diff options
author | Linux Build Service Account <lnxbuild@localhost> | 2016-09-21 00:09:00 -0700 |
---|---|---|
committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2016-09-21 00:09:00 -0700 |
commit | 4bc7a4b8582cbd9bae40778312ef94dce08b935c (patch) | |
tree | 4e35d22f0c355f20809cbd29ca047e356c34a130 | |
parent | 206423948120a37123fbf7096482cb963181690d (diff) | |
parent | 0f2093fa6c7b750477f7aa10266cc11e26a2dc37 (diff) | |
download | android_device_qcom_sepolicy-4bc7a4b8582cbd9bae40778312ef94dce08b935c.tar.gz android_device_qcom_sepolicy-4bc7a4b8582cbd9bae40778312ef94dce08b935c.tar.bz2 android_device_qcom_sepolicy-4bc7a4b8582cbd9bae40778312ef94dce08b935c.zip |
Merge "sepolicy: Update rmt_storage and rfs_access"
-rw-r--r-- | common/rfs_access.te | 4 | ||||
-rw-r--r-- | common/rmt_storage.te | 4 |
2 files changed, 8 insertions, 0 deletions
diff --git a/common/rfs_access.te b/common/rfs_access.te index 69c14e65..318fffc1 100644 --- a/common/rfs_access.te +++ b/common/rfs_access.te @@ -53,6 +53,7 @@ allow rfs_access self:capability { setuid setgid setpcap + net_bind_service net_raw }; @@ -62,6 +63,9 @@ allow rfs_access self:capability { allow rfs_access self:capability { dac_read_search chown dac_override }; +#For access to the kmsg device +allow rfs_access kmsg_device:chr_file w_file_perms; + #Prevent other domains from accessing RFS data files. neverallow { domain -rfs_access -kernel -recovery -init userdebug_or_eng(`-su') -qti_init_shell } rfs_file:dir create_dir_perms; neverallow { domain -rfs_access -kernel -recovery -init userdebug_or_eng(`-su') -qti_init_shell } rfs_file:file create_file_perms; diff --git a/common/rmt_storage.te b/common/rmt_storage.te index 6b43ae07..f043becc 100644 --- a/common/rmt_storage.te +++ b/common/rmt_storage.te @@ -18,6 +18,7 @@ allow rmt_storage self:capability { setgid sys_admin dac_override + net_bind_service net_raw setpcap }; @@ -32,6 +33,9 @@ wakelock_use(rmt_storage) allow rmt_storage self:socket create_socket_perms; allow rmt_storage uio_device:chr_file rw_file_perms; +#For access to the kmsg device +allow rmt_storage kmsg_device:chr_file w_file_perms; + #debugfs access userdebug_or_eng(` typeattribute rmt_storage qti_debugfs_domain; |