diff options
| author | rogersb11 <brettrogers11@gmail.com> | 2015-11-12 04:06:26 -0500 |
|---|---|---|
| committer | rogersb11 <brettrogers11@gmail.com> | 2015-11-12 04:11:14 -0500 |
| commit | c3d43d2b47748f5e0278f01371398ed3e65ccdab (patch) | |
| tree | 38dc7355856a56cc385184b74d79c10b14176e56 /selinux/kickstart.te | |
| parent | 01fd7d495b2b9a5a0f107fe46cff7be78adf66c2 (diff) | |
| download | device_samsung_t0lte-c3d43d2b47748f5e0278f01371398ed3e65ccdab.tar.gz device_samsung_t0lte-c3d43d2b47748f5e0278f01371398ed3e65ccdab.tar.bz2 device_samsung_t0lte-c3d43d2b47748f5e0278f01371398ed3e65ccdab.zip | |
Revert "Remove device specific SEPolicy"
Will follow with policy updates
This reverts commit 8e368fa918f244e214ee8bd53ce332ce6ad74663.
Change-Id: I58247300df68442709b44623e29b1bee0c6d5496
Diffstat (limited to 'selinux/kickstart.te')
| -rwxr-xr-x | selinux/kickstart.te | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/selinux/kickstart.te b/selinux/kickstart.te new file mode 100755 index 0000000..d663145 --- /dev/null +++ b/selinux/kickstart.te @@ -0,0 +1,52 @@ +# kickstart processes and scripts +type kickstart, domain; +type kickstart_exec, exec_type, file_type; + +# kickstart_checker.sh talks to init over the property socket +unix_socket_connect(kickstart, property, init) + +# Start /system/bin/qcks from init +init_daemon_domain(kickstart) + +# Spawn /system/bin/efsks and /system/bin/ks +allow kickstart kickstart_exec:file { open execute_no_trans getattr }; + +# Run dd on m9kefs[123] block devices; write to /data/qcks/ +# Run cat on firmware and m9kefs[123] data; write to /data/qcks/ +allow kickstart mmc_block_device:blk_file { getattr read write open }; +allow kickstart kickstart_data_file:file create_file_perms; +allow kickstart kickstart_data_file:dir rw_dir_perms; +allow kickstart radio_efs_file:file r_file_perms; +allow kickstart radio_efs_file:dir search; + +# Let qcks access /dev/mdm node (modem driver) +allow kickstart radio_device:chr_file rw_file_perms; + +# Allow /dev/ttyUSB0 access +allow kickstart radio_device:chr_file { write ioctl getattr }; + +# Allow to run toolbox commands +allow kickstart shell_exec:file rx_file_perms; +# Toolbox commands for firmware dd +allow kickstart system_file:file execute_no_trans; + +# Access to /dev/block/platform/msm_sdcc.1/by-name/m9kefs2 +allow kickstart block_device:dir { getattr write search }; + +# Set system property key +allow kickstart radio_prop:property_service set; + +allow kickstart shell_exec:file entrypoint; +# ls on /data/qcks/ +allow kickstart self:capability { dac_override setuid }; + +# XXX Label sysfs files with a specific type? +allow kickstart sysfs:file rw_file_perms; + +allow kickstart unlabeled:file { setattr getattr read write open }; +allow kickstart vfat:file { getattr read open }; +allow kickstart kickstart:process { execmem }; +#allow kickstart usbfs:filesystem { mount }; +allow kickstart usbfs:dir { search }; +#allow kickstart system_file:file { entrypoint }; +allow kickstart vfat:dir { search }; |