tequilaOS/platform_build
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Move qemud and /dev/qemu policy bits to emulator-specific sepolicy."

Browse source
This commit is contained in:
Nick Kralevich 2014-02-25 21:54:39 +00:00 committed by Gerrit Code Review
commit e715487031
18 changed files with 52 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
target/board/generic/BoardConfig.mk
View file

@ -77,6 +77,14 @@ TARGET_USERIMAGES_SPARSE_EXT_DISABLED := true
BOARD_SEPOLICY_DIRS += build/target/board/generic/sepolicy
BOARD_SEPOLICY_UNION += \
adbd.te \
bootanim.te \
device.te \
domain.te \
surfaceflinger.te
file.te \
file_contexts \
mediaserver.te \
qemud.te \
rild.te \
surfaceflinger.te \
system_server.te

1
target/board/generic/sepolicy/adbd.te Normal file
View file

@ -0,0 +1 @@
allow adbd qemu_device:chr_file rw_file_perms;

1
target/board/generic/sepolicy/device.te Normal file
View file

@ -0,0 +1 @@
type qemu_device, dev_type;

1
target/board/generic/sepolicy/file.te Normal file
View file

@ -0,0 +1 @@
type qemud_socket, file_type;

4
target/board/generic/sepolicy/file_contexts Normal file
View file

@ -0,0 +1,4 @@
/dev/qemu_.* u:object_r:qemu_device:s0
/dev/socket/qemud u:object_r:qemud_socket:s0
/system/bin/qemud u:object_r:qemud_exec:s0
/sys/qemu_trace(/.*)? -- u:object_r:sysfs_writable:s0

1
target/board/generic/sepolicy/mediaserver.te Normal file
View file

@ -0,0 +1 @@
allow mediaserver qemu_device:chr_file rw_file_perms;

6
target/board/generic/sepolicy/qemud.te Normal file
View file

@ -0,0 +1,6 @@
# qemu support daemon
type qemud, domain;
type qemud_exec, exec_type, file_type;
init_daemon_domain(qemud)
unconfined_domain(qemud)

2
target/board/generic/sepolicy/rild.te Normal file
View file

@ -0,0 +1,2 @@
allow rild qemu_device:chr_file rw_file_perms;
unix_socket_connect(rild, qemud, qemud)

2
target/board/generic/sepolicy/system_server.te Normal file
View file

@ -0,0 +1,2 @@
unix_socket_connect(system_server, qemud, qemud)
allow system_server qemu_device:chr_file rw_file_perms;

7
target/board/generic_x86/BoardConfig.mk
View file

@ -45,8 +45,15 @@ TARGET_USERIMAGES_SPARSE_EXT_DISABLED := true
BOARD_SEPOLICY_DIRS += build/target/board/generic_x86/sepolicy
BOARD_SEPOLICY_UNION += \
adbd.te \
device.te \
domain.te \
file.te \
file_contexts \
healthd.te \
installd.te \
mediaserver.te \
qemud.te \
rild.te \
system_server.te \
zygote.te

1
target/board/generic_x86/sepolicy/adbd.te Normal file
View file

@ -0,0 +1 @@
allow adbd qemu_device:chr_file rw_file_perms;

1
target/board/generic_x86/sepolicy/device.te Normal file
View file

@ -0,0 +1 @@
type qemu_device, dev_type;

1
target/board/generic_x86/sepolicy/file.te Normal file
View file

@ -0,0 +1 @@
type qemud_socket, file_type;

4
target/board/generic_x86/sepolicy/file_contexts Normal file
View file

@ -0,0 +1,4 @@
/dev/qemu_.* u:object_r:qemu_device:s0
/dev/socket/qemud u:object_r:qemud_socket:s0
/system/bin/qemud u:object_r:qemud_exec:s0
/sys/qemu_trace(/.*)? -- u:object_r:sysfs_writable:s0

1
target/board/generic_x86/sepolicy/mediaserver.te Normal file
View file

@ -0,0 +1 @@
allow mediaserver qemu_device:chr_file rw_file_perms;

6
target/board/generic_x86/sepolicy/qemud.te Normal file
View file

@ -0,0 +1,6 @@
# qemu support daemon
type qemud, domain;
type qemud_exec, exec_type, file_type;
init_daemon_domain(qemud)
unconfined_domain(qemud)

2
target/board/generic_x86/sepolicy/rild.te Normal file
View file

@ -0,0 +1,2 @@
allow rild qemu_device:chr_file rw_file_perms;
unix_socket_connect(rild, qemud, qemud)

2
target/board/generic_x86/sepolicy/system_server.te
View file

@ -1 +1,3 @@
allow system_server self:process execmem;
unix_socket_connect(system_server, qemud, qemud)
allow system_server qemu_device:chr_file rw_file_perms;