diff options
| author | Stephen Smalley <sds@tycho.nsa.gov> | 2012-11-16 09:06:47 -0500 |
|---|---|---|
| committer | Stephen Smalley <sds@tycho.nsa.gov> | 2012-11-19 09:55:10 -0500 |
| commit | 61c80d5ec8632cadcf754eed0986b23284217c06 (patch) | |
| tree | 2ea67413fe63c778d1f242bb037efde83f1bad89 /zygote.te | |
| parent | eab23895cd13ccb2a552dd9713bd1e88cf41e522 (diff) | |
| download | android_external_sepolicy-61c80d5ec8632cadcf754eed0986b23284217c06.tar.gz android_external_sepolicy-61c80d5ec8632cadcf754eed0986b23284217c06.tar.bz2 android_external_sepolicy-61c80d5ec8632cadcf754eed0986b23284217c06.zip | |
Update policy for Android 4.2 / latest master.
Update policy for Android 4.2 / latest master.
Primarily this consists of changes around the bluetooth subsystem.
The zygote also needs further permissions to set up /storage/emulated.
adbd service now gets a socket under /dev/socket.
keystore uses the binder.
Change-Id: I8c5aeb8d100313c75169734a0fa614aa974b3bfc
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Diffstat (limited to 'zygote.te')
| -rw-r--r-- | zygote.te | 6 |
1 files changed, 6 insertions, 0 deletions
@@ -29,3 +29,9 @@ selinux_check_access(zygote) # Read /seapp_contexts, presently on the rootfs. allow zygote rootfs:file r_file_perms; +# Setting up /storage/emulated. +allow zygote rootfs:dir mounton; +allow zygote sdcard:dir { write search setattr create add_name mounton }; +dontaudit zygote self:capability fsetid; +allow zygote tmpfs:dir { write create add_name setattr mounton }; +allow zygote tmpfs:filesystem mount; |