summaryrefslogtreecommitdiffstats
path: root/common/rfs_access.te
diff options
context:
space:
mode:
Diffstat (limited to 'common/rfs_access.te')
-rw-r--r--common/rfs_access.te4
1 files changed, 4 insertions, 0 deletions
diff --git a/common/rfs_access.te b/common/rfs_access.te
index 69c14e65..318fffc1 100644
--- a/common/rfs_access.te
+++ b/common/rfs_access.te
@@ -53,6 +53,7 @@ allow rfs_access self:capability {
setuid
setgid
setpcap
+ net_bind_service
net_raw
};
@@ -62,6 +63,9 @@ allow rfs_access self:capability {
allow rfs_access self:capability { dac_read_search chown dac_override };
+#For access to the kmsg device
+allow rfs_access kmsg_device:chr_file w_file_perms;
+
#Prevent other domains from accessing RFS data files.
neverallow { domain -rfs_access -kernel -recovery -init userdebug_or_eng(`-su') -qti_init_shell } rfs_file:dir create_dir_perms;
neverallow { domain -rfs_access -kernel -recovery -init userdebug_or_eng(`-su') -qti_init_shell } rfs_file:file create_file_perms;
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-19 01:44:28 +0000