diff options
| author | Sami Tolvanen <samitolvanen@google.com> | 2015-02-18 13:59:38 +0000 |
|---|---|---|
| committer | Nick Kralevich <nnk@google.com> | 2015-02-26 17:23:29 +0000 |
| commit | 9d87c647afdc478245579090eae1ca2d1ae8d341 (patch) | |
| tree | 92a78cc2d290fd0c1050aa7c3a844b88a326a1c4 /slideshow.te | |
| parent | d99ea5a8af11216fb3e2e315c6310d2af4f02afc (diff) | |
| download | android_external_sepolicy-9d87c647afdc478245579090eae1ca2d1ae8d341.tar.gz android_external_sepolicy-9d87c647afdc478245579090eae1ca2d1ae8d341.tar.bz2 android_external_sepolicy-9d87c647afdc478245579090eae1ca2d1ae8d341.zip | |
Allow init to execute /sbin/slideshow
Add rules to allow /sbin/slideshow to access framebuffer and input
devices at early stages of boot, and rules to allow init to execute
the program (from init.rc using exec).
Needed by changes from
I58c79a7f3ac747eec0d73a10f018d3d8ade9df7d
Change-Id: I1d5018feb7025853f0bf81651f497fef8c3a6ab0
Diffstat (limited to 'slideshow.te')
| -rw-r--r-- | slideshow.te | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/slideshow.te b/slideshow.te new file mode 100644 index 0000000..1a22fb5 --- /dev/null +++ b/slideshow.te @@ -0,0 +1,13 @@ +# slideshow seclabel is specified in init.rc since +# it lives in the rootfs and has no unique file type. +type slideshow, domain; + +write_klog(slideshow) +allow slideshow device:dir r_dir_perms; +allow slideshow self:capability { mknod sys_tty_config }; +allow slideshow graphics_device:dir r_dir_perms; +allow slideshow graphics_device:chr_file rw_file_perms; +allow slideshow input_device:dir r_dir_perms; +allow slideshow input_device:chr_file r_file_perms; +allow slideshow tty_device:chr_file rw_file_perms; + |