platform_system_sepolicy/private/nfc.te
Ruchi Kandoi 0393dafd5d Allow nfc application to set nfc property
type=1400 audit(1501520483.066:14): avc: denied { write } for pid=3330
comm=4173796E635461736B202331 name="property_service" dev="tmpfs"
ino=10749 scontext=u:r:nfc:s0 tcontext=u:object_r:property_socket:s0
tclass=sock_file permissive=0

Test: No sepolicy denials
Bug: 64010793
Change-Id: I8d73e8e19cd4d0a8c61f1f184820c53e5cc2b6d6
(cherry picked from commit df9649503a)
2017-08-01 20:35:07 +00:00

34 lines
1.1 KiB
Text

# nfc subsystem
typeattribute nfc coredomain;
app_domain(nfc)
net_domain(nfc)
binder_service(nfc)
add_service(nfc, nfc_service)
hal_client_domain(nfc, hal_nfc)
# Data file accesses.
allow nfc nfc_data_file:dir create_dir_perms;
allow nfc nfc_data_file:notdevfile_class_set create_file_perms;
# SoundPool loading and playback
allow nfc audioserver_service:service_manager find;
allow nfc drmserver_service:service_manager find;
allow nfc mediacodec_service:service_manager find;
allow nfc mediametrics_service:service_manager find;
allow nfc mediaextractor_service:service_manager find;
allow nfc mediaserver_service:service_manager find;
allow nfc radio_service:service_manager find;
allow nfc surfaceflinger_service:service_manager find;
allow nfc app_api_service:service_manager find;
allow nfc system_api_service:service_manager find;
allow nfc vr_manager_service:service_manager find;
set_prop(nfc, nfc_prop);
# already open bugreport file descriptors may be shared with
# the nfc process, from a file in
# /data/data/com.android.shell/files/bugreports/bugreport-*.
allow nfc shell_data_file:file read;