diff options
| author | Samir Mehta <samirn@codeaurora.org> | 2014-11-05 22:02:11 +0530 |
|---|---|---|
| committer | Samir Mehta <samirn@codeaurora.org> | 2014-11-24 11:13:30 +0530 |
| commit | c242f59bd319331d8e0e5e12929618a7ff8ecda7 (patch) | |
| tree | b87775ce21b03e33d570d07fa20c45c23c293d34 /msm8960 | |
| parent | fcae7b066cef9eede264f9543bb6f20d22332323 (diff) | |
| download | android_device_qcom_sepolicy-c242f59bd319331d8e0e5e12929618a7ff8ecda7.tar.gz android_device_qcom_sepolicy-c242f59bd319331d8e0e5e12929618a7ff8ecda7.tar.bz2 android_device_qcom_sepolicy-c242f59bd319331d8e0e5e12929618a7ff8ecda7.zip | |
SEAndroid: Fixing few denials
This fixes the below issues
1. 744304 - SELinux Surf port Enumeration issue
Files changed - mdm_helper.te
- rild.te
- file_contexts
- file.te
- rmt_storage.te
- device.te
2. 751137 - WIFI is not turning ON
Files Changed - wpa.te
- system_server.te
3. Issues related to CTS testInitDomain and boot up
denials for other domains.
CRs-fixed: 744304 751137
Change-Id: I2785e85592a10468a667be363e6115e27b76707f
Diffstat (limited to 'msm8960')
| -rwxr-xr-x | msm8960/device.te | 2 | ||||
| -rw-r--r-- | msm8960/file.te | 2 | ||||
| -rwxr-xr-x | msm8960/file_contexts | 17 | ||||
| -rwxr-xr-x | msm8960/mdm_helper.te | 8 | ||||
| -rw-r--r-- | msm8960/mm-pp-daemon.te | 4 | ||||
| -rw-r--r-- | msm8960/mpdecision.te | 3 | ||||
| -rw-r--r-- | msm8960/rild.te | 2 | ||||
| -rw-r--r-- | msm8960/rmt_storage.te | 5 | ||||
| -rw-r--r-- | msm8960/ssr_diag.te | 3 | ||||
| -rw-r--r-- | msm8960/system_server.te | 2 | ||||
| -rw-r--r-- | msm8960/thermal-engine.te | 2 | ||||
| -rw-r--r-- | msm8960/wpa.te | 2 |
12 files changed, 52 insertions, 0 deletions
diff --git a/msm8960/device.te b/msm8960/device.te new file mode 100755 index 00000000..24d277a0 --- /dev/null +++ b/msm8960/device.te @@ -0,0 +1,2 @@ +#mdm helper device +type mdm_device, dev_type; diff --git a/msm8960/file.te b/msm8960/file.te new file mode 100644 index 00000000..e5cea972 --- /dev/null +++ b/msm8960/file.te @@ -0,0 +1,2 @@ +#efs file types +type efs_data_file, file_type, data_file_type; diff --git a/msm8960/file_contexts b/msm8960/file_contexts index 0afaeb4f..7e514561 100755 --- a/msm8960/file_contexts +++ b/msm8960/file_contexts @@ -3,3 +3,20 @@ # /dev/msm_camera(/.*)? u:object_r:camera_device:s0 /dev/msm_rotator u:object_r:graphics_device:s0 +/dev/mdm u:object_r:mdm_device:s0 +/dev/block/bootdevice/by-name/m9kefs1 u:object_r:efs_boot_dev:s0 +/dev/block/bootdevice/by-name/m9kefs2 u:object_r:efs_boot_dev:s0 +/dev/block/bootdevice/by-name/m9kefs3 u:object_r:efs_boot_dev:s0 +/dev/block/bootdevice/by-name/m9kefsc u:object_r:efs_boot_dev:s0 + +################################### +# System files +# +/system/bin/thermald u:object_r:thermal-engine_exec:s0 +/system/bin/qcks u:object_r:mdm_helper_exec:s0 +/system/bin/efks u:object_r:mdm_helper_exec:s0 + +################################### +# Data files +# +/data/qcks(/.*)? u:object_r:efs_data_file:s0 diff --git a/msm8960/mdm_helper.te b/msm8960/mdm_helper.te new file mode 100755 index 00000000..5fe3608a --- /dev/null +++ b/msm8960/mdm_helper.te @@ -0,0 +1,8 @@ +#Needed in order to access the data partition bin files +type_transition mdm_helper system_data_file:{ file } efs_data_file; + +allow mdm_helper mdm_device:file rw_file_perms; +allow mdm_helper mdm_device:chr_file rw_file_perms; +allow mdm_helper self:capability { dac_read_search dac_override }; +allow mdm_helper efs_data_file:file create_file_perms; +allow mdm_helper efs_data_file:dir create_dir_perms; diff --git a/msm8960/mm-pp-daemon.te b/msm8960/mm-pp-daemon.te new file mode 100644 index 00000000..cbaafcf5 --- /dev/null +++ b/msm8960/mm-pp-daemon.te @@ -0,0 +1,4 @@ +userdebug_or_eng(` + #Allow pp-daemon to access stream socket + allow mm-pp-daemon init:unix_stream_socket { read write }; +') diff --git a/msm8960/mpdecision.te b/msm8960/mpdecision.te new file mode 100644 index 00000000..f9adcee0 --- /dev/null +++ b/msm8960/mpdecision.te @@ -0,0 +1,3 @@ +allow mpdecision socket_device:dir w_dir_perms; +allow mpdecision socket_device:sock_file create; +allow mpdecision self:capability sys_nice; diff --git a/msm8960/rild.te b/msm8960/rild.te new file mode 100644 index 00000000..81cafff7 --- /dev/null +++ b/msm8960/rild.te @@ -0,0 +1,2 @@ +#allow rild to access smd_cmx_qmi device; +allow rild smd_device:chr_file rw_file_perms; diff --git a/msm8960/rmt_storage.te b/msm8960/rmt_storage.te new file mode 100644 index 00000000..3b3bbb29 --- /dev/null +++ b/msm8960/rmt_storage.te @@ -0,0 +1,5 @@ +# rmt_storage - rmt_storage daemon +allow rmt_storage rpmb_device:blk_file { open read }; +allow rmt_storage ssd_device:blk_file { open read write }; +unix_socket_connect(rmt_storage, property, init) +allow rmt_storage ctl_default_prop:property_service set; diff --git a/msm8960/ssr_diag.te b/msm8960/ssr_diag.te new file mode 100644 index 00000000..6b170b03 --- /dev/null +++ b/msm8960/ssr_diag.te @@ -0,0 +1,3 @@ +userdebug_or_eng(` + allow ssr_diag self:netlink_kobject_uevent_socket create; +') diff --git a/msm8960/system_server.te b/msm8960/system_server.te new file mode 100644 index 00000000..1ac7260e --- /dev/null +++ b/msm8960/system_server.te @@ -0,0 +1,2 @@ +# WifiStateMachine to access wpa_wlan0 socket +allow system_server init:unix_dgram_socket sendto; diff --git a/msm8960/thermal-engine.te b/msm8960/thermal-engine.te new file mode 100644 index 00000000..707717df --- /dev/null +++ b/msm8960/thermal-engine.te @@ -0,0 +1,2 @@ +allow thermal-engine self:netlink_kobject_uevent_socket create; +allow thermal-engine socket_device:dir w_dir_perms; diff --git a/msm8960/wpa.te b/msm8960/wpa.te new file mode 100644 index 00000000..24ce72f1 --- /dev/null +++ b/msm8960/wpa.te @@ -0,0 +1,2 @@ +allow wpa devpts:chr_file rw_file_perms; +allow wpa init:unix_dgram_socket { read write }; |