diff options
author | Nikhilesh Reddy <reddyn@codeaurora.org> | 2016-09-19 15:18:27 -0700 |
---|---|---|
committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2016-09-19 15:32:27 -0700 |
commit | 0f2093fa6c7b750477f7aa10266cc11e26a2dc37 (patch) | |
tree | ffbb4c559e0bd4dfb1a22271a7d85c9b90b38409 /common/rfs_access.te | |
parent | 091a8c099755e2c18dbae30c3431041eb04304f3 (diff) | |
download | android_device_qcom_sepolicy-0f2093fa6c7b750477f7aa10266cc11e26a2dc37.tar.gz android_device_qcom_sepolicy-0f2093fa6c7b750477f7aa10266cc11e26a2dc37.tar.bz2 android_device_qcom_sepolicy-0f2093fa6c7b750477f7aa10266cc11e26a2dc37.zip |
sepolicy: Update rmt_storage and rfs_access
Update the rmt_storage and rfs_access policy to add:
1) Write perms to the kmsg device
2) Capability net_bind_service
CRs-Fixed: 1068549
Change-Id: I3d107cf871645383d0f7de548f0d55515dd7240e
Diffstat (limited to 'common/rfs_access.te')
-rw-r--r-- | common/rfs_access.te | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/common/rfs_access.te b/common/rfs_access.te index 69c14e65..318fffc1 100644 --- a/common/rfs_access.te +++ b/common/rfs_access.te @@ -53,6 +53,7 @@ allow rfs_access self:capability { setuid setgid setpcap + net_bind_service net_raw }; @@ -62,6 +63,9 @@ allow rfs_access self:capability { allow rfs_access self:capability { dac_read_search chown dac_override }; +#For access to the kmsg device +allow rfs_access kmsg_device:chr_file w_file_perms; + #Prevent other domains from accessing RFS data files. neverallow { domain -rfs_access -kernel -recovery -init userdebug_or_eng(`-su') -qti_init_shell } rfs_file:dir create_dir_perms; neverallow { domain -rfs_access -kernel -recovery -init userdebug_or_eng(`-su') -qti_init_shell } rfs_file:file create_file_perms; |