diff options
author | Jeff Vander Stoep <jeffv@google.com> | 2017-07-27 07:08:24 -0700 |
---|---|---|
committer | Jeff Vander Stoep <jeffv@google.com> | 2017-07-27 07:14:39 -0700 |
commit | 80e5c0bfa3e23f3e332366ee139510c98c6bcafe (patch) | |
tree | 7fab0b75d93460e29e5572bb0ca06a0354b06dba | |
parent | d191908f633ea003bcba5193ef781ae4b1ab0bcc (diff) | |
download | marlin-o-iot-preview-5.tar.gz |
Move sysfs access from domain_deprecated to radioandroid-o-iot-preview-5o-iot-preview-5
This permission appears to only be needed for radio on
Marlin/Sailfish. Moving these permissions with a TODO to reduce
the scope.
Bug: 28760354
Test: build
Merged-In: I62ab0e9315826387b8916a0a4213f63739e22fa2
Change-Id: I62ab0e9315826387b8916a0a4213f63739e22fa2
(cherry picked from commit b241130f040cab519df30425ae99d59f77524608)
-rw-r--r-- | sepolicy/radio.te | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/sepolicy/radio.te b/sepolicy/radio.te index 767e0a71..8d6fa235 100644 --- a/sepolicy/radio.te +++ b/sepolicy/radio.te @@ -17,3 +17,8 @@ userdebug_or_eng(` allow radio avtimer_device:chr_file rw_file_perms; allowxperm radio self:udp_socket ioctl priv_sock_ioctls; + +# TODO scope this down. Granting these here is not granting new permissions, +# just moving existing permissions from domain_deprecated to radio as part of +# b/28760354 in order to deprivilege other processes which do not need access. +r_dir_file(radio, sysfs) |