tequilaOS/platform_device_qcom_sepolicy-legacy-um
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

sepolicy: avoid avc denials in USTA test app path

Browse source 
Change-Id: I8f2ab92e54f66c79a2979c6825aed68f81a1739f
This commit is contained in:
Vivek Arugula 2019-09-20 19:32:58 +05:30 committed by Gerrit - the friendly Code Review server
parent 8cd61d361c
commit 11ff0c9a5d
5 changed files with 20 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
generic/vendor/test/usta_app.te vendored
View file

@ -61,3 +61,4 @@ allow usta_app persist_sensors_file:file create_file_perms;
allow usta_app mnt_vendor_file:dir create_dir_perms;
dontaudit usta_app system_data_file:file open;
allow usta_app cgroup:file w_file_perms;

5
generic/vendor/test/ustaservice_app.te vendored
View file

@ -31,6 +31,7 @@ app_domain(ustaservice_app)
#allow ustaservice_app usta_app_service:service_manager add;
allow ustaservice_app usta_app_service:service_manager find;
allow ustaservice_app activity_service:service_manager find;
allow ustaservice_app app_api_service:service_manager find;
userdebug_or_eng(`
allowxperm ustaservice_app self:{ socket qipcrtr_socket } ioctl msm_sock_ipc_ioctls;
@ -44,3 +45,7 @@ hwbinder_use(ustaservice_app)
userdebug_or_eng(`
diag_use(ustaservice_app)
')
allow ustaservice_app system_app_data_file:dir create_dir_perms;
allow ustaservice_app system_app_data_file:file create_file_perms;
allow ustaservice_app cgroup:file w_file_perms;

9
legacy/vendor/test/domain.te vendored
View file

@ -61,17 +61,20 @@ r_dir_file({system_server
system_app
mediaserver
cameraserver
surfaceflinger}, system_gles_data_file);
surfaceflinger
usta_app}, system_gles_data_file);
allow {system_server
system_app
mediaserver
cameraserver
surfaceflinger} system_gles_data_file:dir create_dir_perms;
surfaceflinger
usta_app} system_gles_data_file:dir create_dir_perms;
allow {system_server
system_app
mediaserver
cameraserver
surfaceflinger} system_gles_data_file:file create_file_perms;
surfaceflinger
usta_app} system_gles_data_file:file create_file_perms;
')

3
legacy/vendor/test/usta_app.te vendored
View file

@ -54,4 +54,5 @@ allow usta_app sensors_data_file:dir create_dir_perms;
allow usta_app sensors_data_file:file create_file_perms;
allow usta_app sensors_persist_file:dir create_dir_perms;
allow usta_app sensors_persist_file:file create_file_perms;
allow usta_app mnt_vendor_file:dir create_dir_perms;
allow usta_app mnt_vendor_file:dir create_dir_perms;
allow usta_app cgroup:file w_file_perms;

7
legacy/vendor/test/ustaservice_app.te vendored
View file

@ -30,6 +30,7 @@ app_domain(ustaservice_app)
allow ustaservice_app usta_app_service:service_manager add;
allow ustaservice_app usta_app_service:service_manager find;
allow ustaservice_app activity_service:service_manager find;
allow ustaservice_app app_api_service:service_manager find;
userdebug_or_eng(`
allowxperm ustaservice_app self:{ socket qipcrtr_socket } ioctl msm_sock_ipc_ioctls;
@ -42,4 +43,8 @@ hwbinder_use(ustaservice_app)
userdebug_or_eng(`
diag_use(ustaservice_app)
')
')
allow ustaservice_app system_app_data_file:dir create_dir_perms;
allow ustaservice_app system_app_data_file:file create_file_perms;
allow ustaservice_app cgroup:file w_file_perms;