summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWolfgang Wiedmeyer <wolfgit@wiedmeyer.de>2017-02-22 13:39:29 +0100
committerWolfgang Wiedmeyer <wolfgit@wiedmeyer.de>2017-02-22 13:39:29 +0100
commitede22880e73d84d70b1cb55ea8b24201472c0cb3 (patch)
tree8c4c7822e5c37babf9703253f7034710b99debe9
parent365abd1dd8167e22c51ef59f759e67e8a582bbb2 (diff)
downloaddevice_samsung_n7100-ede22880e73d84d70b1cb55ea8b24201472c0cb3.tar.gz
device_samsung_n7100-ede22880e73d84d70b1cb55ea8b24201472c0cb3.tar.bz2
device_samsung_n7100-ede22880e73d84d70b1cb55ea8b24201472c0cb3.zip
selinux: fix rild and wifi and remove cbd rules
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
-rw-r--r--selinux/cpboot-daemon.te25
-rw-r--r--selinux/device.te1
-rw-r--r--selinux/file.te1
-rw-r--r--selinux/file_contexts2
-rw-r--r--selinux/init.te1
-rw-r--r--selinux/rild.te3
-rw-r--r--selinux/system_server.te4
7 files changed, 9 insertions, 28 deletions
diff --git a/selinux/cpboot-daemon.te b/selinux/cpboot-daemon.te
deleted file mode 100644
index 9974ff2..0000000
--- a/selinux/cpboot-daemon.te
+++ /dev/null
@@ -1,25 +0,0 @@
-type cpboot-daemon, domain;
-
-permissive cpboot-daemon;
-
-allow cpboot-daemon cgroup:dir { create add_name };
-allow cpboot-daemon device:dir { write remove_name add_name };
-allow cpboot-daemon efs_block_device:blk_file { read open };
-allow cpboot-daemon efs_device_file:dir search;
-allow cpboot-daemon efs_file:file { read write open };
-allow cpboot-daemon init:unix_stream_socket connectto;
-allow cpboot-daemon log_device:chr_file { write open };
-allow cpboot-daemon log_device:dir search;
-allow cpboot-daemon property_socket:sock_file write;
-allow cpboot-daemon radio_device:chr_file { read write ioctl open };
-allow cpboot-daemon radio_prop:property_service set;
-allow cpboot-daemon self:capability { setuid };
-allow cpboot-daemon sysfs_radio:file { read write open };
-allow cpboot-daemon usbfs:dir search;
-allow cpboot-daemon self:capability dac_override;
-allow cpboot-daemon cbd_device:chr_file create_file_perms;
-
-# FIX ME
-# allow cpboot-daemon usbfs:filesystem mount;
-# allow cpboot-daemon self:capability { mknod };
-
diff --git a/selinux/device.te b/selinux/device.te
index 854958d..5ab8206 100644
--- a/selinux/device.te
+++ b/selinux/device.te
@@ -2,3 +2,4 @@ type rfkill_device, dev_type;
type efs_block_device, dev_type;
type hpd_device, dev_type;
type mfc_device, dev_type;
+type radio_block_device, dev_type;
diff --git a/selinux/file.te b/selinux/file.te
index 12b280a..f5edd1a 100644
--- a/selinux/file.te
+++ b/selinux/file.te
@@ -8,4 +8,3 @@ type efs_device_file, file_type;
type radio_data, file_type;
type sysfs_radio, fs_type, sysfs_type;
type sysfs_sensor, fs_type, sysfs_type;
-type cbd_device, dev_type;
diff --git a/selinux/file_contexts b/selinux/file_contexts
index fc824b3..275f005 100644
--- a/selinux/file_contexts
+++ b/selinux/file_contexts
@@ -10,7 +10,6 @@
/dev/umts_ipc0 u:object_r:radio_device:s0
/dev/umts_ramdump0 u:object_r:radio_device:s0
/dev/umts_rfs0 u:object_r:radio_device:s0
-/dev/__cbd_msg_ u:object_r:cbd_device:s0
/efs u:object_r:efs_device_file:s0
/data/misc/radio(/.*)? u:object_r:radio_data:s0
@@ -23,6 +22,7 @@
/dev/block/mmcblk0p12 u:object_r:cache_block_device:s0
/dev/block/mmcblk0p13 u:object_r:system_block_device:s0
/dev/block/mmcblk0p16 u:object_r:userdata_block_device:s0
+/dev/block/mmcblk0p10 u:object_r:radio_block_device:s0
# Camera
/data/ISP_CV u:object_r:camera_data_file:s0
diff --git a/selinux/init.te b/selinux/init.te
index c7393a9..bf85834 100644
--- a/selinux/init.te
+++ b/selinux/init.te
@@ -10,4 +10,3 @@ allow init sysfs_sensor:lnk_file { setattr read };
allow init rild:process noatsecure;
domain_trans(init, rootfs, gpsd)
-domain_trans(init, rootfs, cpboot-daemon)
diff --git a/selinux/rild.te b/selinux/rild.te
index 5da4924..9d42136 100644
--- a/selinux/rild.te
+++ b/selinux/rild.te
@@ -11,6 +11,7 @@ allow rild log_device:chr_file w_file_perms;
allow rild system_file:file execmod;
allow rild radio_data:file create_file_perms;
allow rild radio_data:dir create_dir_perms;
+allow rild radio_block_device:blk_file r_file_perms;
allow rild radio_device:chr_file rw_file_perms;
allow rild efs_block_device:blk_file rw_file_perms;
@@ -18,3 +19,5 @@ allow rild efs_file:file { read open write setattr };
allow rild efs_device_file:dir create_dir_perms;
allow rild efs_device_file:file { setattr create create_file_perms };
+
+allow rild sysfs_radio:file { read write open };
diff --git a/selinux/system_server.te b/selinux/system_server.te
index 789d734..8a52ff2 100644
--- a/selinux/system_server.te
+++ b/selinux/system_server.te
@@ -24,6 +24,10 @@ allow system_server wifi_data_file:file { read open };
allow system_server radio_data:dir r_dir_perms;
+# wifi firmware
+allow system_server firmware_exynos:dir { open read search };
+allow system_server firmware_exynos:file { open read };
+
allow system_server gpsd:binder transfer;
type_transition system_server system_data_file:fifo_file gps_data_file ".gps.interface.pipe.to_jni";