diff options
| author | Jason Lu <jasonbangbang@gmail.com> | 2016-02-20 15:42:11 -0600 |
|---|---|---|
| committer | rogersb11 <brettrogers11@gmail.com> | 2016-02-26 01:39:34 -0500 |
| commit | b3fde2dd7032bc838fc7ecc25499506b8f4413ee (patch) | |
| tree | 6dbe74b19fd075afef8458486375eb32e037742f /selinux/SMD-daemon.te | |
| parent | 5a1f21fb748bf64035a2211621914dabdcbfd6f2 (diff) | |
| download | device_samsung_t0lte-b3fde2dd7032bc838fc7ecc25499506b8f4413ee.tar.gz device_samsung_t0lte-b3fde2dd7032bc838fc7ecc25499506b8f4413ee.tar.bz2 device_samsung_t0lte-b3fde2dd7032bc838fc7ecc25499506b8f4413ee.zip | |
t0lte: RIL SELinux Fixes
Relabel qmiproxy, at_distributor, smdexe, and diag_uart_log so init
won't get denied with system_file:file { execute_no_trans }. Clean
up rules so we don't have to set things to permissive. RIL is
working when SELinux is enforcing with this.
Change-Id: I174010d1546207037e1907d711e7f7c21871ee9e
Diffstat (limited to 'selinux/SMD-daemon.te')
| -rw-r--r-- | selinux/SMD-daemon.te | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/selinux/SMD-daemon.te b/selinux/SMD-daemon.te index a29dbde..031daf0 100644 --- a/selinux/SMD-daemon.te +++ b/selinux/SMD-daemon.te @@ -1,5 +1,9 @@ type SMD-daemon, domain; -permissive SMD-daemon; type SMD-daemon_exec, exec_type, file_type; +init_daemon_domain(SMD-daemon) allow SMD-daemon system_file:file { execute_no_trans }; +allow SMD-daemon self:capability { setuid }; + +allow SMD-daemon log_device:chr_file { write open }; +allow SMD-daemon log_device:dir { search }; |