Merge "Added SE-Policy rules for usbudev on Vendor-14"

This commit is contained in:
qctecmdr 2024-04-03 15:57:06 -07:00 committed by Gerrit - the friendly Code Review server
commit 9c9ec91a94
2 changed files with 17 additions and 0 deletions

View file

@ -69,6 +69,7 @@
/(system_ext|system/system_ext)/bin/qxrsplitauxservice u:object_r:vendor_sys_sxrauxd_exec:s0 /(system_ext|system/system_ext)/bin/qxrsplitauxservice u:object_r:vendor_sys_sxrauxd_exec:s0
/(system_ext|system/system_ext)/bin/qsguard u:object_r:qsguard_exec:s0 /(system_ext|system/system_ext)/bin/qsguard u:object_r:qsguard_exec:s0
/system_ext/bin/virtual_keyboard u:object_r:vendor_virtual_keyboard_exec:s0 /system_ext/bin/virtual_keyboard u:object_r:vendor_virtual_keyboard_exec:s0
/system_ext/bin/usbudev u:object_r:vendor_usbudev_qti_exec:s0
####### data files ################ ####### data files ################
/data/dpm(/.*)? u:object_r:vendor_dpmd_data_file:s0 /data/dpm(/.*)? u:object_r:vendor_dpmd_data_file:s0

View file

@ -0,0 +1,16 @@
# Copyright (c) 2024 Qualcomm Innovation Center, Inc. All rights reserved.
# SPDX-License-Identifier: BSD-3-Clause-Clear
#============= vendor_usbudev_qti ==============
type vendor_usbudev_qti, domain, coredomain;
type vendor_usbudev_qti_exec, system_file_type, exec_type, file_type;
init_daemon_domain(vendor_usbudev_qti)
allow vendor_usbudev_qti self:netlink_kobject_uevent_socket { bind create getopt read setopt };
allow vendor_usbudev_qti toolbox_exec:file rx_file_perms;
allow vendor_usbudev_qti self:capability net_admin;
allow vendor_usbudev_qti self:netlink_route_socket { bind create getattr setopt nlmsg_write read write };
allow vendor_usbudev_qti self:udp_socket {create_socket_perms};
allowxperm vendor_usbudev_qti self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFADDR SIOCSIFNETMASK };
allow vendor_usbudev_qti shell_exec:file { rx_file_perms };
allow vendor_usbudev_qti system_file:file execute_no_trans;