From 7cfabc06fd5b18931b51a92d8ee1a586c81328fc Mon Sep 17 00:00:00 2001
From: sbrissen <sbrissen@hotmail.com>
Date: Fri, 5 Dec 2014 14:23:09 -0500
Subject: t0lte: initial L bring up

-selinux policies still need work
-switch fstab to by-name

Change-Id: I397931d0aa2ea7887774007acf40c9f03e66fb14
---
 selinux/kickstart.te | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

(limited to 'selinux/kickstart.te')

diff --git a/selinux/kickstart.te b/selinux/kickstart.te
index 14e1ad5..d663145 100755
--- a/selinux/kickstart.te
+++ b/selinux/kickstart.te
@@ -13,7 +13,7 @@ allow kickstart kickstart_exec:file { open execute_no_trans getattr };
 
 # Run dd on m9kefs[123] block devices; write to /data/qcks/
 # Run cat on firmware and m9kefs[123] data; write to /data/qcks/
-allow kickstart efs_block_device:blk_file rw_file_perms;
+allow kickstart mmc_block_device:blk_file { getattr read write open };
 allow kickstart kickstart_data_file:file create_file_perms;
 allow kickstart kickstart_data_file:dir rw_dir_perms;
 allow kickstart radio_efs_file:file r_file_perms;
@@ -41,4 +41,12 @@ allow kickstart shell_exec:file entrypoint;
 allow kickstart self:capability { dac_override setuid };
 
 # XXX Label sysfs files with a specific type?
-allow kickstart sysfs:file rw_file_perms;
\ No newline at end of file
+allow kickstart sysfs:file rw_file_perms;
+
+allow kickstart unlabeled:file { setattr getattr read write open };
+allow kickstart vfat:file { getattr read open };
+allow kickstart kickstart:process { execmem };
+#allow kickstart usbfs:filesystem { mount };
+allow kickstart usbfs:dir { search };
+#allow kickstart system_file:file { entrypoint };
+allow kickstart vfat:dir { search };
-- 
cgit v1.2.3