diff options
| author | Biswajit Paul <biswajitpaul@codeaurora.org> | 2014-10-23 16:27:42 -0700 |
|---|---|---|
| committer | Ravi Kumar Siddojigari <rsiddoji@codeaurora.org> | 2014-10-25 22:46:58 +0530 |
| commit | d8ab626d6443c4ad8b0d5eaad8f5f324da17e8c6 (patch) | |
| tree | 8279050fb8aa0cb46228cd5d8eed168395f457e1 | |
| parent | 87c1f926c6e091c92ce3873a3536831817efd233 (diff) | |
| download | android_device_qcom_sepolicy-d8ab626d6443c4ad8b0d5eaad8f5f324da17e8c6.tar.gz android_device_qcom_sepolicy-d8ab626d6443c4ad8b0d5eaad8f5f324da17e8c6.tar.bz2 android_device_qcom_sepolicy-d8ab626d6443c4ad8b0d5eaad8f5f324da17e8c6.zip | |
sepolicy: policy for bootup denials on 64 bit targets
Add policy for bootup issues and other domains
Change-Id: I48dc57dcdc0c631e682072f93e2f8fd2751c7a43
| -rw-r--r-- | common/domain.te | 1 | ||||
| -rwxr-xr-x | common/mm-pp-daemon.te | 1 | ||||
| -rw-r--r-- | common/msm_irqbalanced.te | 1 | ||||
| -rw-r--r-- | common/netmgrd.te | 2 | ||||
| -rw-r--r-- | common/rmt_storage.te | 2 | ||||
| -rw-r--r-- | common/system_server.te | 3 | ||||
| -rw-r--r-- | common/wpa.te | 4 |
7 files changed, 12 insertions, 2 deletions
diff --git a/common/domain.te b/common/domain.te index e5fc562a..acadbb9f 100644 --- a/common/domain.te +++ b/common/domain.te @@ -4,3 +4,4 @@ userdebug_or_eng(` r_dir_file(domain, sysfs_socinfo); r_dir_file(domain, sysfs_esoc); +r_dir_file(domain, sysfs_ssr); diff --git a/common/mm-pp-daemon.te b/common/mm-pp-daemon.te index b515c477..6c40e452 100755 --- a/common/mm-pp-daemon.te +++ b/common/mm-pp-daemon.te @@ -39,4 +39,5 @@ userdebug_or_eng(` # Allow mm-pp-daemon to change the brightness of the target during display # calibration allow mm-pp-daemon sysfs:file rw_file_perms; + unix_socket_connect(mm-pp-daemon, property, init) ') diff --git a/common/msm_irqbalanced.te b/common/msm_irqbalanced.te index 6041b19d..dc8429cb 100644 --- a/common/msm_irqbalanced.te +++ b/common/msm_irqbalanced.te @@ -5,3 +5,4 @@ allow msm_irqbalanced cgroup:dir { create add_name }; allow msm_irqbalanced proc:file write; allow msm_irqbalanced sysfs_devices_system_cpu:file write; allow msm_irqbalanced self:capability { setuid setgid dac_override }; +r_dir_file(msm_irqbalanced, sysfs_rqstats); diff --git a/common/netmgrd.te b/common/netmgrd.te index 95226c94..2d6bd052 100644 --- a/common/netmgrd.te +++ b/common/netmgrd.te @@ -44,7 +44,7 @@ allow netmgrd net_radio_prop:property_service { set }; #Allow execution of commands in shell allow netmgrd system_file:file { execute_no_trans }; -allow netmgrd self:socket read; +allow netmgrd self:socket create_socket_perms; allow netmgrd sysfs_esoc:dir r_dir_perms; #Allow communication with netd diff --git a/common/rmt_storage.te b/common/rmt_storage.te index ad704636..04a96ef1 100644 --- a/common/rmt_storage.te +++ b/common/rmt_storage.te @@ -12,5 +12,5 @@ allow rmt_storage self:capability2 block_suspend; allow rmt_storage self:socket { create_socket_perms }; allow rmt_storage sysfs_wake_lock:file { open write append }; allow rmt_storage uio_device:chr_file { read write open }; -allow rmt_storage mmc_block_device:blk_file read; +allow rmt_storage mmc_block_device:blk_file r_file_perms; allow rmt_storage self:capability { net_raw setpcap }; diff --git a/common/system_server.te b/common/system_server.te index a6f00df1..49897307 100644 --- a/common/system_server.te +++ b/common/system_server.te @@ -35,3 +35,6 @@ allow system_server location_data_file:dir rw_dir_perms; allow system_server location_data_file:fifo_file create_file_perms; allow system_server location_socket:sock_file rw_file_perms; allow system_server location_app_data_file:dir r_dir_perms; + +#For wifistatemachine +allow system_server kernel:key search; diff --git a/common/wpa.te b/common/wpa.te index 1917ef7b..3ae28b16 100644 --- a/common/wpa.te +++ b/common/wpa.te @@ -1,2 +1,6 @@ allow wpa persist_file:dir search; qmux_socket(wpa); + +allow wpa self:socket create_socket_perms; +allow wpa smem_log_device:chr_file rw_file_perms; +allow wpa proc_net:file write; |