diff options
| author | Linux Build Service Account <lnxbuild@localhost> | 2014-11-25 16:29:08 -0800 |
|---|---|---|
| committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2014-11-25 16:29:08 -0800 |
| commit | eadf6853ccb5e9e44c39d56276640faab67d9e89 (patch) | |
| tree | bffe10ebf35826caa8bfdf943f79dde20542c8dc | |
| parent | 15e0da79d22e0d989a54c038aa64c8949f9f274b (diff) | |
| parent | a86fd523d62beb6f596218f144f151bf3a4272d4 (diff) | |
| download | android_device_qcom_sepolicy-eadf6853ccb5e9e44c39d56276640faab67d9e89.tar.gz android_device_qcom_sepolicy-eadf6853ccb5e9e44c39d56276640faab67d9e89.tar.bz2 android_device_qcom_sepolicy-eadf6853ccb5e9e44c39d56276640faab67d9e89.zip | |
Merge "Seandroid: Added rules to thermal-engine"
| -rw-r--r-- | common/mediaserver.te | 3 | ||||
| -rw-r--r-- | common/system_server.te | 3 | ||||
| -rw-r--r-- | common/thermal-engine.te | 12 |
3 files changed, 12 insertions, 6 deletions
diff --git a/common/mediaserver.te b/common/mediaserver.te index dbd59da8..273890c1 100644 --- a/common/mediaserver.te +++ b/common/mediaserver.te @@ -30,3 +30,6 @@ unix_socket_connect(mediaserver, mpctl, mpdecision) allow mediaserver mpctl_socket:dir r_dir_perms; unix_socket_send(mediaserver, mpctl, perfd) unix_socket_connect(mediaserver, mpctl, perfd) + +# for thermal sock files +unix_socket_connect(mediaserver, thermal, thermal-engine) diff --git a/common/system_server.te b/common/system_server.te index 9a1c7db5..803ab081 100644 --- a/common/system_server.te +++ b/common/system_server.te @@ -42,3 +42,6 @@ allow system_server digitalpen_service:service_manager add; #For ssr allow system_server ssr_device:chr_file { read open }; + +allow system_server fuse:dir search; +allow system_server persist_file:dir search; diff --git a/common/thermal-engine.te b/common/thermal-engine.te index e42e9b2f..053ca847 100644 --- a/common/thermal-engine.te +++ b/common/thermal-engine.te @@ -7,17 +7,17 @@ init_daemon_domain(thermal-engine) #============= thermal-engine ============== #This is to access thermal query device -allow thermal-engine thermal_device:chr_file { read write ioctl open }; +allow thermal-engine thermal_device:chr_file rw_file_perms; #This is required to access smem log device -allow thermal-engine smem_log_device:chr_file { read write ioctl open }; +allow thermal-engine smem_log_device:chr_file rw_file_perms; allow thermal-engine self:capability { dac_read_search dac_override fsetid }; -allow thermal-engine self:socket { create ioctl read }; +allow thermal-engine self:socket create_socket_perms; #This is required to access thermal sockets -allow thermal-engine thermal_socket:dir { write add_name }; +allow thermal-engine thermal_socket:dir w_dir_perms; allow thermal-engine thermal_socket:sock_file { create setattr open read write }; #This is required for thermal sysfs access -allow thermal-engine sysfs_thermal:dir { read search open }; -allow thermal-engine sysfs_thermal:file { read write getattr open }; +allow thermal-engine sysfs_thermal:dir r_dir_perms; +allow thermal-engine sysfs_thermal:file rw_file_perms; allow thermal-engine sysfs_thermal:lnk_file read; #This is required for qmi access qmux_socket(thermal-engine); |