diff options
| author | Mulu He <muluhe@codeaurora.org> | 2014-10-27 16:19:16 +0800 |
|---|---|---|
| committer | Avijit Kanti Das <avijitnsec@codeaurora.org> | 2014-11-12 11:55:14 -0800 |
| commit | 738a29da048e108becfa185807e34ad7e380534a (patch) | |
| tree | 45c10e9b693cdfb6fe723c6fcfd686722cdf55f4 /common | |
| parent | d6e8d8ec72f7ddb8281a3cebda89fb018756d1ec (diff) | |
| download | android_device_qcom_sepolicy-738a29da048e108becfa185807e34ad7e380534a.tar.gz android_device_qcom_sepolicy-738a29da048e108becfa185807e34ad7e380534a.tar.bz2 android_device_qcom_sepolicy-738a29da048e108becfa185807e34ad7e380534a.zip | |
sepolicy: Add mmi policy files.
Add policy file for MMI application.
Change-Id: I0d6f264797c2423255026788aad8653e90567c1f
Diffstat (limited to 'common')
| -rw-r--r-- | common/file.te | 3 | ||||
| -rwxr-xr-x | common/file_contexts | 2 | ||||
| -rw-r--r-- | common/mmi.te | 31 |
3 files changed, 36 insertions, 0 deletions
diff --git a/common/file.te b/common/file.te index be55eee8..7af3c98c 100644 --- a/common/file.te +++ b/common/file.te @@ -100,3 +100,6 @@ type display_config, file_type, data_file_type; # IPA file types type ipacm_socket, file_type; type ipacm_data_file, file_type; + +#Define the files written during the operation of mmi +type mmi_data_file, file_type, data_file_type; diff --git a/common/file_contexts b/common/file_contexts index db692247..6c52af05 100755 --- a/common/file_contexts +++ b/common/file_contexts @@ -97,6 +97,7 @@ /system/bin/drmdiagapp u:object_r:diag_exec:s0 /system/bin/irsc_util u:object_r:irsc_util_exec:s0 /system/bin/mm-pp-daemon u:object_r:mm-pp-daemon_exec:s0 +/system/bin/mmi u:object_r:mmi_exec:s0 /system/bin/mpdecision u:object_r:mpdecision_exec:s0 /system/bin/perfd u:object_r:perfd_exec:s0 /system/bin/msm_irqbalance u:object_r:msm_irqbalanced_exec:s0 @@ -209,6 +210,7 @@ /data/dpm(/.*)? u:object_r:dpmd_data_file:s0 /data/data/app_ms(/.*)? u:object_r:data_drm_file:s0 /data/misc/location(/.*)? u:object_r:location_data_file:s0 +/data/FTM_AP(/.*)? u:object_r:mmi_data_file:s0 ################################### # persist files diff --git a/common/mmi.te b/common/mmi.te new file mode 100644 index 00000000..1f58af17 --- /dev/null +++ b/common/mmi.te @@ -0,0 +1,31 @@ +#integrated process +type mmi, domain; +type mmi_exec, exec_type, file_type; + +#started by init +init_daemon_domain(mmi) + +#self capability +allow mmi self:capability { sys_nice dac_override }; +allow mmi self:capability2 block_suspend; + +#For various devices +allow mmi graphics_device:chr_file rw_file_perms; +allow mmi input_device:chr_file r_file_perms; +allow mmi input_device:dir r_file_perms; +allow mmi nfc_device:chr_file rw_file_perms; +allow mmi shell_exec:file rx_file_perms; +allow mmi sysfs_wake_lock:file rw_file_perms; + +#FTM_AP folder permissions +allow mmi mmi_data_file:dir rw_dir_perms; +allow mmi mmi_data_file:file rw_file_perms; + +#socket +unix_socket_connect(mmi, property, init) + +#allow mmi set system prop +allow mmi powerctl_prop:property_service set; + +#allow mmi operation on MISC partition +allow mmi misc_partition:blk_file w_file_perms; |