diff options
author | Linux Build Service Account <lnxbuild@localhost> | 2014-11-13 13:02:24 -0800 |
---|---|---|
committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2014-11-13 13:02:24 -0800 |
commit | cd0c25f4838480fc3e6ecfd88c6658195b548423 (patch) | |
tree | 80f86a1a3349f74c181d66351f020ddfe22478b5 /common | |
parent | 512910fa2637a41d9d83992cc666351722fe1dea (diff) | |
parent | b73cff1f7b83add4a815fb2d768194c3174d56c1 (diff) | |
download | android_device_qcom_sepolicy-cd0c25f4838480fc3e6ecfd88c6658195b548423.tar.gz android_device_qcom_sepolicy-cd0c25f4838480fc3e6ecfd88c6658195b548423.tar.bz2 android_device_qcom_sepolicy-cd0c25f4838480fc3e6ecfd88c6658195b548423.zip |
Merge "Seandroid: Adding context for rfs access"
Diffstat (limited to 'common')
-rwxr-xr-x | common/file_contexts | 1 | ||||
-rw-r--r-- | common/rfs_access.te | 3 |
2 files changed, 4 insertions, 0 deletions
diff --git a/common/file_contexts b/common/file_contexts index 740645e2..db692247 100755 --- a/common/file_contexts +++ b/common/file_contexts @@ -116,6 +116,7 @@ /system/rfs.* u:object_r:rfs_system_file:s0 /system/bin/time_daemon u:object_r:time_daemon_exec:s0 /system/bin/rmt_storage u:object_r:rmt_storage_exec:s0 +/system/bin/rfs_access u:object_r:rfs_access_exec:s0 /system/bin/hvdcp u:object_r:hvdcp_exec:s0 /system/bin/qseecomd u:object_r:tee_exec:s0 /system/bin/hostapd_cli u:object_r:hostapd_exec:s0 diff --git a/common/rfs_access.te b/common/rfs_access.te index 129ffa3b..ec946c27 100644 --- a/common/rfs_access.te +++ b/common/rfs_access.te @@ -38,3 +38,6 @@ allow rfs_access firmware_file:file { open read getattr }; #Prevent other domains from accessing RFS data files. neverallow { domain -rfs_access -kernel -recovery -init userdebug_or_eng(`-su') -init_shell } rfs_data_file:dir { write search create add_name }; neverallow { domain -rfs_access -kernel -recovery -init userdebug_or_eng(`-su') -init_shell } rfs_data_file:file { open read write create append getattr }; + +allow rfs_access self:capability { setuid setpcap net_raw }; +allow rfs_access smem_log_device:chr_file rw_file_perms; |