diff options
author | Ziyan <jaraidaniel@gmail.com> | 2016-01-24 21:13:51 +0100 |
---|---|---|
committer | Andreas Blaesius <skate4life@gmx.de> | 2018-01-29 19:32:57 +0100 |
commit | 3d3a6e855c3c2676cebed48a8f2e04a51ff5390a (patch) | |
tree | 9dc05958bd4d5f6aba8a2e2c8c73bd4fd3935253 | |
parent | b110c18672c74f67c288e6e4fbc3ebbe3505b0a7 (diff) | |
download | android_hardware_ti_omap4-3d3a6e855c3c2676cebed48a8f2e04a51ff5390a.tar.gz android_hardware_ti_omap4-3d3a6e855c3c2676cebed48a8f2e04a51ff5390a.tar.bz2 android_hardware_ti_omap4-3d3a6e855c3c2676cebed48a8f2e04a51ff5390a.zip |
Add common sepolicy
Change-Id: Id08f4e07439763f6d5069dfbb82fab15648fd80e
-rw-r--r-- | BoardConfigCommon.mk | 4 | ||||
-rw-r--r-- | sepolicy/file.te | 2 | ||||
-rw-r--r-- | sepolicy/file_contexts | 10 | ||||
-rw-r--r-- | sepolicy/init.te | 2 | ||||
-rw-r--r-- | sepolicy/pvrsrvinit.te | 8 | ||||
-rw-r--r-- | sepolicy/system_server.te | 2 |
6 files changed, 28 insertions, 0 deletions
diff --git a/BoardConfigCommon.mk b/BoardConfigCommon.mk index 4a17c84..dec1219 100644 --- a/BoardConfigCommon.mk +++ b/BoardConfigCommon.mk @@ -77,6 +77,10 @@ TARGET_BOOTANIMATION_PRELOAD := false TARGET_BOOTANIMATION_TEXTURE_CACHE := false TARGET_BOOTANIMATION_USE_RGB565 := true +# SELinux +BOARD_SEPOLICY_DIRS += \ + $(OMAP4_NEXT_FOLDER)/sepolicy + # Misc BOARD_USES_SECURE_SERVICES := true diff --git a/sepolicy/file.te b/sepolicy/file.te new file mode 100644 index 0000000..c29f1df --- /dev/null +++ b/sepolicy/file.te @@ -0,0 +1,2 @@ +# Hardware tunables +type sysfs_hardware, fs_type, sysfs_type; diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts new file mode 100644 index 0000000..08d1b38 --- /dev/null +++ b/sepolicy/file_contexts @@ -0,0 +1,10 @@ +# Device nodes +/dev/tiler u:object_r:video_device:s0 +/dev/dsscomp u:object_r:graphics_device:s0 + +# System binaries +/system/bin/pvrsrvinit u:object_r:pvrsrvinit_exec:s0 + +# Hardware tunables +/sys/devices/platform/omapdss/manager0/cpr_coef -- u:object_r:sysfs_hardware:s0 +/sys/devices/platform/omapdss/manager0/cpr_enable -- u:object_r:sysfs_hardware:s0 diff --git a/sepolicy/init.te b/sepolicy/init.te new file mode 100644 index 0000000..d269ef2 --- /dev/null +++ b/sepolicy/init.te @@ -0,0 +1,2 @@ +# Hardware tunables +allow init sysfs_hardware:file rw_file_perms; diff --git a/sepolicy/pvrsrvinit.te b/sepolicy/pvrsrvinit.te new file mode 100644 index 0000000..0a2a98e --- /dev/null +++ b/sepolicy/pvrsrvinit.te @@ -0,0 +1,8 @@ +type pvrsrvinit, domain; +type pvrsrvinit_exec, exec_type, file_type; + +init_daemon_domain(pvrsrvinit) + +allow pvrsrvinit gpu_device:chr_file rw_file_perms; +allow pvrsrvinit kernel:system module_request; +allow pvrsrvinit self:capability sys_module; diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te new file mode 100644 index 0000000..24ff30f --- /dev/null +++ b/sepolicy/system_server.te @@ -0,0 +1,2 @@ +# Hardware tunables +allow system_server sysfs_hardware:file rw_file_perms; |