diff options
| author | Terry Heo <terryheo@google.com> | 2015-04-08 15:48:41 +0900 |
|---|---|---|
| committer | Terry Heo <terryheo@google.com> | 2015-05-07 18:37:18 +0900 |
| commit | adbaec3573a961c3d1b062818b8e351f5017f4f1 (patch) | |
| tree | 8cdcc78a24f176510fbfa69c39940f175c87724a | |
| parent | 8d3dcedaa2d1d1c3613cbe388399b3e5a8a08b83 (diff) | |
| download | android_device_google_atv-adbaec3573a961c3d1b062818b8e351f5017f4f1.tar.gz android_device_google_atv-adbaec3573a961c3d1b062818b8e351f5017f4f1.tar.bz2 android_device_google_atv-adbaec3573a961c3d1b062818b8e351f5017f4f1.zip | |
Add selinux policy to enable access to DVB API on Android TV
Bug: 20112245
Change-Id: I57a58905b0de714d4e9153e61a3bf29ac51624c8
| -rw-r--r-- | products/atv_base.mk | 3 | ||||
| -rw-r--r-- | sepolicy/device.te | 2 | ||||
| -rw-r--r-- | sepolicy/file_contexts | 2 | ||||
| -rw-r--r-- | sepolicy/system_service.te | 1 | ||||
| -rw-r--r-- | sepolicy/untrusted_app.te | 1 |
5 files changed, 9 insertions, 0 deletions
diff --git a/products/atv_base.mk b/products/atv_base.mk index 73d946b..d1db059 100644 --- a/products/atv_base.mk +++ b/products/atv_base.mk @@ -111,6 +111,9 @@ ifneq ($(USE_OEM_TV_APP),true) device/google/atv/permissions/com.google.android.tv.installed.xml:system/etc/permissions/com.google.android.tv.installed.xml endif +# To enable access to /dev/dvb* +BOARD_SEPOLICY_DIRS += device/google/atv/sepolicy + $(call inherit-product-if-exists, frameworks/base/data/sounds/AllAudio.mk) $(call inherit-product-if-exists, external/svox/pico/lang/all_pico_languages.mk) $(call inherit-product-if-exists, frameworks/base/data/fonts/fonts.mk) diff --git a/sepolicy/device.te b/sepolicy/device.te new file mode 100644 index 0000000..adae882 --- /dev/null +++ b/sepolicy/device.te @@ -0,0 +1,2 @@ +# DVB API device node +type dvb_device, dev_type, mlstrustedobject; diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts new file mode 100644 index 0000000..dbb329b --- /dev/null +++ b/sepolicy/file_contexts @@ -0,0 +1,2 @@ +# DVB API device nodes +/dev/dvb.* u:object_r:dvb_device:s0 diff --git a/sepolicy/system_service.te b/sepolicy/system_service.te new file mode 100644 index 0000000..d0bef2f --- /dev/null +++ b/sepolicy/system_service.te @@ -0,0 +1 @@ +allow system_server dvb_device:chr_file rw_file_perms; diff --git a/sepolicy/untrusted_app.te b/sepolicy/untrusted_app.te new file mode 100644 index 0000000..8f23f4e --- /dev/null +++ b/sepolicy/untrusted_app.te @@ -0,0 +1 @@ +allow untrusted_app dvb_device:chr_file rw_file_perms; |