diff options
author | Nikhilesh Reddy <reddyn@codeaurora.org> | 2014-12-03 18:44:07 -0800 |
---|---|---|
committer | Nikhilesh Reddy <reddyn@codeaurora.org> | 2014-12-05 15:04:58 -0800 |
commit | 3e49ef18a5ba02f12ff02754b73156ff00f6ff6a (patch) | |
tree | 3a43ca28cd0354cd9e802175c508db319f2afd46 /common/rmt_storage.te | |
parent | 6ecb77aaa07546f1afefad806478d0c7d6f78099 (diff) | |
download | android_device_qcom_sepolicy-3e49ef18a5ba02f12ff02754b73156ff00f6ff6a.tar.gz android_device_qcom_sepolicy-3e49ef18a5ba02f12ff02754b73156ff00f6ff6a.tar.bz2 android_device_qcom_sepolicy-3e49ef18a5ba02f12ff02754b73156ff00f6ff6a.zip |
sepolicy: Update the sepolicy for RFS and RMTS
Update the sepolicy for RFS and RMTS to include all new
permissions required and add the tftp_server to the RFS
domain.
Change-Id: I1dc0c062ef21cf9eca1f365291ec7ff5733c7c8e
Diffstat (limited to 'common/rmt_storage.te')
-rw-r--r-- | common/rmt_storage.te | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/common/rmt_storage.te b/common/rmt_storage.te index 04a96ef1..19aea1d0 100644 --- a/common/rmt_storage.te +++ b/common/rmt_storage.te @@ -3,14 +3,16 @@ type rmt_storage, domain; type rmt_storage_exec, exec_type, file_type; init_daemon_domain(rmt_storage) -allow rmt_storage modem_efs_partition_device:blk_file { read write open }; -allow rmt_storage block_device:dir search; -allow rmt_storage cgroup:dir { create add_name }; -allow rmt_storage smem_log_device:chr_file { read write ioctl open }; -allow rmt_storage self:capability { setuid setgid sys_admin dac_override }; +allow rmt_storage modem_efs_partition_device:blk_file rw_file_perms; +allow rmt_storage block_device:dir r_dir_perms; +allow rmt_storage cgroup:dir create_dir_perms; +allow rmt_storage smem_log_device:chr_file rw_file_perms; + +# sys_admin is needed for ioprio_set +allow rmt_storage self:capability { setuid setgid sys_admin dac_override net_raw setpcap }; + allow rmt_storage self:capability2 block_suspend; -allow rmt_storage self:socket { create_socket_perms }; -allow rmt_storage sysfs_wake_lock:file { open write append }; -allow rmt_storage uio_device:chr_file { read write open }; -allow rmt_storage mmc_block_device:blk_file r_file_perms; -allow rmt_storage self:capability { net_raw setpcap }; +allow rmt_storage self:socket create_socket_perms; +allow rmt_storage sysfs_wake_lock:file w_file_perms; +allow rmt_storage uio_device:chr_file rw_file_perms; +allow rmt_storage mmc_block_device:blk_file r_file_perms;
\ No newline at end of file |