diff options
| author | Steve Kondik <steve@cyngn.com> | 2014-12-29 21:12:32 -0800 |
|---|---|---|
| committer | Ricardo Cerqueira <ricardo@cyngn.com> | 2014-12-30 15:47:23 +0000 |
| commit | dbda30f1dd8e7b7d0cf238bb35845a4013a6a448 (patch) | |
| tree | 21e506dcaddaaddf5042e5919c55a2d148b43372 | |
| parent | c76fa3504d2596a9a8f82a8145b7e0e521cc927f (diff) | |
| download | android_device_qcom_sepolicy-dbda30f1dd8e7b7d0cf238bb35845a4013a6a448.tar.gz android_device_qcom_sepolicy-dbda30f1dd8e7b7d0cf238bb35845a4013a6a448.tar.bz2 android_device_qcom_sepolicy-dbda30f1dd8e7b7d0cf238bb35845a4013a6a448.zip | |
sepolicy: Fix denials related to extended location services
* Also snuck in GPU thermal control.
Change-Id: I5f0fe6a8c48b9a39e3770cca709a9cb7b3943f85
| -rw-r--r-- | common/location.te | 2 | ||||
| -rw-r--r-- | common/mpdecision.te | 1 | ||||
| -rw-r--r-- | common/seapp_contexts | 1 | ||||
| -rw-r--r-- | common/system_server.te | 2 |
4 files changed, 4 insertions, 2 deletions
diff --git a/common/location.te b/common/location.te index 92115a51..3e33b8fe 100644 --- a/common/location.te +++ b/common/location.te @@ -19,7 +19,7 @@ allow location location_data_file:file create_file_perms; allow location location_data_file:sock_file create_file_perms; allow location location_exec:file execute_no_trans; allow location location_socket:sock_file create_file_perms; -allow location self:capability { setuid setgid }; +allow location self:capability { setuid setgid net_admin }; allow location self:socket create_socket_perms; allow location sensors:unix_stream_socket connectto; allow location sensors_device:chr_file r_file_perms; diff --git a/common/mpdecision.te b/common/mpdecision.te index 6b020d2d..1ec580ea 100644 --- a/common/mpdecision.te +++ b/common/mpdecision.te @@ -38,3 +38,4 @@ allow mpdecision system_server:file { open read }; #cm extra opts allow mpdecision thermal-engine:unix_stream_socket connectto; allow mpdecision thermal_socket:sock_file write; +allow mpdecision sysfs_thermal:file rw_file_perms; diff --git a/common/seapp_contexts b/common/seapp_contexts index a75ef418..c163cfb2 100644 --- a/common/seapp_contexts +++ b/common/seapp_contexts @@ -2,3 +2,4 @@ user=gps domain=location_app type=location_app_data_file user=system seinfo=platform name=com.qualcomm.services.location domain=location_app type=location_app_data_file user=system seinfo=platform name=com.qualcomm.location.XT domain=location_app type=location_app_data_file +user=system seinfo=platform name=com.qualcomm.msapm domain=location_app type=location_app_data_file diff --git a/common/system_server.te b/common/system_server.te index 4f9e89cf..0ddf5b23 100644 --- a/common/system_server.te +++ b/common/system_server.te @@ -33,7 +33,7 @@ allow system_server location_data_file:dir rw_dir_perms; allow system_server location_data_file:fifo_file create_file_perms; allow system_server location_socket:sock_file rw_file_perms; allow system_server location_app_data_file:dir r_dir_perms; -allow system_server location_data_file:sock_file rw_file_perms; +allow system_server location_data_file:sock_file create_file_perms; #For wifistatemachine allow system_server kernel:key search; |