diff options
Diffstat (limited to 'selinux')
| -rw-r--r-- | selinux/debuggerd.te | 4 | ||||
| -rw-r--r-- | selinux/file_contexts | 5 | ||||
| -rw-r--r-- | selinux/init.te | 5 | ||||
| -rw-r--r-- | selinux/installd.te | 1 | ||||
| -rwxr-xr-x | selinux/kickstart.te | 4 | ||||
| -rw-r--r-- | selinux/lmkd.te | 1 | ||||
| -rw-r--r-- | selinux/logd.te | 1 | ||||
| -rw-r--r-- | selinux/qmuxd.te | 1 | ||||
| -rw-r--r-- | selinux/radio.te | 2 | ||||
| -rw-r--r-- | selinux/tzdatacheck.te | 1 |
10 files changed, 17 insertions, 8 deletions
diff --git a/selinux/debuggerd.te b/selinux/debuggerd.te index 1a03fb4..a32d652 100644 --- a/selinux/debuggerd.te +++ b/selinux/debuggerd.te @@ -1,2 +1,2 @@ -allow debuggerd log_device:chr_file { read open }; -allow debuggerd log_device:dir search; +allow debuggerd log_device:chr_file { read open write }; +allow debuggerd log_device:dir { search };
\ No newline at end of file diff --git a/selinux/file_contexts b/selinux/file_contexts index 4409611..23031d4 100644 --- a/selinux/file_contexts +++ b/selinux/file_contexts @@ -54,8 +54,7 @@ /efs/FactoryApp/keystr u:object_r:efs_file:s0 /efs/FactoryApp/factorymode u:object_r:efs_file:s0 /efs/FactoryApp/serial_no u:object_r:efs_file:s0 -/data/misc/radio/ramdumpmode.txt u:object_r:radio_data_file:s0 -/data/misc/radio/dlnk u:object_r:radio_data_file:s0 +/data/misc/radio(/.*)? u:object_r:radio_data_file:s0 # Binaries /system/bin/qmuxd u:object_r:qmuxd_exec:s0 @@ -72,9 +71,11 @@ # Block devices /dev/block/mmcblk0(.*) u:object_r:boot_block_device:s0 /dev/block/mmcblk0p3 u:object_r:efs_block_device:s0 +/dev/block/mmcblk0p11 u:object_r:efs_block_device:s0 /dev/block/mmcblk0p12 u:object_r:cache_block_device:s0 /dev/block/mmcblk0p13 u:object_r:system_block_device:s0 /dev/block/mmcblk0p16 u:object_r:userdata_block_device:s0 +/dev/block/mmcblk0p17 u:object_r:efs_block_device:s0 # Audio related /data/local/audio(/.*)? u:object_r:volume_data_file:s0 diff --git a/selinux/init.te b/selinux/init.te index 77e8963..6a22ee7 100644 --- a/selinux/init.te +++ b/selinux/init.te @@ -4,14 +4,17 @@ allow init init:process { execmem }; allow init init:capability { sys_module }; allow init radio_efs_file:filesystem { relabelto }; allow init app_data_file:dir { read open setattr getattr relabelfrom }; +allow init property_socket:sock_file { write }; allow init kernel:system syslog_read; allow init init:packet_socket { create bind write read }; allow init init:rawip_socket { create setopt write }; +allow init tmpfs:lnk_file { create }; +allow init sysfs:lnk_file { setattr }; #allow init_shell init:packet_socket { read write }; allow init log_device:chr_file { write }; allow init kernel:system { module_request }; #allow init system_file:file execute_no_trans; allow init block_device:lnk_file { setattr }; -domain_trans(init, rootfs, SMD-daemon) +domain_trans(init, rootfs, SMD-daemon)
\ No newline at end of file diff --git a/selinux/installd.te b/selinux/installd.te new file mode 100644 index 0000000..25e813d --- /dev/null +++ b/selinux/installd.te @@ -0,0 +1 @@ +allow installd log_device:chr_file { open write };
\ No newline at end of file diff --git a/selinux/kickstart.te b/selinux/kickstart.te index 773c264..001d53a 100755 --- a/selinux/kickstart.te +++ b/selinux/kickstart.te @@ -10,6 +10,7 @@ init_daemon_domain(kickstart) # Spawn /system/bin/efsks and /system/bin/ks allow kickstart kickstart_exec:file { open execute_no_trans getattr }; +allow kickstart rild_exec:file { open execute_no_trans getattr }; # Run dd on m9kefs[123] block devices; write to /data/qcks/ # Run cat on firmware and m9kefs[123] data; write to /data/qcks/ @@ -46,8 +47,7 @@ allow kickstart sysfs:file rw_file_perms; allow kickstart unlabeled:file { setattr getattr read write open }; allow kickstart vfat:file { getattr read open }; allow kickstart kickstart:process { execmem }; -#allow kickstart usbfs:filesystem { mount }; allow kickstart usbfs:dir { search }; -#allow kickstart system_file:file { entrypoint }; allow kickstart vfat:dir { search }; allow kickstart log_device:chr_file { open write }; +allow kickstart rild_exec:file { getattr execute read open };
\ No newline at end of file diff --git a/selinux/lmkd.te b/selinux/lmkd.te new file mode 100644 index 0000000..d088a9c --- /dev/null +++ b/selinux/lmkd.te @@ -0,0 +1 @@ +allow lmkd log_device:chr_file { open };
\ No newline at end of file diff --git a/selinux/logd.te b/selinux/logd.te index 5ed43b6..981754b 100644 --- a/selinux/logd.te +++ b/selinux/logd.te @@ -1,2 +1,3 @@ #allow logd location_app:dir r_dir_perms; #allow logd location_app:file r_file_perms; +allow logd log_device:chr_file { open write };
\ No newline at end of file diff --git a/selinux/qmuxd.te b/selinux/qmuxd.te index 9ce6f57..2f3bd59 100644 --- a/selinux/qmuxd.te +++ b/selinux/qmuxd.te @@ -49,3 +49,4 @@ allow qmuxd mhi_device:chr_file rw_file_perms; allow qmuxd qmuxd:process { execmem }; allow qmuxd radio_device:chr_file { read write open }; +allow qmuxd log_device:chr_file { open write };
\ No newline at end of file diff --git a/selinux/radio.te b/selinux/radio.te index e697ef9..dfc04dd 100644 --- a/selinux/radio.te +++ b/selinux/radio.te @@ -2,4 +2,4 @@ qmux_socket(radio) ; allow radio secril-daemon:unix_stream_socket { connectto }; -allow radio log_device:chr_file { write }; +allow radio log_device:chr_file { write open }; diff --git a/selinux/tzdatacheck.te b/selinux/tzdatacheck.te new file mode 100644 index 0000000..adba900 --- /dev/null +++ b/selinux/tzdatacheck.te @@ -0,0 +1 @@ +allow tzdatacheck log_device:chr_file { write open };
\ No newline at end of file |