diff options
| author | Tony Han <xiahan@codeaurora.org> | 2018-02-05 13:11:51 +0800 |
|---|---|---|
| committer | Tony Han <xiahan@codeaurora.org> | 2018-02-12 14:09:38 +0800 |
| commit | 32ca580752ad3cab9cf96987035dac34fb602c31 (patch) | |
| tree | fa9b1cd285cbc0f152c63d061d66e3bd05b04592 /msm8996 | |
| parent | d2b7a4a99372e0339f899592adaa0e04c086cb92 (diff) | |
| download | android_device_qcom_sepolicy-32ca580752ad3cab9cf96987035dac34fb602c31.tar.gz android_device_qcom_sepolicy-32ca580752ad3cab9cf96987035dac34fb602c31.tar.bz2 android_device_qcom_sepolicy-32ca580752ad3cab9cf96987035dac34fb602c31.zip | |
sepolicy: add policy file for amfs-service
Add te file to allow amfsservice process to access
required resources.
Change-Id: I1a5bf6c58b6ef4c1eb523d1ab5e797ca1a8ee927
Diffstat (limited to 'msm8996')
| -rw-r--r-- | msm8996/amfsservice.te | 38 | ||||
| -rw-r--r-- | msm8996/file_contexts | 3 |
2 files changed, 40 insertions, 1 deletions
diff --git a/msm8996/amfsservice.te b/msm8996/amfsservice.te new file mode 100644 index 00000000..5e517646 --- /dev/null +++ b/msm8996/amfsservice.te @@ -0,0 +1,38 @@ +# Copyright (c) 2018, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# amfsservice daemon +type amfsservice, domain; +type amfsservice_exec, exec_type, vendor_file_type, file_type; + +# Started by init +init_daemon_domain(amfsservice) + +# For reading files under /vendor +allow amfsservice vendor_file:dir r_dir_perms; +allow amfsservice vendor_configs_file:dir r_dir_perms; +allow amfsservice audio_device:chr_file rw_file_perms; diff --git a/msm8996/file_contexts b/msm8996/file_contexts index 5242b01d..455149ab 100644 --- a/msm8996/file_contexts +++ b/msm8996/file_contexts @@ -89,7 +89,8 @@ ################################### # System files # -/(vendor|system/vendor)/bin/seccamd u:object_r:seccamd_exec:s0 +/(vendor|system/vendor)/bin/amfsservice u:object_r:amfsservice_exec:s0 +/(vendor|system/vendor)/bin/seccamd u:object_r:seccamd_exec:s0 /(vendor|system/vendor)/bin/hw/vendor.qti.hardware.automotive.vehicle@1.0-service u:object_r:hal_automotive_vehicle_qti_exec:s0 ################################### |