Move sysfs access from domain_deprecated to radioandroid-o-iot-preview-5 o-iot-preview-5

This permission appears to only be needed for radio on Marlin/Sailfish. Moving these permissions with a TODO to reduce the scope. Bug: 28760354 Test: build Merged-In: I62ab0e9315826387b8916a0a4213f63739e22fa2 Change-Id: I62ab0e9315826387b8916a0a4213f63739e22fa2 (cherry picked from commit b241130f040cab519df30425ae99d59f77524608)
author: Jeff Vander Stoep <jeffv@google.com> 2017-07-27 07:08:24 -0700
committer: Jeff Vander Stoep <jeffv@google.com> 2017-07-27 07:14:39 -0700
commit: 80e5c0bfa3e23f3e332366ee139510c98c6bcafe (patch)
tree: 7fab0b75d93460e29e5572bb0ca06a0354b06dba
parent: d191908f633ea003bcba5193ef781ae4b1ab0bcc (diff)
download: marlin-o-iot-preview-5.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/sepolicy/radio.te b/sepolicy/radio.te
index 767e0a71..8d6fa235 100644
--- a/sepolicy/radio.te
+++ b/sepolicy/radio.te
@@ -17,3 +17,8 @@ userdebug_or_eng(`
 allow radio avtimer_device:chr_file rw_file_perms;
 
 allowxperm radio self:udp_socket ioctl priv_sock_ioctls;
+
+# TODO scope this down. Granting these here is not granting new permissions,
+# just moving existing permissions from domain_deprecated to radio as part of
+# b/28760354 in order to deprivilege other processes which do not need access.
+r_dir_file(radio, sysfs)
author	Jeff Vander Stoep <jeffv@google.com>	2017-07-27 07:08:24 -0700
committer	Jeff Vander Stoep <jeffv@google.com>	2017-07-27 07:14:39 -0700
commit	80e5c0bfa3e23f3e332366ee139510c98c6bcafe (patch)
tree	7fab0b75d93460e29e5572bb0ca06a0354b06dba
parent	d191908f633ea003bcba5193ef781ae4b1ab0bcc (diff)
download	marlin-o-iot-preview-5.tar.gz