
|
|
@ -0,0 +1,34 @@
|
||||||
|
|
||||||
|
# Bluetooth
|
||||||
|
/dev/btlock u:object_r:bluetooth_device:s0
|
||||||
|
/dev/rfkill u:object_r:bluetooth_device:s0
|
||||||
|
/efs/bluetooth(/.*)? u:object_r:bluetooth_efs_file:s0
|
||||||
|
|
||||||
|
# Camera
|
||||||
|
/data/cam_socket.* u:object_r:camera_socket:s0
|
||||||
|
/sys/devices/virtual/camera(/.*)? u:object_r:sysfs_camera:s0
|
||||||
|
|
||||||
|
# CMHW
|
||||||
|
/sys/devices/virtual/timed_output/vibrator(/.*)? u:object_r:sysfs_vibeamp:s0
|
||||||
|
|
||||||
|
# Display
|
||||||
|
/sys/devices/virtual/lcd/panel/power_reduce u:object_r:sysfs_display:s0
|
||||||
|
|
||||||
|
# GPS
|
||||||
|
/data/misc/gsiff_ctrl_q u:object_r:location_data_file:s0
|
||||||
|
|
||||||
|
# NFC
|
||||||
|
/dev/pn547 u:object_r:nfc_device:s0
|
||||||
|
|
||||||
|
# SEC
|
||||||
|
/sys/devices/virtual/sec/sec_key/hall_irq_ctrl u:object_r:sysfs_sec:s0
|
||||||
|
|
||||||
|
# Sensors
|
||||||
|
/dev/batch_io u:object_r:sensors_device:s0
|
||||||
|
/efs/FactoryApp/baro_delta u:object_r:sensors_efs_file:s0
|
||||||
|
/efs/gyro_cal_data u:object_r:sensors_efs_file:s0
|
||||||
|
/efs/prox_cal u:object_r:sensors_efs_file:s0
|
||||||
|
|
||||||
|
# WiFi
|
||||||
|
/data/.wifiver.info u:object_r:wifi_data_file:s0
|
||||||
|
/efs/wifi(/.*)? u:object_r:wifi_efs_file:s0
|
|
@ -0,0 +1 @@
|
||||||
|
genfscon proc /bluetooth/sleep u:object_r:proc_bluetooth_writable:s0
|
|
@ -0,0 +1,2 @@
|
||||||
|
allow mediaserver sysfs_camera:dir search;
|
||||||
|
allow mediaserver sysfs_camera:file { getattr open read };
|
|
@ -0,0 +1,5 @@
|
||||||
|
allow mm-qcamerad media_rw_data_file:dir search;
|
||||||
|
allow mm-qcamerad qdsp_device:chr_file { open read ioctl };
|
||||||
|
allow mm-qcamerad sysfs_camera:dir search;
|
||||||
|
allow mm-qcamerad sysfs_camera:file { getattr open read write };
|
||||||
|
type_transition mm-qcamerad system_data_file:sock_file camera_socket "cam_socket3";
|
|
@ -0,0 +1,2 @@
|
||||||
|
allow rild proc_net:file { write };
|
||||||
|
allow rild sysfs_sec:file { getattr open read write };
|
|
@ -0,0 +1 @@
|
||||||
|
allow rmt_storage ssd_device:blk_file { open read write };
|
|
@ -0,0 +1,4 @@
|
||||||
|
allow system_app shell_data_file:dir search;
|
||||||
|
allow system_app sysfs_display:file { getattr open read write };
|
||||||
|
allow system_app sysfs_vibeamp:dir search;
|
||||||
|
allow system_app sysfs_vibeamp:file { getattr open read write };
|
|
@ -0,0 +1,5 @@
|
||||||
|
allow system_server efs_file:dir search;
|
||||||
|
allow system_server sensors_efs_file:file { open read };
|
||||||
|
allow system_server sysfs_vibeamp:dir search;
|
||||||
|
allow system_server sysfs_vibeamp:file { open read write };
|
||||||
|
allow system_server time_daemon:unix_stream_socket connectto;
|
|
@ -0,0 +1,3 @@
|
||||||
|
allow time_daemon system_server:dir search;
|
||||||
|
allow time_daemon system_server:file { open read };
|
||||||
|
allow time_daemon time_data_file:file { getattr append };
|
|
@ -0,0 +1,2 @@
|
||||||
|
allow ueventd sysfs_camera:file { open read write };
|
||||||
|
allow ueventd sysfs_vibeamp:file { open read write };
|
|
@ -0,0 +1,4 @@
|
||||||
|
allow wpa bluetooth_device:chr_file { open read write };
|
||||||
|
allow wpa efs_file:dir search;
|
||||||
|
allow wpa wifi_efs_file:dir search;
|
||||||
|
allow wpa wifi_efs_file:file { open read };
|
Loading…
Reference in New Issue