diff options
| author | Linux Build Service Account <lnxbuild@localhost> | 2016-09-22 11:09:18 -0600 |
|---|---|---|
| committer | Linux Build Service Account <lnxbuild@localhost> | 2016-09-22 11:09:18 -0600 |
| commit | 323c7e2df313ca8788ce0970f89ce4c119e2fd2c (patch) | |
| tree | c468a118b2fff5be9f58e11bea222ba2894e33bb | |
| parent | bd14aa20396870842e312ec60199e30793550f23 (diff) | |
| parent | bb30199925c269ba6981f238e0260646a3ec5971 (diff) | |
| download | android_device_qcom_sepolicy-323c7e2df313ca8788ce0970f89ce4c119e2fd2c.tar.gz android_device_qcom_sepolicy-323c7e2df313ca8788ce0970f89ce4c119e2fd2c.tar.bz2 android_device_qcom_sepolicy-323c7e2df313ca8788ce0970f89ce4c119e2fd2c.zip | |
Promotion of sepolicy.lnx.2.0-00038.
CRs Change ID Subject
--------------------------------------------------------------------------------------------------------------
1050368 I4548c0bec2192e7f182739289b8d8c51ac0dbbf8 common: Add SELinux policy for Android N fastmmi
1068549 I3d107cf871645383d0f7de548f0d55515dd7240e sepolicy: Update rmt_storage and rfs_access
1042922 I999815c1771583ba495a078cf333302bdef6ca5d sepolicy: Add rule to have permissions to cache recovery
1066935 I0bb0f5e8e060090b0bc470a7113b23ce8cc4a964 sepolicy: allow init script to read GPU frequencies sysf
Change-Id: Idd49140d233f63a868944144950bc0a9fc99a9cc
CRs-Fixed: 1068549, 1066935, 1042922, 1050368
| -rw-r--r-- | common/file.te | 3 | ||||
| -rw-r--r-- | common/init_shell.te | 3 | ||||
| -rwxr-xr-x | common/mmi.te | 2 | ||||
| -rwxr-xr-x | common/property_contexts | 2 | ||||
| -rw-r--r-- | common/rfs_access.te | 4 | ||||
| -rw-r--r-- | common/rmt_storage.te | 4 | ||||
| -rwxr-xr-x | common/vold.te | 5 | ||||
| -rw-r--r-- | msm8996/file_contexts | 2 |
8 files changed, 25 insertions, 0 deletions
diff --git a/common/file.te b/common/file.te index 29d6a721..2d31a6d4 100644 --- a/common/file.te +++ b/common/file.te @@ -203,3 +203,6 @@ type wififtmd_socket, file_type; type persist_alarm_file, file_type; type persist_time_file, file_type; + +# kgsl file type for sysfs access +type sysfs_kgsl, sysfs_type, fs_type; diff --git a/common/init_shell.te b/common/init_shell.te index bc88f3b1..ccd806c0 100644 --- a/common/init_shell.te +++ b/common/init_shell.te @@ -188,3 +188,6 @@ allow qti_init_shell persist_alarm_file:file r_file_perms; #Allow /sys access to write zram disksize allow qti_init_shell sysfs_zram:dir r_dir_perms; allow qti_init_shell sysfs_zram:file w_file_perms; + +# To get GPU frequencies +allow qti_init_shell sysfs_kgsl:file r_file_perms; diff --git a/common/mmi.te b/common/mmi.te index 05a00828..56b2be94 100755 --- a/common/mmi.te +++ b/common/mmi.te @@ -45,6 +45,8 @@ allow mmi wpa_exec:file rx_file_perms; allow mmi wcnss_service_exec:file rx_file_perms; allow mmi kernel:key search; allow mmi kernel:system module_request; +allow mmi toolbox_exec:file rx_file_perms; +allow mmi system_file:system module_load; #audio case allow mmi audio_device:dir r_dir_perms; diff --git a/common/property_contexts b/common/property_contexts index ea5bbda5..487bbd61 100755 --- a/common/property_contexts +++ b/common/property_contexts @@ -84,3 +84,5 @@ ro.hwui.texture_cache_size u:object_r:hwui_prop:s0 persist.graphics.vulkan.disable u:object_r:graphics_vulkan_prop:s0 #boot mode property sys.boot_mode u:object_r:boot_mode_prop:s0 +# GPU +ro.gpu.available_frequencies u:object_r:freq_prop:s0 diff --git a/common/rfs_access.te b/common/rfs_access.te index 69c14e65..318fffc1 100644 --- a/common/rfs_access.te +++ b/common/rfs_access.te @@ -53,6 +53,7 @@ allow rfs_access self:capability { setuid setgid setpcap + net_bind_service net_raw }; @@ -62,6 +63,9 @@ allow rfs_access self:capability { allow rfs_access self:capability { dac_read_search chown dac_override }; +#For access to the kmsg device +allow rfs_access kmsg_device:chr_file w_file_perms; + #Prevent other domains from accessing RFS data files. neverallow { domain -rfs_access -kernel -recovery -init userdebug_or_eng(`-su') -qti_init_shell } rfs_file:dir create_dir_perms; neverallow { domain -rfs_access -kernel -recovery -init userdebug_or_eng(`-su') -qti_init_shell } rfs_file:file create_file_perms; diff --git a/common/rmt_storage.te b/common/rmt_storage.te index 6b43ae07..f043becc 100644 --- a/common/rmt_storage.te +++ b/common/rmt_storage.te @@ -18,6 +18,7 @@ allow rmt_storage self:capability { setgid sys_admin dac_override + net_bind_service net_raw setpcap }; @@ -32,6 +33,9 @@ wakelock_use(rmt_storage) allow rmt_storage self:socket create_socket_perms; allow rmt_storage uio_device:chr_file rw_file_perms; +#For access to the kmsg device +allow rmt_storage kmsg_device:chr_file w_file_perms; + #debugfs access userdebug_or_eng(` typeattribute rmt_storage qti_debugfs_domain; diff --git a/common/vold.te b/common/vold.te index 08476cf3..48411ebf 100755 --- a/common/vold.te +++ b/common/vold.te @@ -2,6 +2,11 @@ allow vold tee_device:chr_file rw_file_perms; allow vold self:capability sys_boot; allow vold cache_file:dir w_dir_perms; allow vold { fscklogs cache_file }:file create_file_perms; + +# Read and write /cache/recovery/command +allow vold cache_recovery_file:dir rw_dir_perms; +allow vold cache_recovery_file:file create_file_perms; + allow vold { proc_sysrq proc_dirty_ratio }:file rw_file_perms; wakelock_use(vold) allow vold swap_block_device:blk_file r_file_perms; diff --git a/msm8996/file_contexts b/msm8996/file_contexts index 02618e09..6c3e83bd 100644 --- a/msm8996/file_contexts +++ b/msm8996/file_contexts @@ -96,6 +96,8 @@ # /sys/devices/virtual/graphics/fb([0-2])+/lineptr_value u:object_r:sysfs_graphics:s0 +/sys/devices/soc/b00000.qcom,kgsl-3d0/kgsl/kgsl-3d0/gpu_available_frequencies u:object_r:sysfs_kgsl:s0 + ################################### # data files # |