diff options
| author | Linux Build Service Account <lnxbuild@localhost> | 2014-11-14 04:40:48 -0800 |
|---|---|---|
| committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2014-11-14 04:40:48 -0800 |
| commit | eaf15a08996c5c61f76228fe74ca180b6a091b5e (patch) | |
| tree | a5a0500b0f7e16a1db9770236fb2b6ee731a83dd /common | |
| parent | a589b7ac76c73ede77dfb6db5e403d47d1b92919 (diff) | |
| parent | 738a29da048e108becfa185807e34ad7e380534a (diff) | |
| download | android_device_qcom_sepolicy-eaf15a08996c5c61f76228fe74ca180b6a091b5e.tar.gz android_device_qcom_sepolicy-eaf15a08996c5c61f76228fe74ca180b6a091b5e.tar.bz2 android_device_qcom_sepolicy-eaf15a08996c5c61f76228fe74ca180b6a091b5e.zip | |
Merge "sepolicy: Add mmi policy files."
Diffstat (limited to 'common')
| -rw-r--r-- | common/file.te | 3 | ||||
| -rwxr-xr-x | common/file_contexts | 2 | ||||
| -rw-r--r-- | common/mmi.te | 31 |
3 files changed, 36 insertions, 0 deletions
diff --git a/common/file.te b/common/file.te index be55eee8..7af3c98c 100644 --- a/common/file.te +++ b/common/file.te @@ -100,3 +100,6 @@ type display_config, file_type, data_file_type; # IPA file types type ipacm_socket, file_type; type ipacm_data_file, file_type; + +#Define the files written during the operation of mmi +type mmi_data_file, file_type, data_file_type; diff --git a/common/file_contexts b/common/file_contexts index db692247..6c52af05 100755 --- a/common/file_contexts +++ b/common/file_contexts @@ -97,6 +97,7 @@ /system/bin/drmdiagapp u:object_r:diag_exec:s0 /system/bin/irsc_util u:object_r:irsc_util_exec:s0 /system/bin/mm-pp-daemon u:object_r:mm-pp-daemon_exec:s0 +/system/bin/mmi u:object_r:mmi_exec:s0 /system/bin/mpdecision u:object_r:mpdecision_exec:s0 /system/bin/perfd u:object_r:perfd_exec:s0 /system/bin/msm_irqbalance u:object_r:msm_irqbalanced_exec:s0 @@ -209,6 +210,7 @@ /data/dpm(/.*)? u:object_r:dpmd_data_file:s0 /data/data/app_ms(/.*)? u:object_r:data_drm_file:s0 /data/misc/location(/.*)? u:object_r:location_data_file:s0 +/data/FTM_AP(/.*)? u:object_r:mmi_data_file:s0 ################################### # persist files diff --git a/common/mmi.te b/common/mmi.te new file mode 100644 index 00000000..1f58af17 --- /dev/null +++ b/common/mmi.te @@ -0,0 +1,31 @@ +#integrated process +type mmi, domain; +type mmi_exec, exec_type, file_type; + +#started by init +init_daemon_domain(mmi) + +#self capability +allow mmi self:capability { sys_nice dac_override }; +allow mmi self:capability2 block_suspend; + +#For various devices +allow mmi graphics_device:chr_file rw_file_perms; +allow mmi input_device:chr_file r_file_perms; +allow mmi input_device:dir r_file_perms; +allow mmi nfc_device:chr_file rw_file_perms; +allow mmi shell_exec:file rx_file_perms; +allow mmi sysfs_wake_lock:file rw_file_perms; + +#FTM_AP folder permissions +allow mmi mmi_data_file:dir rw_dir_perms; +allow mmi mmi_data_file:file rw_file_perms; + +#socket +unix_socket_connect(mmi, property, init) + +#allow mmi set system prop +allow mmi powerctl_prop:property_service set; + +#allow mmi operation on MISC partition +allow mmi misc_partition:blk_file w_file_perms; |