diff options
| author | Biswajit Paul <biswajitpaul@codeaurora.org> | 2014-10-14 20:34:55 -0700 |
|---|---|---|
| committer | Biswajit Paul <biswajitpaul@codeaurora.org> | 2014-10-14 20:34:55 -0700 |
| commit | 977e506ce621ad1eb7562c6f543509e263f19473 (patch) | |
| tree | 4fb96fd526cf66674c1f4e4c94d5645da069eb79 | |
| parent | ebc87ea1c312211908dea4720d37ef3bbc472f37 (diff) | |
| download | android_device_qcom_sepolicy-977e506ce621ad1eb7562c6f543509e263f19473.tar.gz android_device_qcom_sepolicy-977e506ce621ad1eb7562c6f543509e263f19473.tar.bz2 android_device_qcom_sepolicy-977e506ce621ad1eb7562c6f543509e263f19473.zip | |
SEAndroid: Address bootup denials for display
Address bootup denials for display, thermal and time_daemon
Change-Id: Ie0bf8649a825339719408abc27c59cd856a43aa0
| -rwxr-xr-x | common/file_contexts | 9 | ||||
| -rw-r--r-- | common/surfaceflinger.te | 2 | ||||
| -rw-r--r-- | common/thermal-engine.te | 2 | ||||
| -rw-r--r-- | common/time_daemon.te | 2 |
4 files changed, 9 insertions, 6 deletions
diff --git a/common/file_contexts b/common/file_contexts index 1b5ecd26..560cddde 100755 --- a/common/file_contexts +++ b/common/file_contexts @@ -89,9 +89,9 @@ /sys/devices/platform/battery_current_limit u:object_r:sysfs_thermal:s0 /sys/devices/qpnp-charger.*/power_supply/battery(/.*)? u:object_r:sysfs_battery_supply:s0 /sys/devices/system/cpu/cpu0/rq-stats/* u:object_r:sysfs_rqstats:s0 -/sys/devices/virtual/graphics/fb0/idle_time u:object_r:sysfs_graphics:s0 -/sys/devices/virtual/graphics/fb1/product_description u:object_r:sysfs_graphics:s0 -/sys/devices/virtual/graphics/fb1/vendor_name u:object_r:sysfs_graphics:s0 +/sys/devices/virtual/graphics/fb([0-2])+/idle_time u:object_r:sysfs_graphics:s0 +/sys/devices/virtual/graphics/fb([0-2])+/product_description u:object_r:sysfs_graphics:s0 +/sys/devices/virtual/graphics/fb([0-2])+/vendor_name u:object_r:sysfs_graphics:s0 /sys/devices/virtual/hsicctl/hsicctl1[0-9]/modem_wait u:object_r:sysfs_hsic_modem_wait:s0 /sys/devices/virtual/hsicctl/hsicctl[0-9]/modem_wait u:object_r:sysfs_hsic_modem_wait:s0 /sys/devices/virtual/smdpkt/smdcntl1[0-9]/open_timeout u:object_r:sysfs_smd_open_timeout:s0 @@ -101,6 +101,9 @@ /sys/module/msm_thermal(/.*)? u:object_r:sysfs_thermal:s0 /sys/module/msm_thermal/core_control/cpus_offlined u:object_r:sysfs_mpdecision:s0 /sys/devices/f9a55000.*/power_supply/usb(/.*)? u:object_r:sysfs_usb_supply:s0 +/sys/devices/virtual/graphics/fb([0-2])+/hpd u:object_r:sysfs_graphics:s0 +/sys/class/graphics/fb([0-2])+/mdp/caps u:object_r:sysfs_graphics:s0 +/sys/class/graphics/fb([0-2])+/ad u:object_r:sysfs_graphics:s0 ################################### # data files diff --git a/common/surfaceflinger.te b/common/surfaceflinger.te index 9193f38f..a8c764fd 100644 --- a/common/surfaceflinger.te +++ b/common/surfaceflinger.te @@ -1,2 +1,2 @@ -allow surfaceflinger sysfs_graphics:chr_file rw_file_perms; +allow surfaceflinger sysfs_graphics:file rw_file_perms; allow surfaceflinger shell_data_file:dir search; diff --git a/common/thermal-engine.te b/common/thermal-engine.te index 8e0e7a81..8de513f8 100644 --- a/common/thermal-engine.te +++ b/common/thermal-engine.te @@ -21,4 +21,4 @@ allow thermal-engine sysfs_thermal:file { read write getattr open }; allow thermal-engine sysfs_thermal:lnk_file read; #This is required for qmi access qmux_socket(thermal-engine); -allow thermal-engine sysfs_mpdecision:file { read open }; +allow thermal-engine sysfs_mpdecision:file rw_file_perms; diff --git a/common/time_daemon.te b/common/time_daemon.te index b2be79fe..8eb0022f 100644 --- a/common/time_daemon.te +++ b/common/time_daemon.te @@ -5,7 +5,7 @@ type time_data_file, file_type, data_file_type; # Make transition to its own time_daemon domain from init init_daemon_domain(time_daemon) -allow time_daemon smem_log_device:chr_file { read write }; +allow time_daemon smem_log_device:chr_file rw_file_perms; # Add rules for access permissions #============= IOCTL operations ============== |