diff options
author | Avijit Kanti Das <avijitnsec@codeaurora.org> | 2014-10-16 20:17:03 -0700 |
---|---|---|
committer | Avijit Kanti Das <avijitnsec@codeaurora.org> | 2014-10-20 11:36:45 -0700 |
commit | fe61c2d43b33cb3340a72653e14718796438688d (patch) | |
tree | 7d1fae06e5d14887ac49249a13917e7308fd95a9 | |
parent | 5280ce9b9bf52e4c1a9a34780fdf58b714817107 (diff) | |
download | android_device_qcom_sepolicy-fe61c2d43b33cb3340a72653e14718796438688d.tar.gz android_device_qcom_sepolicy-fe61c2d43b33cb3340a72653e14718796438688d.tar.bz2 android_device_qcom_sepolicy-fe61c2d43b33cb3340a72653e14718796438688d.zip |
Seandroid: Add policy to enable voice and data call
Adding policy to enable voice add data call
Change-Id: Iae2b204b041689814d49cf0f5d34701ff86ca7ea
-rw-r--r-- | Android.mk | 3 | ||||
-rw-r--r-- | common/mediaserver.te | 3 | ||||
-rw-r--r-- | common/netmgrd.te | 7 | ||||
-rw-r--r-- | common/qmuxd.te | 4 | ||||
-rw-r--r-- | common/radio.te | 1 | ||||
-rw-r--r-- | common/rild.te | 6 | ||||
-rw-r--r-- | common/servicemanager.te | 3 |
7 files changed, 23 insertions, 4 deletions
@@ -65,7 +65,8 @@ BOARD_SEPOLICY_UNION := \ zygote.te \ mdm_helper.te \ peripheral_manager.te \ - qcomsysd.te + qcomsysd.te \ + servicemanager.te # Compile sensor pilicy only for SSC targets SSC_TARGET_LIST := apq8084 diff --git a/common/mediaserver.te b/common/mediaserver.te index 731ea42d..ef3dcd52 100644 --- a/common/mediaserver.te +++ b/common/mediaserver.te @@ -12,3 +12,6 @@ binder_call(mediaserver, rild) qmux_socket(mediaserver) allow mediaserver camera_data_file:sock_file write; + +allow mediaserver sysfs_esoc:dir r_dir_perms; +allow mediaserver sysfs_esoc:lnk_file read; diff --git a/common/netmgrd.te b/common/netmgrd.te index ff6cd9f8..2181235a 100644 --- a/common/netmgrd.te +++ b/common/netmgrd.te @@ -28,7 +28,7 @@ allow netmgrd netmgrd:netlink_socket { write read create bind }; allow netmgrd netmgrd:socket { create ioctl }; allow netmgrd netmgrd:netlink_route_socket { setopt getattr write nlmsg_write }; allow netmgrd init:unix_stream_socket { connectto }; -allow netmgrd property_socket:sock_file { write }; +allow netmgrd property_socket:sock_file write; qmux_socket(netmgrd); @@ -43,12 +43,13 @@ allow netmgrd net_radio_prop:property_service { set }; #Allow execution of commands in shell allow netmgrd system_file:file { execute_no_trans }; -allow netmgrd shell_exec:file { execute read open }; allow netmgrd self:socket read; +allow netmgrd sysfs_esoc:dir r_dir_perms; #Allow communication with netd allow netmgrd netd_socket:sock_file write; #Allow nemtgrd to use esoc api's to determine target -allow netmgrd sysfs_esoc:dir { search }; +allow netmgrd shell_exec:file { execute r_file_perms execute_no_trans }; +allow netmgrd sysfs_esoc:lnk_file read; diff --git a/common/qmuxd.te b/common/qmuxd.te index 2c78b2c5..c69a3ac3 100644 --- a/common/qmuxd.te +++ b/common/qmuxd.te @@ -38,3 +38,7 @@ allow qmuxd self:capability { setuid setgid setpcap dac_override }; #Allow qmuxd to have the CAP_BLOCK_SUSPEND capability allow qmuxd qmuxd:capability2 { block_suspend }; + +allow qmuxd sysfs_esoc:dir r_dir_perms; +allow qmuxd sysfs_hsic_modem_wait:file w_file_perms; +allow qmuxd sysfs_esoc:lnk_file read; diff --git a/common/radio.te b/common/radio.te index f8e3ace2..b7f248ca 100644 --- a/common/radio.te +++ b/common/radio.te @@ -4,3 +4,4 @@ allow radio ims_socket:sock_file write; #Need permission to execute com.qualcomm.qti.telephony/app_dex/xx allow radio radio_data_file:file execute; +allow radio shell_data_file:dir search; diff --git a/common/rild.te b/common/rild.te index 24153b2c..73631c0d 100644 --- a/common/rild.te +++ b/common/rild.te @@ -15,3 +15,9 @@ allow rild mediaserver:binder { transfer call }; #allow rild diag_device:chr_file { open read write }; allow rild rild_socket:chr_file { open read write }; + +allow rild sysfs_ssr:dir r_dir_perms; +allow rild sysfs_ssr:lnk_file read; +allow rild system_data_file:dir w_dir_perms; +allow rild system_data_file:file create_file_perms; +allow rild time_daemon:unix_stream_socket connectto; diff --git a/common/servicemanager.te b/common/servicemanager.te new file mode 100644 index 00000000..2949b4d1 --- /dev/null +++ b/common/servicemanager.te @@ -0,0 +1,3 @@ +allow servicemanager rild:dir search; +allow servicemanager rild:file r_file_perms; +allow servicemanager rild:process getattr; |