tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Revert "ueventd: Grant write access to all files in /sys"

Browse source 
This reverts commit 5bf94cafdd.

Remove this temporary workaround.

Bug: 63147833
Test: Build policy
This commit is contained in:
Jeff Vander Stoep 2017-07-12 10:32:04 -07:00
parent 405473f737
commit dff3f37693
1 changed files with 8 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
public/ueventd.te
View file

@ -8,13 +8,15 @@ allow ueventd kmsg_device:chr_file rw_file_perms;
allow ueventd self:capability { chown mknod net_admin setgid fsetid sys_rawio dac_override fowner };
allow ueventd device:file create_file_perms;
r_dir_file(ueventd, rootfs)
# ueventd needs write access to files in /sys to regenerate uevents
allow ueventd { sysfs_type -usermodehelper }:file w_file_perms;
r_dir_file(ueventd, sysfs_type)
allow ueventd sysfs_type:{ file lnk_file } { relabelfrom relabelto setattr };
allow ueventd sysfs_type:dir { relabelfrom relabelto setattr };
r_dir_file(ueventd, rootfs)
allow ueventd sysfs:file w_file_perms;
allow ueventd sysfs_usb:file w_file_perms;
allow ueventd sysfs_hwrandom:file w_file_perms;
allow ueventd sysfs_zram_uevent:file w_file_perms;
allow ueventd sysfs_type:{ file lnk_file } { relabelfrom relabelto setattr getattr };
allow ueventd sysfs_type:dir { relabelfrom relabelto setattr r_dir_perms };
allow ueventd sysfs_devices_system_cpu:file rw_file_perms;
allow ueventd tmpfs:chr_file rw_file_perms;
allow ueventd dev_type:dir create_dir_perms;
allow ueventd dev_type:lnk_file { create unlink };