diff options
| author | Zohaib Alam <zalam@codeaurora.org> | 2014-11-13 09:12:02 -0500 |
|---|---|---|
| committer | Ping Li <pingli@codeaurora.org> | 2014-12-15 23:54:31 -0800 |
| commit | bbd41752706c691a039d52ba5b674a914cfb11e3 (patch) | |
| tree | 1483a2b366fed04b9a0b73873c22cb436e6d509a /common/mm-pp-daemon.te | |
| parent | 76af6c79f100cf8fb43f682e3b80f59d83ab7de0 (diff) | |
| download | android_device_qcom_sepolicy-bbd41752706c691a039d52ba5b674a914cfb11e3.tar.gz android_device_qcom_sepolicy-bbd41752706c691a039d52ba5b674a914cfb11e3.tar.bz2 android_device_qcom_sepolicy-bbd41752706c691a039d52ba5b674a914cfb11e3.zip | |
Seandroid: Add policies to enable all QDCM functionalities.
Address all SELinux denial messages related to QDCM tool
functionality and the color service SDK application.
Add policies to allow:
1- /persist/ read & write for display confid
2- /data/misc/display/ read & write
3- Allow access to colorservice for display sdk from android app.
4- Enable pp-daemon functionalities for the non user-debug and
eng builds, since OEMs actively use QDCM tool, and they require
full functionality.
Change-Id: I43545eaf8e63f0e43f40197cd01cddc8c6a5351a
Diffstat (limited to 'common/mm-pp-daemon.te')
| -rwxr-xr-x | common/mm-pp-daemon.te | 30 |
1 files changed, 17 insertions, 13 deletions
diff --git a/common/mm-pp-daemon.te b/common/mm-pp-daemon.te index 5a623349..6c9ad161 100755 --- a/common/mm-pp-daemon.te +++ b/common/mm-pp-daemon.te @@ -8,14 +8,17 @@ init_daemon_domain(mm-pp-daemon) allow mm-pp-daemon graphics_device:chr_file rw_file_perms; allow mm-pp-daemon graphics_device:dir search; -# Allow reading calibration data from persist -allow mm-pp-daemon persist_file:file r_file_perms; -allow mm-pp-daemon persist_file:dir search; +# Allow reading/writing to persist +# The color config file is dynamically created +allow mm-pp-daemon persist_file:dir rw_dir_perms; +allow mm-pp-daemon persist_file:file create_file_perms; + +# Allow reading/writing data config files +allow mm-pp-daemon display_config:dir create_dir_perms; +allow mm-pp-daemon display_config:file create_file_perms; -# Allow pp daemon to save settings to /data -allow mm-pp-daemon display_config:file rw_file_perms; allow mm-pp-daemon system_prop:property_service set; -#Calibration can only be done on userdebug or eng builds + userdebug_or_eng(` # Display calibration service opens /dev/diag in order to communicate with the # target device @@ -32,12 +35,13 @@ userdebug_or_eng(` allow mm-pp-daemon shell_exec:file rx_file_perms; allow mm-pp-daemon system_file:file execute_no_trans; allow mm-pp-daemon zygote_exec:file rx_file_perms; + allow mm-pp-daemon self:process ptrace; +') - # Allow writing to persist - allow mm-pp-daemon persist_file:file rw_file_perms; +# Allow mm-pp-daemon to change the brightness of the target during display +# calibration +allow mm-pp-daemon sysfs:file rw_file_perms; - # Allow mm-pp-daemon to change the brightness of the target during display - # calibration - allow mm-pp-daemon sysfs:file rw_file_perms; - unix_socket_connect(mm-pp-daemon, property, init) -') +# Allow socket calls in pp-daemon +unix_socket_connect(mm-pp-daemon, property, init) +unix_socket_connect(mm-pp-daemon, pps, init) |