diff options
author | Nikhilesh Reddy <reddyn@codeaurora.org> | 2015-01-23 12:27:54 -0800 |
---|---|---|
committer | Nikhilesh Reddy <reddyn@codeaurora.org> | 2015-01-23 12:45:50 -0800 |
commit | 6902741f23b86e0adc0843f24efb6ab2c8ea991b (patch) | |
tree | 1ee289703893faa7e160f55efdd8c365ddeff8c5 | |
parent | bfbd13c9061bc9888bd51f08eccc2c4eef899b0f (diff) | |
download | android_device_qcom_sepolicy-6902741f23b86e0adc0843f24efb6ab2c8ea991b.tar.gz android_device_qcom_sepolicy-6902741f23b86e0adc0843f24efb6ab2c8ea991b.tar.bz2 android_device_qcom_sepolicy-6902741f23b86e0adc0843f24efb6ab2c8ea991b.zip |
sepolicy: Update RMTS and RFS to use macros and add new perms.
Update the rmts and rfs sepolicies to use macros for wakelocks
and add new perms to rmts to allow writes to ctl properties.
Change-Id: I826107c83675a27358c088e72f3f8e8834989d5b
-rw-r--r-- | common/rfs_access.te | 3 | ||||
-rw-r--r-- | common/rmt_storage.te | 9 |
2 files changed, 8 insertions, 4 deletions
diff --git a/common/rfs_access.te b/common/rfs_access.te index 27d426ea..b7ab3cca 100644 --- a/common/rfs_access.te +++ b/common/rfs_access.te @@ -15,8 +15,7 @@ allow rfs_access self:socket create_socket_perms; allow rfs_access smem_log_device:chr_file rw_file_perms; #For Wakelocks -allow rfs_access self:capability2 block_suspend; -allow rfs_access sysfs_wake_lock:file w_file_perms; +wakelock_use(rfs_access) #To create the folders in /data allow rfs_access system_data_file:dir create_dir_perms; diff --git a/common/rmt_storage.te b/common/rmt_storage.te index 19aea1d0..018f1931 100644 --- a/common/rmt_storage.te +++ b/common/rmt_storage.te @@ -11,8 +11,13 @@ allow rmt_storage smem_log_device:chr_file rw_file_perms; # sys_admin is needed for ioprio_set allow rmt_storage self:capability { setuid setgid sys_admin dac_override net_raw setpcap }; -allow rmt_storage self:capability2 block_suspend; +#For set the ctl properties +unix_socket_connect(rmt_storage, property, init) +allow rmt_storage ctl_default_prop:property_service set; + +#For Wakelocks +wakelock_use(rmt_storage) + allow rmt_storage self:socket create_socket_perms; -allow rmt_storage sysfs_wake_lock:file w_file_perms; allow rmt_storage uio_device:chr_file rw_file_perms; allow rmt_storage mmc_block_device:blk_file r_file_perms;
\ No newline at end of file |