diff options
author | Jeff Vander Stoep <jeffv@google.com> | 2017-11-10 16:48:47 +0000 |
---|---|---|
committer | android-build-merger <android-build-merger@google.com> | 2017-11-10 16:48:47 +0000 |
commit | c0cda38e6aa5ef3e08ea728573306179aefb6798 (patch) | |
tree | 6f80b3e0807589b3142ab7eb15d0c56737c3e181 | |
parent | 979d0ed4eaf3b40657d0909096ce77f7f2c0e288 (diff) | |
parent | 70fa655659654209a6b31c841f8bdd03a1089d43 (diff) | |
download | dragon-c0cda38e6aa5ef3e08ea728573306179aefb6798.tar.gz |
Move platform/vendor data violations to device policy
am: 70fa655659
Change-Id: I2e79b2dd68ae0184802cd7a493c1a1dbadbf2f6b
-rw-r--r-- | sepolicy/hal_drm.te | 3 | ||||
-rw-r--r-- | sepolicy/hal_nfc.te | 3 | ||||
-rw-r--r-- | sepolicy/hal_wifi_supplicant.te | 6 | ||||
-rw-r--r-- | sepolicy/hostapd.te | 9 |
4 files changed, 21 insertions, 0 deletions
diff --git a/sepolicy/hal_drm.te b/sepolicy/hal_drm.te new file mode 100644 index 0000000..1bbb734 --- /dev/null +++ b/sepolicy/hal_drm.te @@ -0,0 +1,3 @@ +# Allow access to app_data and media_data_files +allow hal_drm media_data_file:dir create_dir_perms; +allow hal_drm media_data_file:file create_file_perms; diff --git a/sepolicy/hal_nfc.te b/sepolicy/hal_nfc.te new file mode 100644 index 0000000..664eaa9 --- /dev/null +++ b/sepolicy/hal_nfc.te @@ -0,0 +1,3 @@ +# Data file accesses. +allow hal_nfc nfc_data_file:dir create_dir_perms; +allow hal_nfc nfc_data_file:{ file lnk_file fifo_file } create_file_perms; diff --git a/sepolicy/hal_wifi_supplicant.te b/sepolicy/hal_wifi_supplicant.te new file mode 100644 index 0000000..b1f24d8 --- /dev/null +++ b/sepolicy/hal_wifi_supplicant.te @@ -0,0 +1,6 @@ +allow hal_wifi_supplicant wifi_data_file:dir create_dir_perms; +allow hal_wifi_supplicant wifi_data_file:file create_file_perms; + +# Create a socket for receiving info from wpa +allow hal_wifi_supplicant wpa_socket:dir create_dir_perms; +allow hal_wifi_supplicant wpa_socket:sock_file create_file_perms; diff --git a/sepolicy/hostapd.te b/sepolicy/hostapd.te new file mode 100644 index 0000000..15064a0 --- /dev/null +++ b/sepolicy/hostapd.te @@ -0,0 +1,9 @@ +# hostapd can read and write WiFi related data and configuration. +# For example, the entropy file is periodically updated. +allow hostapd wifi_data_file:file rw_file_perms; +r_dir_file(hostapd, wifi_data_file) + +# hostapd wants to create the directory holding its control socket. +allow hostapd hostapd_socket:dir create_dir_perms; +# hostapd needs to create, bind to, read, and write its control socket. +allow hostapd hostapd_socket:sock_file create_file_perms; |