Merge "Keep pre-existing sysfs write permissions." into nyc-dev
This commit is contained in:
TreeHugger Robot
Android (Google) Code Review
commit
b71cf12ffc
8 changed files with 22 additions and 0 deletions
|
|
@ -82,6 +82,9 @@ domain_auto_trans(dumpstate, vdc_exec, vdc)
|
|||
# TODO: create a new file class, instead of allowing write access to all of /sys
|
||||
allow dumpstate sysfs:file w_file_perms;
|
||||
|
||||
# TODO: added to match above sysfs rule. Remove me?
|
||||
allow dumpstate sysfs_usb:file w_file_perms;
|
||||
|
||||
# Other random bits of data we want to collect
|
||||
allow dumpstate qtaguid_proc:file r_file_perms;
|
||||
allow dumpstate debugfs:file r_file_perms;
|
||||
|
|
|
|||
3
gpsd.te
3
gpsd.te
|
|
@ -13,6 +13,9 @@ allow gpsd gps_socket:sock_file create_file_perms;
|
|||
# XXX Label sysfs files with a specific type?
|
||||
allow gpsd sysfs:file rw_file_perms;
|
||||
|
||||
# TODO: added to match above sysfs rule. Remove me?
|
||||
allow gpsd sysfs_usb:file w_file_perms;
|
||||
|
||||
allow gpsd gps_device:chr_file rw_file_perms;
|
||||
|
||||
# Execute the shell or system commands.
|
||||
|
|
|
|||
|
|
@ -19,6 +19,9 @@ binder_call(healthd, system_server)
|
|||
# TODO: Split into a separate type?
|
||||
allow healthd sysfs:file write;
|
||||
|
||||
# TODO: added to match above sysfs rule. Remove me?
|
||||
allow healthd sysfs_usb:file write;
|
||||
|
||||
allow healthd sysfs_batteryinfo:file r_file_perms;
|
||||
|
||||
###
|
||||
|
|
|
|||
3
netd.te
3
netd.te
|
|
@ -32,6 +32,9 @@ allow netd proc_net:file write;
|
|||
# XXX Split into its own type.
|
||||
allow netd sysfs:file write;
|
||||
|
||||
# TODO: added to match above sysfs rule. Remove me?
|
||||
allow netd sysfs_usb:file write;
|
||||
|
||||
# Needed to update /data/misc/wifi/hostapd.conf
|
||||
# TODO: See what we can do to reduce the need for
|
||||
# these capabilities
|
||||
|
|
|
|||
3
nfc.te
3
nfc.te
|
|
@ -17,6 +17,9 @@ allow nfc nfc_data_file:notdevfile_class_set create_file_perms;
|
|||
allow nfc sysfs_nfc_power_writable:file rw_file_perms;
|
||||
allow nfc sysfs:file write;
|
||||
|
||||
# TODO: added to match above sysfs rule. Remove me?
|
||||
allow nfc sysfs_usb:file write;
|
||||
|
||||
# SoundPool loading and playback
|
||||
allow nfc mediaserver_service:service_manager find;
|
||||
allow nfc audioserver_service:service_manager find;
|
||||
|
|
|
|||
|
|
@ -190,6 +190,9 @@ allow system_server sysfs_mac_address:file r_file_perms;
|
|||
allow system_server sysfs_thermal:dir search;
|
||||
allow system_server sysfs_thermal:file r_file_perms;
|
||||
|
||||
# TODO: added to match above sysfs rule. Remove me?
|
||||
allow system_server sysfs_usb:file w_file_perms;
|
||||
|
||||
# Access devices.
|
||||
allow system_server device:dir r_dir_perms;
|
||||
allow system_server mdns_socket:sock_file rw_file_perms;
|
||||
|
|
|
|||
|
|
@ -14,6 +14,7 @@ allow ueventd self:capability { chown mknod net_admin setgid fsetid sys_rawio da
|
|||
allow ueventd device:file create_file_perms;
|
||||
allow ueventd device:chr_file rw_file_perms;
|
||||
allow ueventd sysfs:file rw_file_perms;
|
||||
allow ueventd sysfs_usb:file w_file_perms;
|
||||
allow ueventd sysfs_hwrandom:file w_file_perms;
|
||||
allow ueventd sysfs_zram_uevent:file w_file_perms;
|
||||
allow ueventd sysfs_type:{ file lnk_file } { relabelfrom relabelto setattr getattr };
|
||||
|
|
|
|||
3
vold.te
3
vold.te
|
|
@ -90,6 +90,9 @@ allow vold self:capability { sys_ptrace kill };
|
|||
# XXX Label sysfs files with a specific type?
|
||||
allow vold sysfs:file rw_file_perms;
|
||||
|
||||
# TODO: added to match above sysfs rule. Remove me?
|
||||
allow vold sysfs_usb:file w_file_perms;
|
||||
|
||||
allow vold kmsg_device:chr_file rw_file_perms;
|
||||
|
||||
# Run fsck in the fsck domain.
|
||||
|
|
|
|||
Loading…
Reference in a new issue