diff options
author | Biswajit Paul <biswajitpaul@codeaurora.org> | 2016-07-20 12:02:14 -0700 |
---|---|---|
committer | Dennis Cagle <d-cagle@codeaurora.org> | 2016-09-12 15:44:19 -0700 |
commit | 277acbba3c7adbb01364f738638a23b1b8674311 (patch) | |
tree | d50c753f79fd574cfcdc17c206c20b0d5b14a199 /common/te_macros | |
parent | 17cde0630b9bbb849080895fe86fecac99b063ba (diff) | |
download | android_device_qcom_sepolicy-277acbba3c7adbb01364f738638a23b1b8674311.tar.gz android_device_qcom_sepolicy-277acbba3c7adbb01364f738638a23b1b8674311.tar.bz2 android_device_qcom_sepolicy-277acbba3c7adbb01364f738638a23b1b8674311.zip |
sepolicy: Restrict diag access available to domains
Current diag access is overly permissive. Restrict diag access
to a whilelist of all domains.
CRs-Fixed: 1052935
Change-Id: I7713f18a10508ef297e2742969dc5f9064cf9b50
Diffstat (limited to 'common/te_macros')
-rw-r--r-- | common/te_macros | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/common/te_macros b/common/te_macros index e232bb5a..4fd7b62b 100644 --- a/common/te_macros +++ b/common/te_macros @@ -53,3 +53,9 @@ allow dpmd $1:file r_file_perms; allow dpmd $1:fd use; allow dpmd $1:tcp_socket rw_socket_perms; ') +##################################### +# diag_use(clientdomain) +# allow clientdomain to read/write to diag +define(`diag_use', ` +allow $1 diag_device:chr_file rw_file_perms; +') |