From adbaec3573a961c3d1b062818b8e351f5017f4f1 Mon Sep 17 00:00:00 2001
From: Terry Heo <terryheo@google.com>
Date: Wed, 8 Apr 2015 15:48:41 +0900
Subject: Add selinux policy to enable access to DVB API on Android TV

Bug: 20112245
Change-Id: I57a58905b0de714d4e9153e61a3bf29ac51624c8
---
 sepolicy/device.te         | 2 ++
 sepolicy/file_contexts     | 2 ++
 sepolicy/system_service.te | 1 +
 sepolicy/untrusted_app.te  | 1 +
 4 files changed, 6 insertions(+)
 create mode 100644 sepolicy/device.te
 create mode 100644 sepolicy/file_contexts
 create mode 100644 sepolicy/system_service.te
 create mode 100644 sepolicy/untrusted_app.te

(limited to 'sepolicy')

diff --git a/sepolicy/device.te b/sepolicy/device.te
new file mode 100644
index 0000000..adae882
--- /dev/null
+++ b/sepolicy/device.te
@@ -0,0 +1,2 @@
+# DVB API device node
+type dvb_device, dev_type, mlstrustedobject;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
new file mode 100644
index 0000000..dbb329b
--- /dev/null
+++ b/sepolicy/file_contexts
@@ -0,0 +1,2 @@
+# DVB API device nodes
+/dev/dvb.*                  u:object_r:dvb_device:s0
diff --git a/sepolicy/system_service.te b/sepolicy/system_service.te
new file mode 100644
index 0000000..d0bef2f
--- /dev/null
+++ b/sepolicy/system_service.te
@@ -0,0 +1 @@
+allow system_server dvb_device:chr_file rw_file_perms;
diff --git a/sepolicy/untrusted_app.te b/sepolicy/untrusted_app.te
new file mode 100644
index 0000000..8f23f4e
--- /dev/null
+++ b/sepolicy/untrusted_app.te
@@ -0,0 +1 @@
+allow untrusted_app dvb_device:chr_file rw_file_perms;
-- 
cgit v1.2.3