Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
msm8937-common: sepolicy: Address more denials
* Also arrange sepolicies
- Loading branch information
1 parent
28b0c31
commit d5fe8be
Showing
14 changed files
with
45 additions
and
29 deletions.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,2 +1,29 @@ | ||
| type bluetooth_loader, domain; | ||
| type bluetooth_loader_exec, exec_type, vendor_file_type, file_type; | ||
|
|
||
| # Started by init | ||
| init_daemon_domain(bluetooth_loader) | ||
|
|
||
| # Get persist.service.bdroid.*, bluetooth.* and wcnss property values | ||
| get_prop(bluetooth_loader, bluetooth_prop) | ||
| get_prop(bluetooth_loader, wcnss_prop) | ||
|
|
||
| # Access the serial device | ||
| allow bluetooth_loader serial_device:chr_file rw_file_perms; | ||
|
|
||
| # And the smd device | ||
| allow bluetooth_loader smd_device:chr_file rw_file_perms; | ||
|
|
||
| allow bluetooth_loader persist_bluetooth_file:dir search; | ||
| allow bluetooth_loader persist_bluetooth_file:file rw_file_perms; | ||
|
|
||
| # And qmuxd | ||
| allow bluetooth_loader qmuxd_socket:dir create_dir_perms; | ||
| allow bluetooth_loader qmuxd_socket:sock_file create_file_perms; | ||
| allow bluetooth_loader qmuxd:unix_stream_socket connectto; | ||
|
|
||
| r_dir_file(bluetooth_loader, persist_file) | ||
|
|
||
| userdebug_or_eng(` | ||
| diag_use(bluetooth_loader) | ||
| ') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| allow dpmd self:capability dac_override; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| allow hal_audio_default sysfs:dir r_dir_perms; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| allow hal_ir_default sysfs_leds:dir search; | ||
| allow hal_ir_default sysfs:file { open read write }; |
This file was deleted.
Oops, something went wrong.
File renamed without changes.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| allow platform_app qemu_hw_mainkeys_prop:file read; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,4 +1,6 @@ | ||
| allow qti_init_shell bluetooth_data_file:file r_file_perms; | ||
| allow qti_init_shell bluetooth_loader_exec:file { read open }; | ||
| allow qti_init_shell hci_attach_dev:chr_file rw_file_perms; | ||
| allow qti_init_shell proc:dir setattr; | ||
| allow qti_init_shell sysfs:file write; | ||
| allow qti_init_shell sysfs_devices_system_cpu:dir write; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,2 +1,3 @@ | ||
| allow rild vendor_file:file ioctl; | ||
| allow rild rild_file:file r_file_perms; | ||
| set_prop(rild, system_radio_prop) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| allow thermal-engine file_contexts_file:file { getattr read open }; | ||
| allow thermal-engine self:process { setfscreate }; | ||
| allow thermal-engine socket_device:sock_file { create relabelfrom relabelto setattr }; | ||
| allow thermal-engine thermal_socket:sock_file { relabelfrom relabelto }; | ||
| allow thermal-engine vendor_shell_exec:file execute_no_trans; | ||
| allow thermal-engine vendor_toolbox_exec:file execute_no_trans; |