aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSteve Kondik <steve@cyngn.com>2015-12-07 16:23:44 -0800
committerSteve Kondik <steve@cyngn.com>2015-12-07 16:23:44 -0800
commitc35ba5f6ab65286bfeebb99dafa6fe4bf40d155f (patch)
tree219af2d141bdfaddf9b9f7b6902ca34399b3b9c8
parent2a3f195b0c1e010a042c9511f4731a25df39b3fb (diff)
parent9acda2f3805c426c18af62b98aac614f69f97864 (diff)
downloadandroid_external_sepolicy-c35ba5f6ab65286bfeebb99dafa6fe4bf40d155f.tar.gz
android_external_sepolicy-c35ba5f6ab65286bfeebb99dafa6fe4bf40d155f.tar.bz2
android_external_sepolicy-c35ba5f6ab65286bfeebb99dafa6fe4bf40d155f.zip
Merge tag 'android-6.0.1_r3' of https://android.googlesource.com/platform/external/sepolicy into cm-13.0
Android 6.0.1 release 3
Diffstat
-rw-r--r--binderservicedomain.te3
-rw-r--r--bluetooth.te2
-rw-r--r--untrusted_app.te1
3 files changed, 5 insertions, 1 deletions
diff --git a/binderservicedomain.te b/binderservicedomain.te
index 0bfd33a..36993eb 100644
--- a/binderservicedomain.te
+++ b/binderservicedomain.te
@@ -13,6 +13,9 @@ allow binderservicedomain console_device:chr_file rw_file_perms;
allow binderservicedomain appdomain:fd use;
allow binderservicedomain appdomain:fifo_file write;
+# allow all services to run permission checks
+allow binderservicedomain permission_service:service_manager find;
+
allow binderservicedomain keystore:keystore_key { get_state get insert delete exist list sign verify };
use_keystore(binderservicedomain)
diff --git a/bluetooth.te b/bluetooth.te
index a79023d..f77bd0d 100644
--- a/bluetooth.te
+++ b/bluetooth.te
@@ -70,4 +70,4 @@ allow bluetooth shell_data_file:file read;
# Superuser capabilities.
# bluetooth requires net_admin and wake_alarm.
neverallow bluetooth self:capability ~net_admin;
-neverallow bluetooth self:capability2 ~wake_alarm;
+neverallow bluetooth self:capability2 ~{ wake_alarm block_suspend };
diff --git a/untrusted_app.te b/untrusted_app.te
index 2aa1495..fb76317 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -84,6 +84,7 @@ allow untrusted_app cache_file:file create_file_perms;
allow untrusted_app servicemanager:service_manager list;
allow untrusted_app drmserver_service:service_manager find;
+allow untrusted_app healthd_service:service_manager find;
allow untrusted_app mediaserver_service:service_manager find;
allow untrusted_app nfc_service:service_manager find;
allow untrusted_app radio_service:service_manager find;
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-26 16:35:43 +0000