Merge "Create sysfs_hwrandom type." into nyc-dev
This commit is contained in:
commit
9404522aeb
4 changed files with 7 additions and 0 deletions
1
file.te
1
file.te
|
@ -25,6 +25,7 @@ type sysfs, fs_type, sysfs_type, mlstrustedobject;
|
|||
type sysfs_writable, fs_type, sysfs_type, mlstrustedobject;
|
||||
type sysfs_batteryinfo, fs_type, sysfs_type;
|
||||
type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject;
|
||||
type sysfs_hwrandom, fs_type, sysfs_type;
|
||||
type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject;
|
||||
type sysfs_wake_lock, fs_type, sysfs_type;
|
||||
type sysfs_mac_address, fs_type, sysfs_type;
|
||||
|
|
|
@ -359,6 +359,7 @@
|
|||
/sys/devices/system/cpu(/.*)? u:object_r:sysfs_devices_system_cpu:s0
|
||||
/sys/devices/virtual/block/zram\d+(/.*)? u:object_r:sysfs_zram:s0
|
||||
/sys/devices/virtual/block/zram\d+/uevent u:object_r:sysfs_zram_uevent:s0
|
||||
/sys/devices/virtual/misc/hw_random(/.*)? u:object_r:sysfs_hwrandom:s0
|
||||
/sys/power/wake_lock -- u:object_r:sysfs_wake_lock:s0
|
||||
/sys/power/wake_unlock -- u:object_r:sysfs_wake_lock:s0
|
||||
/sys/kernel/uevent_helper -- u:object_r:usermodehelper:s0
|
||||
|
|
|
@ -14,6 +14,7 @@ allow ueventd self:capability { chown mknod net_admin setgid fsetid sys_rawio da
|
|||
allow ueventd device:file create_file_perms;
|
||||
allow ueventd device:chr_file rw_file_perms;
|
||||
allow ueventd sysfs:file rw_file_perms;
|
||||
allow ueventd sysfs_hwrandom:file w_file_perms;
|
||||
allow ueventd sysfs_zram_uevent:file w_file_perms;
|
||||
allow ueventd sysfs_type:{ file lnk_file } { relabelfrom relabelto setattr getattr };
|
||||
allow ueventd sysfs_type:dir { relabelfrom relabelto setattr r_dir_perms };
|
||||
|
|
|
@ -102,6 +102,10 @@ allow untrusted_app proc:file r_file_perms;
|
|||
# access /proc/net/xt_qtguid/stats
|
||||
r_dir_file(untrusted_app, proc_net)
|
||||
|
||||
# Cts: HwRngTest
|
||||
allow untrusted_app sysfs_hwrandom:dir search;
|
||||
allow untrusted_app sysfs_hwrandom:file r_file_perms;
|
||||
|
||||
###
|
||||
### neverallow rules
|
||||
###
|
||||
|
|
Loading…
Reference in a new issue