tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Remove all denials caused by rild on tuna devices.

Browse source 
Tested on a maguro variant.
This commit is contained in:
William Roberts 2012-06-07 11:52:51 -04:00 committed by Stephen Smalley
parent 80ea1d2305
commit f6f87105d4
3 changed files with 12 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
nfc.te
View file

@ -10,3 +10,4 @@ allow nfc nfc_data_file:dir create_dir_perms;
allow nfc nfc_data_file:notdevfile_class_set create_file_perms;
allow nfc sysfs_nfc_power_writable:file rw_file_perms;
allow nfc sysfs:file write;

8
rild.te
View file

@ -12,12 +12,20 @@ allow rild self:capability { setuid net_admin net_raw };
allow rild alarm_device:chr_file rw_file_perms;
allow rild cgroup:dir create_dir_perms;
allow rild radio_device:chr_file rw_file_perms;
allow rild radio_device:blk_file r_file_perms;
allow rild qemu_device:chr_file rw_file_perms;
allow rild mtd_device:dir search;
allow rild efs_file:dir create_dir_perms;
allow rild efs_file:file create_file_perms;
allow rild shell_exec:file rx_file_perms;
allow rild bluetooth_efs_file:file r_file_perms;
allow rild radio_data_file:dir r_dir_perms;
allow rild radio_data_file:file rw_file_perms;
allow rild radio_device:lnk_file r_file_perms;
allow rild sdcard:dir r_dir_perms;
allow rild system_data_file:dir create_dir_perms;
allow rild system_data_file:file create_file_perms;
allow rild system_file:file x_file_perms;
dontaudit rild self:capability sys_admin;
# XXX Label sysfs files with a specific type?
allow rild sysfs:file rw_file_perms;

4
ueventd.te
View file

@ -5,7 +5,7 @@ tmpfs_domain(ueventd)
allow ueventd rootfs:file r_file_perms;
allow ueventd rootfs:file entrypoint;
allow ueventd init:process sigchld;
allow ueventd self:capability { chown mknod net_admin setgid fsetid };
allow ueventd self:capability { chown mknod net_admin setgid fsetid sys_rawio dac_override };
allow ueventd device:file create_file_perms;
allow ueventd device:chr_file rw_file_perms;
allow ueventd sysfs:file rw_file_perms;
@ -16,3 +16,5 @@ allow ueventd dev_type:lnk_file { create unlink };
allow ueventd dev_type:chr_file { create setattr unlink };
allow ueventd dev_type:blk_file { create setattr unlink };
allow ueventd self:netlink_kobject_uevent_socket *;
allow ueventd efs_file:dir search;
allow ueventd efs_file:file r_file_perms;