diff options
| author | Yongqin Liu <yongqin.liu@linaro.org> | 2015-11-20 02:31:24 +0800 |
|---|---|---|
| committer | Yongqin Liu <yongqin.liu@linaro.org> | 2015-11-20 10:00:32 +0800 |
| commit | d783979289422707b167fafd1b347202ee4edaf5 (patch) | |
| tree | 3f0deaf094e541f70bb0ac58a0e6e537f63d1f45 | |
| parent | 7ac0af23eb99825cee0e79f30f201c78063efe8a (diff) | |
| download | common-d783979289422707b167fafd1b347202ee4edaf5.tar.gz | |
sepolicy: update rule for marshmallow buildsRLCR-16.01RLCR-15.12
Change-Id: Id6d068cf84a8913541d3f24058b98ab184596283
Signed-off-by: Yongqin Liu <yongqin.liu@linaro.org>
| -rw-r--r-- | sepolicy/file_contexts | 2 | ||||
| -rw-r--r-- | sepolicy/hci_attach.te | 1 | ||||
| -rw-r--r-- | sepolicy/healthd.te | 1 | ||||
| -rw-r--r-- | sepolicy/linaro.te | 4 | ||||
| -rw-r--r-- | sepolicy/netd.te | 1 | ||||
| -rw-r--r-- | sepolicy/shell.te | 2 | ||||
| -rw-r--r-- | sepolicy/toolbox.te | 1 | ||||
| -rw-r--r-- | sepolicy/zygote.te | 1 |
8 files changed, 13 insertions, 0 deletions
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index 9de3217..fbccbdd 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -6,4 +6,6 @@ /dev/mali u:object_r:gpu_device:s0 /dev/dri/card0 u:object_r:gpu_device:s0 /dev/hci_tty u:object_r:hci_attach_dev:s0 +/dev/ttyAMA1 u:object_r:hci_attach_dev:s0 /system/bin/faketsd u:object_r:linaro_exec:s0 +/system/bin/uim u:object_r:hci_attach_exec:s0 diff --git a/sepolicy/hci_attach.te b/sepolicy/hci_attach.te new file mode 100644 index 0000000..08c3ebe --- /dev/null +++ b/sepolicy/hci_attach.te @@ -0,0 +1 @@ +allow hci_attach self:capability dac_override; diff --git a/sepolicy/healthd.te b/sepolicy/healthd.te new file mode 100644 index 0000000..5ae2745 --- /dev/null +++ b/sepolicy/healthd.te @@ -0,0 +1 @@ +allow healthd self:capability { dac_override dac_read_search sys_nice }; diff --git a/sepolicy/linaro.te b/sepolicy/linaro.te index 7ed01fa..f84d7db 100644 --- a/sepolicy/linaro.te +++ b/sepolicy/linaro.te @@ -1,9 +1,13 @@ type linaro, domain, mlstrustedsubject; type linaro_exec, exec_type, file_type; +init_daemon_domain(linaro) + allow linaro sysfs:file write; allow linaro proc:file write; allow linaro system_file:file execute_no_trans; allow linaro shell_exec:file rx_file_perms; +allow linaro self:capability dac_override; + permissive linaro; diff --git a/sepolicy/netd.te b/sepolicy/netd.te index 42717f5..ee36425 100644 --- a/sepolicy/netd.te +++ b/sepolicy/netd.te @@ -1,3 +1,4 @@ +dontaudit netd self:capability sys_module; allow netd usermodehelper:file r_file_perms; allow netd debug_prop:property_service set; allow netd kernel:system module_request; diff --git a/sepolicy/shell.te b/sepolicy/shell.te index f62b97a..696e36c 100644 --- a/sepolicy/shell.te +++ b/sepolicy/shell.te @@ -14,3 +14,5 @@ allow shell ctl_default_prop:property_service set; allow shell unlabeled:file r_file_perms; allow shell kernel:system module_request; + +allow shell debuggerd_exec:file rx_file_perms; diff --git a/sepolicy/toolbox.te b/sepolicy/toolbox.te new file mode 100644 index 0000000..3709919 --- /dev/null +++ b/sepolicy/toolbox.te @@ -0,0 +1 @@ +allow toolbox self:capability { dac_override dac_read_search sys_nice }; diff --git a/sepolicy/zygote.te b/sepolicy/zygote.te index 04fc7d3..d891909 100644 --- a/sepolicy/zygote.te +++ b/sepolicy/zygote.te @@ -1 +1,2 @@ allow zygote kernel:system module_request; +allow zygote self:capability sys_nice; |