diff options
| author | Dan Pasanen <dan.pasanen@gmail.com> | 2017-04-05 07:27:59 -0500 |
|---|---|---|
| committer | Dan Pasanen <dan.pasanen@gmail.com> | 2017-04-05 07:27:59 -0500 |
| commit | 4a2af220a1b1e2e868123c91b27bdc2cacf0b9a8 (patch) | |
| tree | bed0dabfefe96a72fe668d14c588a1502a779c3d | |
| parent | 837a5a3d622dacc1ef845dc57c0272aef6d510dc (diff) | |
| parent | 27eb6492eb83c1a7fb7908704cf47ad2be241185 (diff) | |
| download | android_system_sepolicy-staging/cm-14.1_android-7.1.2_r2.tar.gz android_system_sepolicy-staging/cm-14.1_android-7.1.2_r2.tar.bz2 android_system_sepolicy-staging/cm-14.1_android-7.1.2_r2.zip | |
Merge tag 'android-7.1.2_r2' into cm-14.1staging/cm-14.1_android-7.1.2_r2
Android 7.1.2 Release 2 (N2G47E)
# gpg: Signature made Mon 03 Apr 2017 01:41:52 AM CDT
# gpg: using DSA key E8AD3F819AB10E78
# gpg: Can't check signature: No public key
| -rw-r--r-- | bluetooth.te | 2 | ||||
| -rw-r--r-- | dumpstate.te | 5 | ||||
| -rw-r--r-- | file.te | 1 | ||||
| -rw-r--r-- | file_contexts | 1 | ||||
| -rw-r--r-- | netd.te | 4 | ||||
| -rw-r--r-- | recovery.te | 3 | ||||
| -rw-r--r-- | service.te | 2 | ||||
| -rw-r--r-- | service_contexts | 2 |
8 files changed, 16 insertions, 4 deletions
diff --git a/bluetooth.te b/bluetooth.te index 4b20a582..a5b4d715 100644 --- a/bluetooth.te +++ b/bluetooth.te @@ -8,6 +8,8 @@ wakelock_use(bluetooth); # Data file accesses. allow bluetooth bluetooth_data_file:dir create_dir_perms; allow bluetooth bluetooth_data_file:notdevfile_class_set create_file_perms; +allow bluetooth bluetooth_logs_data_file:dir rw_dir_perms; +allow bluetooth bluetooth_logs_data_file:file create_file_perms; # Socket creation under /data/misc/bluedroid. type_transition bluetooth bluetooth_data_file:sock_file bluetooth_socket; diff --git a/dumpstate.te b/dumpstate.te index 246a7481..0b1f97bd 100644 --- a/dumpstate.te +++ b/dumpstate.te @@ -126,6 +126,11 @@ allow dumpstate self:process execmem; allow dumpstate dalvikcache_data_file:file execute; allow dumpstate dalvikcache_data_file:lnk_file r_file_perms; +# For Bluetooth +allow dumpstate bluetooth_data_file:dir search; +allow dumpstate bluetooth_logs_data_file:dir r_dir_perms; +allow dumpstate bluetooth_logs_data_file:file r_file_perms; + # Dumpstate calls screencap, which grabs a screenshot. Needs gpu access allow dumpstate gpu_device:chr_file rw_file_perms; @@ -145,6 +145,7 @@ type adb_keys_file, file_type, data_file_type; type audio_data_file, file_type, data_file_type; type audioserver_data_file, file_type, data_file_type; type bluetooth_data_file, file_type, data_file_type; +type bluetooth_logs_data_file, file_type, data_file_type; type bootstat_data_file, file_type, data_file_type; type boottrace_data_file, file_type, data_file_type; type camera_data_file, file_type, data_file_type; diff --git a/file_contexts b/file_contexts index 3448f215..085a57bb 100644 --- a/file_contexts +++ b/file_contexts @@ -274,6 +274,7 @@ /data/misc/bootstat(/.*)? u:object_r:bootstat_data_file:s0 /data/misc/boottrace(/.*)? u:object_r:boottrace_data_file:s0 /data/misc/bluetooth(/.*)? u:object_r:bluetooth_data_file:s0 +/data/misc/bluetooth/logs(/.*)? u:object_r:bluetooth_logs_data_file:s0 /data/misc/bluedroid(/.*)? u:object_r:bluetooth_data_file:s0 /data/misc/bluedroid/\.a2dp_ctrl u:object_r:bluetooth_socket:s0 /data/misc/bluedroid/\.a2dp_data u:object_r:bluetooth_socket:s0 @@ -69,8 +69,8 @@ allow netd dumpstate:fifo_file { getattr write }; allow netd system_server:binder call; allow netd permission_service:service_manager find; -# Allow netd to talk to the framework service which collects DNS query metrics. -allow netd dns_listener_service:service_manager find; +# Allow netd to talk to the framework service which collects netd events. +allow netd netd_listener_service:service_manager find; # Allow netd to operate on sockets that are passed to it. allow netd netdomain:{tcp_socket udp_socket rawip_socket dccp_socket tun_socket} {read write getattr setattr getopt setopt}; diff --git a/recovery.te b/recovery.te index 209a276e..a0af3ee7 100644 --- a/recovery.te +++ b/recovery.te @@ -51,6 +51,9 @@ recovery_only(` # TODO: create more specific label? allow recovery sysfs:file w_file_perms; + # Write to /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq. + allow recovery sysfs_devices_system_cpu:file w_file_perms; + allow recovery sysfs_batteryinfo:file r_file_perms; allow recovery kernel:system syslog_read; @@ -50,7 +50,7 @@ type deviceidle_service, app_api_service, system_server_service, service_manager type devicestoragemonitor_service, system_server_service, service_manager_type; type diskstats_service, system_api_service, system_server_service, service_manager_type; type display_service, app_api_service, system_server_service, service_manager_type; -type dns_listener_service, system_server_service, service_manager_type; +type netd_listener_service, system_server_service, service_manager_type; type DockObserver_service, system_server_service, service_manager_type; type dreams_service, app_api_service, system_server_service, service_manager_type; type dropbox_service, app_api_service, system_server_service, service_manager_type; diff --git a/service_contexts b/service_contexts index dd7e49f5..fffbd4d3 100644 --- a/service_contexts +++ b/service_contexts @@ -35,7 +35,7 @@ devicestoragemonitor u:object_r:devicestoragemonitor_servic diskstats u:object_r:diskstats_service:s0 display.qservice u:object_r:surfaceflinger_service:s0 display u:object_r:display_service:s0 -dns_listener u:object_r:dns_listener_service:s0 +netd_listener u:object_r:netd_listener_service:s0 DockObserver u:object_r:DockObserver_service:s0 dreams u:object_r:dreams_service:s0 drm.drmManager u:object_r:drmserver_service:s0 |