Permalink
Browse files

Fix Bunch of Selinux denials

  • Loading branch information...
vibhoothiiaanand committed Jun 15, 2017
1 parent 8a60221 commit def24c87978d795a76830c7f351e51f8fe7be90e
View
@@ -1,2 +1,3 @@
allow audioserver system_data_file:sock_file write;
allow audioserver rootfs:lnk_file getattr;
allow audioserver diag_device:chr_file { read write ioctl open };
View
@@ -0,0 +1 @@
allow cnd diag_device:chr_file { read write ioctl open };
View
@@ -1 +1,3 @@
allow ims system_prop:property_service set;
allow ims diag_device:chr_file { read write ioctl open };
View
@@ -1,3 +1,4 @@
allow ipacm-diag property_socket:sock_file write;
allow ipacm-diag init:unix_stream_socket connectto;
allow ipacm-diag system_prop:property_service set;
allow ipacm-diag diag_device:chr_file { ioctl open };
View
@@ -0,0 +1,2 @@
allow ipacm ipacm-diag:unix_dgram_socket sendto;
allow ipacm ipacm_socket:sock_file write;
View
@@ -0,0 +1 @@
allow isolated_app app_data_file:dir getattr;
View
@@ -1,2 +1,6 @@
allow mm-qcamerad cam_sysfs:file { open read write };
allow mm-qcamerad stm_sensor:chr_file { ioctl open read };
allow mm-qcamerad node:tcp_socket node_bind;
allow mm-qcamerad port:tcp_socket name_bind;
allow mm-qcamerad self:tcp_socket { bind create setopt listen };
View
@@ -1,2 +1,3 @@
allow netmgrd self:capability { dac_read_search dac_override };
allow netmgrd self:capability dac_override;
allow netmgrd diag_device:chr_file { read write ioctl open };
View
@@ -1,2 +1,3 @@
allow rild nv_data_file:dir { getattr search write add_name };
allow rild nv_data_file:file { write open create };
allow rild diag_device:chr_file { read write };
@@ -15,3 +15,5 @@ allow system_server user_profile_data_file:dir { read open };
# Necessary for navbar
allow system_server qemu_hw_mainkeys_prop:property_service set;
allow system_server diag_device:chr_file { read write ioctl open };
allow system_server su:fifo_file write;
@@ -1,3 +1,4 @@
allow thermal-engine property_socket:sock_file write;
allow thermal-engine init:unix_stream_socket connectto;
allow thermal-engine system_prop:property_service set;
allow thermal-engine diag_device:chr_file { read write ioctl open };
View
@@ -1,3 +1,4 @@
allow time_daemon property_socket:sock_file write;
allow time_daemon init:unix_stream_socket connectto;
allow time_daemon system_prop:property_service set;
allow time_daemon diag_device:chr_file { read write ioctl open };
View
@@ -3,3 +3,4 @@ allow ueventd vfat:file { read open };
allow ueventd stm_sensor:chr_file { create setattr };
allow ueventd cam_sysfs:file relabelto;
allow ueventd cam_sysfs:file getattr;
allow ueventd system_file:dir { write remove_name add_name };
@@ -0,0 +1,2 @@
allow untrusted_app anr_data_file:file { read getattr };
allow untrusted_app rootfs:dir { read open };
View
@@ -1 +1,2 @@
allow wcnss_filter rootfs:lnk_file getattr;
allow wcnss_filter diag_device:chr_file { read write ioctl open };
@@ -1,4 +1,4 @@
allow wcnss_service self:capability { setgid setuid };
allow wcnss_service self:capability setgid;
allow wcnss_service self:capability setuid;
allow wcnss_service diag_device:chr_file { read write ioctl open };

0 comments on commit def24c8

Please sign in to comment.