diff options
| author | Abhimanyu Garg <agarg@codeaurora.org> | 2016-03-09 15:41:04 -0800 |
|---|---|---|
| committer | Gerrit Code Review <gerrit@cyanogenmod.org> | 2016-08-04 23:48:04 -0700 |
| commit | f1e187447e26d6932cad13d1c347c93324b8cd95 (patch) | |
| tree | 2bbec6204f64877ed71def1a69f7d2f05eeb118c | |
| parent | 27c502e05fabf3f1f49e9c1814c4035a15fbc187 (diff) | |
| download | android_device_qcom_sepolicy-f1e187447e26d6932cad13d1c347c93324b8cd95.tar.gz android_device_qcom_sepolicy-f1e187447e26d6932cad13d1c347c93324b8cd95.tar.bz2 android_device_qcom_sepolicy-f1e187447e26d6932cad13d1c347c93324b8cd95.zip | |
sepolicy: update iop socket path
iop socket path has been changed from /data/misc/iop/iop to
/dev/socket/iop.
Remove socket dir create policies from iop.te and replace with
rw socket file permissions.
Change-Id: I8fcef873b26234d517c319debcd09bf817fd75e2
| -rw-r--r-- | common/file_contexts | 1 | ||||
| -rw-r--r-- | common/iop.te | 3 | ||||
| -rw-r--r-- | common/system_server.te | 2 |
3 files changed, 3 insertions, 3 deletions
diff --git a/common/file_contexts b/common/file_contexts index e18e6094..f761191c 100644 --- a/common/file_contexts +++ b/common/file_contexts @@ -98,6 +98,7 @@ /dev/socket/perfd(/.*)? u:object_r:mpctl_socket:s0 /dev/socket/perfd u:object_r:mpctl_socket:s0 /dev/socket/gamed u:object_r:gamed_socket:s0 +/dev/socket/iop u:object_r:iop_socket:s0 /dev/socket/qlogd u:object_r:qlogd_socket:s0 /dev/socket/ipacm_log_file u:object_r:ipacm_socket:s0 /dev/socket/dpmd u:object_r:dpmd_socket:s0 diff --git a/common/iop.te b/common/iop.te index c35fc478..5e739025 100644 --- a/common/iop.te +++ b/common/iop.te @@ -35,8 +35,7 @@ r_dir_file( dumpstate, appdomain ); r_dir_file( dumpstate, apk_data_file ); #Create a socket for receiving info from IOP -type_transition dumpstate iop_data_file:sock_file iop_socket "iop"; -allow dumpstate iop_socket:sock_file { create_file_perms unlink }; +allow dumpstate iop_socket:sock_file rw_file_perms; #default_values file allow dumpstate iop_data_file:dir rw_dir_perms; diff --git a/common/system_server.te b/common/system_server.te index 569e1aba..87bfc53c 100644 --- a/common/system_server.te +++ b/common/system_server.te @@ -38,7 +38,7 @@ allow system_server { bluetooth_prop usf_prop }:property_service set; # required for ANT App to connectto wcnss_filter sockets allow system_server bluetooth:unix_stream_socket connectto; # access to iop -allow system_server iop_data_file:dir r_dir_perms; +allow system_server iop_socket:dir r_dir_perms; unix_socket_send(system_server, iop, dumpstate) unix_socket_connect(system_server, iop, dumpstate) |