diff options
| author | Prasanth Kamuju <kamuju@codeaurora.org> | 2016-02-06 15:27:33 +0530 |
|---|---|---|
| committer | Ricardo Cerqueira <ricardo@cyngn.com> | 2016-05-29 16:47:27 +0100 |
| commit | 090aa3b208553ca8d228cf94c4414f3b91772698 (patch) | |
| tree | faa3d47cdca83dacc8b38e5d870b053482ed4141 | |
| parent | fed995e1792e87da2bc8490144affcd8ab3a7048 (diff) | |
| download | android_device_qcom_sepolicy-090aa3b208553ca8d228cf94c4414f3b91772698.tar.gz android_device_qcom_sepolicy-090aa3b208553ca8d228cf94c4414f3b91772698.tar.bz2 android_device_qcom_sepolicy-090aa3b208553ca8d228cf94c4414f3b91772698.zip | |
sepolicy: add selinux polices for gamed
gamed need permissions to communicate with other daemons/process
through sockets
CRs-Fixed:987464
Change-Id: Iba51e0a06f01340a9b82fc6214b1bcfb9b81d29d
| -rw-r--r-- | common/file.te | 3 | ||||
| -rw-r--r-- | common/file_contexts | 2 | ||||
| -rwxr-xr-x | common/gamed.te | 35 | ||||
| -rw-r--r-- | common/init_shell.te | 1 | ||||
| -rw-r--r-- | common/property.te | 1 | ||||
| -rw-r--r-- | common/property_contexts | 1 | ||||
| -rw-r--r-- | common/system_server.te | 3 |
7 files changed, 46 insertions, 0 deletions
diff --git a/common/file.te b/common/file.te index 8474d598..ab4758e5 100644 --- a/common/file.te +++ b/common/file.te @@ -79,6 +79,9 @@ type sysfs_cpu_online, fs_type, sysfs_type; type mpctl_socket, file_type, mlstrustedobject; type mpctl_data_file, file_type, data_file_type; +#define the files writer during the operation of app state changes +type gamed_socket, file_type; + #define the files writter during the operatio of iop type iop_socket, file_type; type iop_data_file, file_type, data_file_type; diff --git a/common/file_contexts b/common/file_contexts index f6b69d05..95c66d2b 100644 --- a/common/file_contexts +++ b/common/file_contexts @@ -97,6 +97,7 @@ /dev/socket/ims_rtpd u:object_r:ims_socket:s0 /dev/socket/perfd(/.*)? u:object_r:mpctl_socket:s0 /dev/socket/perfd u:object_r:mpctl_socket:s0 +/dev/socket/gamed u:object_r:gamed_socket:s0 /dev/socket/qlogd u:object_r:qlogd_socket:s0 /dev/socket/ipacm_log_file u:object_r:ipacm_socket:s0 /dev/socket/dpmd u:object_r:dpmd_socket:s0 @@ -138,6 +139,7 @@ /system/bin/mpdecision u:object_r:mpdecision_exec:s0 /system/vendor/bin/perfd u:object_r:perfd_exec:s0 /data/misc/perfd(/.*)? u:object_r:mpctl_socket:s0 +/system/vendor/bin/gamed u:object_r:gamed_exec:s0 /system/bin/iop u:object_r:dumpstate_exec:s0 /system/bin/msm_irqbalance u:object_r:msm_irqbalanced_exec:s0 /system/bin/imsdatadaemon u:object_r:ims_exec:s0 diff --git a/common/gamed.te b/common/gamed.te new file mode 100755 index 00000000..2d2cac63 --- /dev/null +++ b/common/gamed.te @@ -0,0 +1,35 @@ +# Copyright (c) 2016, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# GAMED + +type gamed, domain; +type gamed_exec, exec_type, file_type; + +init_daemon_domain(gamed) + +unix_socket_connect(gamed, mpctl, perfd) diff --git a/common/init_shell.te b/common/init_shell.te index ab2aa9fb..adafb523 100644 --- a/common/init_shell.te +++ b/common/init_shell.te @@ -59,6 +59,7 @@ allow qti_init_shell { system_prop freq_prop perfd_prop + gamed_prop mpdecision_prop bluetooth_prop config_prop diff --git a/common/property.te b/common/property.te index c1a5967c..f11f7017 100644 --- a/common/property.te +++ b/common/property.te @@ -21,6 +21,7 @@ type sf_lcd_density_prop, property_type; type opengles_prop, property_type; type mdm_helper_prop, property_type; type mpdecision_prop, property_type; +type gamed_prop, property_type; #Needed for ubwc support type debug_gralloc_prop, property_type; diff --git a/common/property_contexts b/common/property_contexts index 537e100e..5ebf328a 100644 --- a/common/property_contexts +++ b/common/property_contexts @@ -13,6 +13,7 @@ ctl.port-bridge u:object_r:ctl_port-bridge_prop:s0 min_freq_0 u:object_r:freq_prop:s0 min_freq_4 u:object_r:freq_prop:s0 ctl.perfd u:object_r:perfd_prop:s0 +ctl.gamed u:object_r:gamed_prop:s0 ctl.iop u:object_r:perfd_prop:s0 ctl.vm_bms u:object_r:vm_bms_prop:s0 qualcomm.bluetooth. u:object_r:bluetooth_prop:s0 diff --git a/common/system_server.te b/common/system_server.te index 4aca89f3..569e1aba 100644 --- a/common/system_server.te +++ b/common/system_server.te @@ -19,6 +19,9 @@ allow system_server mpctl_socket:dir r_dir_perms; unix_socket_send(system_server, mpctl, mpdecision) unix_socket_connect(system_server, mpctl, mpdecision) +#access to gamed +unix_socket_connect(system_server, gamed, gamed) + allow system_server { # For wifistatemachine wbc_service |