diff options
| author | sbrissen <sbrissen@hotmail.com> | 2015-01-30 16:17:04 -0500 |
|---|---|---|
| committer | sbrissen <sbrissen@hotmail.com> | 2015-01-30 16:18:32 -0500 |
| commit | e4127c3fb5671686e3692a5f2706d9d8a34f04c4 (patch) | |
| tree | 23ee9b35a6f92fb1e8fc1b2280942c6f0da09d26 | |
| parent | e2e299a94a967a2acd2ff8afe966c290e0a59549 (diff) | |
| download | device_samsung_t0lte-e4127c3fb5671686e3692a5f2706d9d8a34f04c4.tar.gz device_samsung_t0lte-e4127c3fb5671686e3692a5f2706d9d8a34f04c4.tar.bz2 device_samsung_t0lte-e4127c3fb5671686e3692a5f2706d9d8a34f04c4.zip | |
t0lte: selinux - address more denials
Change-Id: Ia82cd6cbe8cd9fe16ec0758d87e207bb6b98b6dc
| -rw-r--r-- | BoardCommonConfig.mk | 1 | ||||
| -rw-r--r-- | selinux/file.te | 3 | ||||
| -rw-r--r-- | selinux/file_contexts | 7 | ||||
| -rw-r--r-- | selinux/sysinit.te | 4 | ||||
| -rw-r--r-- | selinux/system_app.te | 2 |
5 files changed, 16 insertions, 1 deletions
diff --git a/BoardCommonConfig.mk b/BoardCommonConfig.mk index 545e3d2..fcabba7 100644 --- a/BoardCommonConfig.mk +++ b/BoardCommonConfig.mk @@ -70,6 +70,7 @@ BOARD_SEPOLICY_UNION += \ servicemanager.te \ sysinit.te \ system.te \ + system_app.te \ system_server.te \ time_daemon.te \ ueventd.te \ diff --git a/selinux/file.te b/selinux/file.te index b711ab6..07e5b83 100644 --- a/selinux/file.te +++ b/selinux/file.te @@ -3,6 +3,9 @@ type radio_efs_file, fs_type, contextmount_type; type firmware_mfc, file_type; type firmware_camera, file_type; +type mdnie_sysfs, file_type; +type vib_sysfs, file_type; + type qmuxd_socket, file_type; type kickstart_data_file, file_type, data_file_type; type sensors_data_file, file_type, data_file_type; diff --git a/selinux/file_contexts b/selinux/file_contexts index 90d9a3b..c20f3bd 100644 --- a/selinux/file_contexts +++ b/selinux/file_contexts @@ -37,8 +37,15 @@ /tombstones(/.*)? u:object_r:tombstone_data_file:s0 /tombstones/qcks(/.*)? u:object_r:kickstart_data_file:s0 +# MDNIE +/sys/class/mdnie/mdnie/scenario u:object_r:mdnie_sysfs:s0 +/sys/class/mdnie/mdnie/mode u:object_r:mdnie_sysfs:s0 +/sys/class/mdnie/mdnie/negative u:object_r:mdnie_sysfs:s0 +/sys/class/lcd/panel/power_reduce u:object_r:mdnie_sysfs:s0 + # Vibrator /dev/tspdrv u:object_r:input_device:s0 +/sys/vibrator/pwm_val u:object_r:vib_sysfs:s0 # Wifi /efs/wifi/.mac.info u:object_r:wifi_data_file:s0 diff --git a/selinux/sysinit.te b/selinux/sysinit.te index 84765ea..0608e9c 100644 --- a/selinux/sysinit.te +++ b/selinux/sysinit.te @@ -1,2 +1,4 @@ allow sysinit mmc_block_device:file read; -allow sysinit firmware_camera:dir { read search open getattr };
\ No newline at end of file +allow sysinit firmware_camera:dir { read search open getattr write remove_name add_name }; +allow sysinit firmware_camera:file { read open getattr setattr create unlink }; +allow sysinit sysinit:capability { dac_override chown fowner fsetid }; diff --git a/selinux/system_app.te b/selinux/system_app.te new file mode 100644 index 0000000..22ee485 --- /dev/null +++ b/selinux/system_app.te @@ -0,0 +1,2 @@ +allow system_app mdnie_sysfs:file { write }; +allow system_app vib_sysfs:file { write };
\ No newline at end of file |