diff options
author | Abhimanyu Garg <agarg@codeaurora.org> | 2015-07-06 21:54:53 -0700 |
---|---|---|
committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2015-08-21 19:36:48 -0700 |
commit | 48540b0a9ae98b0d735b37ed48dc0068f068e61c (patch) | |
tree | dd8d2c634b87fffc549a8c302ed558c6e45b5709 /common/iop.te | |
parent | 8d1b2cf6424b891eb00e3599473095699ecf234f (diff) | |
download | android_device_qcom_sepolicy-48540b0a9ae98b0d735b37ed48dc0068f068e61c.tar.gz android_device_qcom_sepolicy-48540b0a9ae98b0d735b37ed48dc0068f068e61c.tar.bz2 android_device_qcom_sepolicy-48540b0a9ae98b0d735b37ed48dc0068f068e61c.zip |
sepolicy: add policies for IOP
Add policies for IOP required for IO prefetcher.
Add data policy to allow it to use iop.
Added system_server to allow to use iop.
Change-Id: Ifdb4bfe292819c5240a102ee04672b311a155ac8
Diffstat (limited to 'common/iop.te')
-rw-r--r-- | common/iop.te | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/common/iop.te b/common/iop.te new file mode 100644 index 00000000..f4c12ebc --- /dev/null +++ b/common/iop.te @@ -0,0 +1,45 @@ +# Copyright (c) 2015, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +############################################################################## + +allow dumpstate self:capability { chown dac_override } ; +allow dumpstate self:socket create_socket_perms; +r_dir_file( dumpstate, system_app_data_file ); +allow dumpstate app_data_file:dir r_dir_perms; +allow dumpstate app_data_file:file r_file_perms ; +r_dir_file( dumpstate, appdomain ); +r_dir_file( dumpstate, apk_data_file ); +r_dir_file( dumpstate, system_server ); + +#Create a socket for receiving info from IOP +type_transition dumpstate iop_data_file:sock_file iop_socket "iop"; +allow dumpstate iop_socket:sock_file { create_file_perms unlink }; + +#default_values file +allow dumpstate iop_data_file:dir rw_dir_perms; +allow dumpstate iop_data_file:file create_file_perms; +dontaudit dumpstate self:capability fsetid; |