diff options
Diffstat (limited to 'common/rmt_storage.te')
-rw-r--r-- | common/rmt_storage.te | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/common/rmt_storage.te b/common/rmt_storage.te index 04a96ef1..19aea1d0 100644 --- a/common/rmt_storage.te +++ b/common/rmt_storage.te @@ -3,14 +3,16 @@ type rmt_storage, domain; type rmt_storage_exec, exec_type, file_type; init_daemon_domain(rmt_storage) -allow rmt_storage modem_efs_partition_device:blk_file { read write open }; -allow rmt_storage block_device:dir search; -allow rmt_storage cgroup:dir { create add_name }; -allow rmt_storage smem_log_device:chr_file { read write ioctl open }; -allow rmt_storage self:capability { setuid setgid sys_admin dac_override }; +allow rmt_storage modem_efs_partition_device:blk_file rw_file_perms; +allow rmt_storage block_device:dir r_dir_perms; +allow rmt_storage cgroup:dir create_dir_perms; +allow rmt_storage smem_log_device:chr_file rw_file_perms; + +# sys_admin is needed for ioprio_set +allow rmt_storage self:capability { setuid setgid sys_admin dac_override net_raw setpcap }; + allow rmt_storage self:capability2 block_suspend; -allow rmt_storage self:socket { create_socket_perms }; -allow rmt_storage sysfs_wake_lock:file { open write append }; -allow rmt_storage uio_device:chr_file { read write open }; -allow rmt_storage mmc_block_device:blk_file r_file_perms; -allow rmt_storage self:capability { net_raw setpcap }; +allow rmt_storage self:socket create_socket_perms; +allow rmt_storage sysfs_wake_lock:file w_file_perms; +allow rmt_storage uio_device:chr_file rw_file_perms; +allow rmt_storage mmc_block_device:blk_file r_file_perms;
\ No newline at end of file |