diff options
author | Emerson Pinter <dev@pinter.com.br> | 2015-02-12 19:20:19 -0200 |
---|---|---|
committer | Gerrit Code Review <gerrit@cyanogenmod.org> | 2015-03-17 12:12:59 +0000 |
commit | dc699fb190a7249053c4f2fd280f9dc8a3096fe6 (patch) | |
tree | 6647d7ebd339e6102604d51745be4c48d7fc48fd | |
parent | 8df987a37181343070055e66c487aa290f2e2f28 (diff) | |
download | vendor_replicant-dc699fb190a7249053c4f2fd280f9dc8a3096fe6.tar.gz vendor_replicant-dc699fb190a7249053c4f2fd280f9dc8a3096fe6.tar.bz2 vendor_replicant-dc699fb190a7249053c4f2fd280f9dc8a3096fe6.zip |
sepolicy: Permissions for userinit
Change-Id: Icaf9d191841a6214925729e40d84a61a2ebf2296
-rw-r--r-- | sepolicy/file_contexts | 1 | ||||
-rw-r--r-- | sepolicy/sysinit.te | 10 | ||||
-rw-r--r-- | sepolicy/userinit.te | 1 |
3 files changed, 12 insertions, 0 deletions
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index 7999ccd9..4f82c380 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -12,6 +12,7 @@ /system/bin/sysinit u:object_r:sysinit_exec:s0 /system/etc/init.d/90userinit u:object_r:userinit_exec:s0 +/data/local/userinit.sh u:object_r:userinit_data_exec:s0 # For minivold in recovery /sbin/minivold u:object_r:vold_exec:s0 diff --git a/sepolicy/sysinit.te b/sepolicy/sysinit.te index dea539e8..6fd0b856 100644 --- a/sepolicy/sysinit.te +++ b/sepolicy/sysinit.te @@ -9,3 +9,13 @@ allow sysinit shell_exec:file { rx_file_perms }; allow sysinit system_file:file { rx_file_perms }; allow sysinit self:process setcurrent; +userdebug_or_eng(` + allow sysinit userinit_data_exec:file { r_file_perms relabelto }; + allow sysinit property_socket:sock_file write; + allow sysinit init:unix_stream_socket connectto; + allow sysinit userinit_prop:property_service set; + allow sysinit sysfs:file rw_file_perms; + allow sysinit sysfs_devices_system_cpu:file write; + allow sysinit self:capability dac_override; + allow sysinit userinit_exec:file { rx_file_perms }; +') diff --git a/sepolicy/userinit.te b/sepolicy/userinit.te index caddb086..74072877 100644 --- a/sepolicy/userinit.te +++ b/sepolicy/userinit.te @@ -1,3 +1,4 @@ type userinit_exec, exec_type, file_type; +type userinit_data_exec, file_type; allow userinit_exec userinit_prop:property_service set; |