Merge "Label system_server's dependencies in sysfs." am: 975efbe5d2
am: fb49dc5211
am: 8269fec076
Change-Id: I8d01d234ea9f72cd9d6b87ebec14dc026eaed6c9
This commit is contained in:
commit
24f994bba7
4 changed files with 35 additions and 4 deletions
|
@ -564,7 +564,15 @@
|
|||
(typeattributeset surfaceflinger_26_0 (surfaceflinger))
|
||||
(typeattributeset surfaceflinger_service_26_0 (surfaceflinger_service))
|
||||
(typeattributeset swap_block_device_26_0 (swap_block_device))
|
||||
(typeattributeset sysfs_26_0 (sysfs sysfs_dm))
|
||||
(typeattributeset sysfs_26_0
|
||||
( sysfs
|
||||
sysfs_android_usb
|
||||
sysfs_dm
|
||||
sysfs_ipv4
|
||||
sysfs_power
|
||||
sysfs_rtc
|
||||
sysfs_switch
|
||||
sysfs_wakeup_reasons))
|
||||
(typeattributeset sysfs_batteryinfo_26_0 (sysfs_batteryinfo))
|
||||
(typeattributeset sysfs_bluetooth_writable_26_0 (sysfs_bluetooth_writable))
|
||||
(typeattributeset sysfs_devices_system_cpu_26_0 (sysfs_devices_system_cpu))
|
||||
|
|
|
@ -60,18 +60,27 @@ genfscon cgroup / u:object_r:cgroup:s0
|
|||
# sysfs labels can be set by userspace.
|
||||
genfscon sysfs / u:object_r:sysfs:s0
|
||||
genfscon sysfs /devices/system/cpu u:object_r:sysfs_devices_system_cpu:s0
|
||||
genfscon sysfs /class/android_usb u:object_r:sysfs_android_usb:s0
|
||||
genfscon sysfs /class/leds u:object_r:sysfs_leds:s0
|
||||
genfscon sysfs /class/rtc u:object_r:sysfs_rtc:s0
|
||||
genfscon sysfs /class/switch u:object_r:sysfs_switch:s0
|
||||
genfscon sysfs /devices/platform/nfc-power/nfc_power u:object_r:sysfs_nfc_power_writable:s0
|
||||
genfscon sysfs /devices/virtual/android_usb u:object_r:sysfs_android_usb:s0
|
||||
genfscon sysfs /devices/virtual/block/dm- u:object_r:sysfs_dm:s0
|
||||
genfscon sysfs /devices/virtual/block/zram0 u:object_r:sysfs_zram:s0
|
||||
genfscon sysfs /devices/virtual/block/zram1 u:object_r:sysfs_zram:s0
|
||||
genfscon sysfs /devices/virtual/block/zram0/uevent u:object_r:sysfs_zram_uevent:s0
|
||||
genfscon sysfs /devices/virtual/block/zram1/uevent u:object_r:sysfs_zram_uevent:s0
|
||||
genfscon sysfs /devices/virtual/misc/hw_random u:object_r:sysfs_hwrandom:s0
|
||||
genfscon sysfs /devices/virtual/switch u:object_r:sysfs_switch:s0
|
||||
genfscon sysfs /fs/ext4/features u:object_r:sysfs_fs_ext4_features:s0
|
||||
genfscon sysfs /power/state u:object_r:sysfs_power:s0
|
||||
genfscon sysfs /power/wakeup_count u:object_r:sysfs_power:s0
|
||||
genfscon sysfs /power/wake_lock u:object_r:sysfs_wake_lock:s0
|
||||
genfscon sysfs /power/wake_unlock u:object_r:sysfs_wake_lock:s0
|
||||
genfscon sysfs /kernel/ipv4 u:object_r:sysfs_ipv4:s0
|
||||
genfscon sysfs /kernel/uevent_helper u:object_r:sysfs_usermodehelper:s0
|
||||
genfscon sysfs /kernel/wakeup_reasons u:object_r:sysfs_wakeup_reasons:s0
|
||||
genfscon sysfs /module/lowmemorykiller u:object_r:sysfs_lowmemorykiller:s0
|
||||
genfscon sysfs /module/wlan/parameters/fwpath u:object_r:sysfs_wlan_fwpath:s0
|
||||
genfscon sysfs /devices/virtual/timed_output/vibrator/enable u:object_r:sysfs_vibrator:s0
|
||||
|
|
|
@ -273,11 +273,20 @@ allow system_server mac_perms_file: file r_file_perms;
|
|||
# Check SELinux permissions.
|
||||
selinux_check_access(system_server)
|
||||
|
||||
# XXX Label sysfs files with a specific type?
|
||||
allow system_server sysfs:file rw_file_perms;
|
||||
r_dir_file(system_server, sysfs_android_usb)
|
||||
allow system_server sysfs_android_usb:file w_file_perms;
|
||||
|
||||
r_dir_file(system_server, sysfs_ipv4)
|
||||
allow system_server sysfs_ipv4:file w_file_perms;
|
||||
|
||||
r_dir_file(system_server, sysfs_rtc)
|
||||
r_dir_file(system_server, sysfs_switch)
|
||||
r_dir_file(system_server, sysfs_wakeup_reasons)
|
||||
|
||||
allow system_server sysfs_nfc_power_writable:file rw_file_perms;
|
||||
allow system_server sysfs_devices_system_cpu:file w_file_perms;
|
||||
allow system_server sysfs_mac_address:file r_file_perms;
|
||||
allow system_server sysfs_power:file rw_file_perms;
|
||||
allow system_server sysfs_thermal:dir search;
|
||||
allow system_server sysfs_thermal:file r_file_perms;
|
||||
|
||||
|
@ -683,7 +692,6 @@ r_dir_file(system_server, proc_pagetypeinfo)
|
|||
r_dir_file(system_server, proc_version)
|
||||
r_dir_file(system_server, proc_vmallocinfo)
|
||||
r_dir_file(system_server, rootfs)
|
||||
r_dir_file(system_server, sysfs_type)
|
||||
|
||||
### Rules needed when Light HAL runs inside system_server process.
|
||||
### These rules should eventually be granted only when needed.
|
||||
|
|
|
@ -44,16 +44,22 @@ type proc_zoneinfo, fs_type;
|
|||
type selinuxfs, fs_type, mlstrustedobject;
|
||||
type cgroup, fs_type, mlstrustedobject;
|
||||
type sysfs, fs_type, sysfs_type, mlstrustedobject;
|
||||
type sysfs_android_usb, fs_type, sysfs_type;
|
||||
type sysfs_uio, sysfs_type, fs_type;
|
||||
type sysfs_batteryinfo, fs_type, sysfs_type;
|
||||
type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject;
|
||||
type sysfs_dm, fs_type, sysfs_type;
|
||||
type sysfs_ipv4, fs_type, sysfs_type;
|
||||
type sysfs_leds, fs_type, sysfs_type;
|
||||
type sysfs_hwrandom, fs_type, sysfs_type;
|
||||
type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject;
|
||||
type sysfs_wake_lock, fs_type, sysfs_type;
|
||||
type sysfs_mac_address, fs_type, sysfs_type;
|
||||
type sysfs_power, fs_type, sysfs_type;
|
||||
type sysfs_rtc, fs_type, sysfs_type;
|
||||
type sysfs_switch, fs_type, sysfs_type;
|
||||
type sysfs_usb, sysfs_type, file_type, mlstrustedobject;
|
||||
type sysfs_wakeup_reasons, fs_type, sysfs_type;
|
||||
type sysfs_fs_ext4_features, sysfs_type, fs_type;
|
||||
type configfs, fs_type;
|
||||
# /sys/devices/system/cpu
|
||||
|
|
Loading…
Reference in a new issue