diff options
| author | taozhang <taozhang@codeaurora.org> | 2015-11-04 14:50:25 +0800 |
|---|---|---|
| committer | Steve Kondik <steve@cyngn.com> | 2016-08-05 00:19:12 -0700 |
| commit | 3825d73a2c14348075f4755bb010a279bca145cc (patch) | |
| tree | 9b6210cd50d526542807d8bab6182596f98b0938 | |
| parent | 53b308697794f5af6e38161345957201f4794396 (diff) | |
| download | android_device_qcom_sepolicy-3825d73a2c14348075f4755bb010a279bca145cc.tar.gz android_device_qcom_sepolicy-3825d73a2c14348075f4755bb010a279bca145cc.tar.bz2 android_device_qcom_sepolicy-3825d73a2c14348075f4755bb010a279bca145cc.zip | |
common: add selinux policy for fastmmi
Add selinux policy for the test cases in fastmmi, for
example, camera, bluetooth, wifi, sensor, storage,
logcat and etc.
Change-Id: Id51893ad9e101d9306b5608410389321544db9be
| -rw-r--r-- | common/bluetooth.te | 3 | ||||
| -rw-r--r-- | common/mm-qcamerad.te | 3 | ||||
| -rw-r--r-- | common/mmi.te | 17 | ||||
| -rw-r--r-- | common/surfaceflinger.te | 3 |
4 files changed, 25 insertions, 1 deletions
diff --git a/common/bluetooth.te b/common/bluetooth.te index 84b77f64..5da23a0d 100644 --- a/common/bluetooth.te +++ b/common/bluetooth.te @@ -61,3 +61,6 @@ qmux_socket(bluetooth); # for finding wbc_service allow bluetooth wbc_service:service_manager find; + +# for fastmmi test bluetooth +allow bluetooth mmi:unix_stream_socket connectto; diff --git a/common/mm-qcamerad.te b/common/mm-qcamerad.te index 7bc5dfe6..55acfc34 100644 --- a/common/mm-qcamerad.te +++ b/common/mm-qcamerad.te @@ -65,3 +65,6 @@ allow mm-qcamerad graphics_device:dir r_dir_perms; #Allow access to /dev/graphics/fb* for screen capture allow mm-qcamerad graphics_device:chr_file rw_file_perms; unix_socket_connect(mm-qcamerad, property, init) + +#Allow camera work normally in FFBM +binder_call(mm-qcamerad, mmi); diff --git a/common/mmi.te b/common/mmi.te index 6badeabc..4dc37ed3 100644 --- a/common/mmi.te +++ b/common/mmi.te @@ -52,6 +52,7 @@ allow mmi audio_device:chr_file rw_file_perms; #FM case allow mmi fm_radio_device:chr_file r_file_perms; +allow mmi fm_data_file:file r_file_perms; allow mmi fm_prop:property_service set; #bluetooth case @@ -62,7 +63,8 @@ allow mmi smd_device:chr_file rw_file_perms; #GPS case allow mmi location_data_file:fifo_file create_file_perms; -allow mmi location_data_file:dir w_dir_perms; +allow mmi location_data_file:dir create_dir_perms; +allow mmi location_data_file:file create_file_perms; allow mmi mmi_socket:sock_file create_file_perms; type_transition mmi socket_device:sock_file mmi_socket; allow mmi location_exec:file rx_file_perms; @@ -98,3 +100,16 @@ allow mmi surfaceflinger_service:service_manager find; #Allow mmi to use IPC binder_use(mmi) binder_call(mmi,surfaceflinger) + +#sensor cases +unix_socket_connect(mmi, sensors, sensors); +allow mmi sensors_device:chr_file r_file_perms; + +#logcat +domain_auto_trans(mmi, logcat_exec, logd); + +#mmi test +unix_socket_connect(mmi, cnd, cnd); +unix_socket_connect(mmi, dpmwrapper, dpmd); +unix_socket_connect(mmi, netmgrd, netmgrd); +net_domain(mmi); diff --git a/common/surfaceflinger.te b/common/surfaceflinger.te index 556f5eb1..1d0b2a5f 100644 --- a/common/surfaceflinger.te +++ b/common/surfaceflinger.te @@ -31,3 +31,6 @@ allow surfaceflinger display_misc_file:file create_file_perms; unix_socket_connect(surfaceflinger, pps, mm-pp-daemon) r_dir_file(surfaceflinger, firmware_file) + +#Allow access to fastmmi +binder_call(surfaceflinger, mmi)
\ No newline at end of file |