Merge "Make SELinux policies more 4.4 compatible" into cm-11.0

CyanogenMod · Dec 3, 2013 · a342fe2 · a342fe2
2 parents 4ed4fda + b67b732
commit a342fe2
Show file tree

Hide file tree

Showing 7 changed files with 11 additions and 8 deletions.
diff --git a/BoardCommonConfig.mk b/BoardCommonConfig.mk
@@ -142,10 +142,13 @@ BOARD_SEPOLICY_DIRS += \
 
 BOARD_SEPOLICY_UNION += \
     device.te \
+    drmserver.te \
+    ueventd.te \
     domain.te \
     file.te \
     file_contexts \
-    rild.te
+    rild.te \
+    vold.te
 
 # Recovery
 BOARD_CUSTOM_RECOVERY_KEYMAPPING := ../../device/samsung/galaxys2-common/recovery/recovery_keys.c

diff --git a/selinux/device.te b/selinux/device.te
@@ -1,3 +1,2 @@
-type mali_device, dev_type, mlstrustedobject;
 type rfkill_device, dev_type;
 type efs_block_device, dev_type;
diff --git a/selinux/domain.te b/selinux/domain.te
@@ -1,6 +1,3 @@
-## /dev/mali, /dev/ump
-allow domain mali_device:chr_file rw_file_perms;
-
 ## /dev/rfkill for wpa_supp
 allow wpa rfkill_device:chr_file rw_file_perms;
 

diff --git a/selinux/drmserver.te b/selinux/drmserver.te
@@ -0,0 +1 @@
+allow drmserver sdcard_external:file open;
diff --git a/selinux/file_contexts b/selinux/file_contexts
@@ -1,7 +1,7 @@
 # GFX
-/dev/mali                               u:object_r:mali_device:s0
-/dev/ump                                u:object_r:mali_device:s0
-/dev/fimg2d                             u:object_r:mali_device:s0
+/dev/mali                               u:object_r:graphics_device:s0
+/dev/ump                                u:object_r:graphics_device:s0
+/dev/fimg2d                             u:object_r:graphics_device:s0
 
 # RIL
 /dev/umts_boot0                         u:object_r:radio_device:s0

diff --git a/selinux/ueventd.te b/selinux/ueventd.te
@@ -0,0 +1,2 @@
+allow ueventd sdcard_external:dir search;
+allow ueventd sdcard_external:file r_file_perms;
diff --git a/selinux/vold.te b/selinux/vold.te
@@ -0,0 +1 @@
+allow vold sdcard_external:file rw_file_perms;