diff options
| author | rogersb11 <brettrogers11@gmail.com> | 2015-11-12 04:06:26 -0500 |
|---|---|---|
| committer | rogersb11 <brettrogers11@gmail.com> | 2015-11-12 04:11:14 -0500 |
| commit | c3d43d2b47748f5e0278f01371398ed3e65ccdab (patch) | |
| tree | 38dc7355856a56cc385184b74d79c10b14176e56 /selinux/secril.te | |
| parent | 01fd7d495b2b9a5a0f107fe46cff7be78adf66c2 (diff) | |
| download | device_samsung_t0lte-c3d43d2b47748f5e0278f01371398ed3e65ccdab.tar.gz device_samsung_t0lte-c3d43d2b47748f5e0278f01371398ed3e65ccdab.tar.bz2 device_samsung_t0lte-c3d43d2b47748f5e0278f01371398ed3e65ccdab.zip | |
Revert "Remove device specific SEPolicy"
Will follow with policy updates
This reverts commit 8e368fa918f244e214ee8bd53ce332ce6ad74663.
Change-Id: I58247300df68442709b44623e29b1bee0c6d5496
Diffstat (limited to 'selinux/secril.te')
| -rw-r--r-- | selinux/secril.te | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/selinux/secril.te b/selinux/secril.te new file mode 100644 index 0000000..1b1cc0a --- /dev/null +++ b/selinux/secril.te @@ -0,0 +1,38 @@ +# sec-ril +type secril-daemon, domain; +type secril-daemon_exec, exec_type, file_type; + +# Start /system/bin/sec-ril from init +init_daemon_domain(secril-daemon) + +allow secril-daemon secril-daemon_exec:file { open execute_no_trans getattr }; +allow secril-daemon self:udp_socket { create ioctl }; +unix_socket_connect(secril-daemon, property, init) +unix_socket_connect(secril-daemon, rild, rild) + +allow secril-daemon { efs_file }:file rw_file_perms; +allow secril-daemon system_data_file:dir create_dir_perms; +allow secril-daemon system_data_file:file unlink; +allow secril-daemon radio_data_file:file { create_file_perms }; +allow secril-daemon kernel:system module_request; +allow secril-daemon self:capability { sys_module fsetid setuid setgid net_admin net_raw dac_override }; +allow secril-daemon system_file:file x_file_perms; +allow secril-daemon sysfs:file rw_file_perms; +allow secril-daemon shell_exec:file rx_file_perms; +allow secril-daemon app_data_file:file rw_file_perms; +allow secril-daemon app_data_file:dir search; +allow secril-daemon zygote_exec:file rx_file_perms; +allow secril-daemon ashmem_device:chr_file x_file_perms; + +allow secril-daemon secril-daemon:process { execmem }; +allow secril-daemon unlabeled:dir { search }; +allow secril-daemon radio_prop:property_service { set }; +allow secril-daemon sysfs_wake_lock:file { read write open }; +allow secril-daemon unlabeled:file { read open getattr setattr }; +#allow secril-daemon system_file:file { entrypoint }; +allow secril-daemon radio_data_file:dir { search write add_name read open remove_name }; +allow secril-daemon efs_file:dir { search }; +allow secril-daemon rild_exec:file { entrypoint read }; +allow secril-daemon qmuxd_socket:dir { write add_name remove_name search }; +allow secril-daemon qmuxd_socket:sock_file { create setattr unlink }; + |