diff options
| author | Stephen Smalley <sds@tycho.nsa.gov> | 2014-06-19 10:27:02 -0400 |
|---|---|---|
| committer | Stephen Smalley <sds@tycho.nsa.gov> | 2014-06-23 15:45:55 -0400 |
| commit | fee49159e760162b0e8ee5a4590c50a65b8e322f (patch) | |
| tree | 3b066417abb880b6cde8024b707ba6b395e1dac9 /rild.te | |
| parent | 0db95cce33b33259e87b41c7fa1807f562c2d7d1 (diff) | |
| download | android_external_sepolicy-fee49159e760162b0e8ee5a4590c50a65b8e322f.tar.gz android_external_sepolicy-fee49159e760162b0e8ee5a4590c50a65b8e322f.tar.bz2 android_external_sepolicy-fee49159e760162b0e8ee5a4590c50a65b8e322f.zip | |
Align SELinux property policy with init property_perms.
Introduce a net_radio_prop type for net. properties that can be
set by radio or system.
Introduce a system_radio_prop type for sys. properties that can be
set by radio or system.
Introduce a dhcp_prop type for properties that can be set by dhcp or system.
Drop the rild_prop vs radio_prop distinction; this was an early
experiment to see if we could separate properties settable by rild
versus other radio UID processes but it did not pan out.
Remove the ability to set properties from unconfineddomain.
Allow init to set any property. Allow recovery to set ctl_default_prop
to restart adbd.
Change-Id: I5ccafcb31ec4004dfefcec8718907f6b6f3e0dfd
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Diffstat (limited to 'rild.te')
| -rw-r--r-- | rild.te | 5 |
1 files changed, 4 insertions, 1 deletions
@@ -26,8 +26,11 @@ allow rild system_data_file:file r_file_perms; allow rild system_file:file x_file_perms; # property service -allow rild rild_prop:property_service set; allow rild radio_prop:property_service set; +allow rild net_radio_prop:property_service set; +allow rild system_radio_prop:property_service set; +auditallow rild net_radio_prop:property_service set; +auditallow rild system_radio_prop:property_service set; # Read/Write to uart driver (for GPS) allow rild gps_device:chr_file rw_file_perms; |