diff options
| author | Vishal Mahaveer <vishalm@ti.com> | 2017-08-22 22:16:23 -0500 |
|---|---|---|
| committer | Vishal Mahaveer <vishalm@ti.com> | 2017-08-22 22:17:50 -0500 |
| commit | e3d327b96202111f3031a82eab57e77108b1c026 (patch) | |
| tree | f650c34279f144af87ff6a42d18ccf5b4f0b834b | |
| parent | 8bd75893ebf010815645fa5b6ebb18148c7e3dca (diff) | |
| download | jacinto6evm-e3d327b96202111f3031a82eab57e77108b1c026.tar.gz | |
jacinto6evm: sepolicy: update rules failing build
Change-Id: I9d43bbab7fad82815fcb6d4dbb3cf0547ef37121
Signed-off-by: Vishal Mahaveer <vishalm@ti.com>
| -rw-r--r-- | sepolicy/file_contexts | 4 | ||||
| -rw-r--r-- | sepolicy/lad_dra7xx.te | 2 | ||||
| -rw-r--r-- | sepolicy/mediaserver.te | 2 | ||||
| -rw-r--r-- | sepolicy/ueventd.te | 2 | ||||
| -rw-r--r-- | sepolicy/vis.te | 2 |
5 files changed, 6 insertions, 6 deletions
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index 8988df2..2a77ada 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -1,7 +1,7 @@ #Bluettoth tty device /dev/hci_tty u:object_r:bluetooth_control:s0 -/dev/ttyS2 u:object_r:hci_attach_dev:s0 -/system/bin/uim-sysfs u:object_r:hci_attach_exec:s0 +#/dev/ttyS2 u:object_r:hci_attach_dev:s0 +#/system/bin/uim-sysfs u:object_r:hci_attach_exec:s0 #Console /dev/ttyS0 u:object_r:console_device:s0 diff --git a/sepolicy/lad_dra7xx.te b/sepolicy/lad_dra7xx.te index ff95009..3b31bf2 100644 --- a/sepolicy/lad_dra7xx.te +++ b/sepolicy/lad_dra7xx.te @@ -9,7 +9,7 @@ init_daemon_domain(lad_dra7xx) allow lad_dra7xx devpts:chr_file {read write ioctl getattr }; allow lad_dra7xx lad_data_file:dir { create_dir_perms }; allow lad_dra7xx lad_data_file:fifo_file { create_file_perms }; -allow lad_dra7xx self:socket { create_socket_perms }; +allow lad_dra7xx self:socket { create_socket_perms_no_ioctl }; # Allow access to hwspinlock and uio device allow lad_dra7xx hwspinlock_dev:chr_file { rw_file_perms }; diff --git a/sepolicy/mediaserver.te b/sepolicy/mediaserver.te index 9e69353..c8e811e 100644 --- a/sepolicy/mediaserver.te +++ b/sepolicy/mediaserver.te @@ -7,6 +7,6 @@ allow mediaserver device:dir { read open }; allow mediaserver lad_data_file:fifo_file { create_file_perms }; allow mediaserver hwspinlock_dev:chr_file { rw_file_perms }; allow mediaserver cmem_dev:chr_file { rw_file_perms }; -allow mediaserver self:socket { create_socket_perms }; +allow mediaserver self:socket { create_socket_perms_no_ioctl }; allow mediaserver self:tcp_socket { create_stream_socket_perms }; allow mediaserver ctl_default_prop:property_service set; diff --git a/sepolicy/ueventd.te b/sepolicy/ueventd.te index 690cf1e..2f54d8e 100644 --- a/sepolicy/ueventd.te +++ b/sepolicy/ueventd.te @@ -1,3 +1,3 @@ #Rules for crda operations -allow ueventd self:netlink_generic_socket { create_socket_perms }; +allow ueventd self:netlink_generic_socket { create_socket_perms_no_ioctl }; allow ueventd system_file:file { execute_no_trans }; diff --git a/sepolicy/vis.te b/sepolicy/vis.te index 7f1356c..101cf39 100644 --- a/sepolicy/vis.te +++ b/sepolicy/vis.te @@ -7,7 +7,7 @@ init_daemon_domain(vis) # Allow access to IPC related resources allow vis devpts:chr_file { read write ioctl getattr }; allow vis fwmarkd_socket:sock_file write; -allow vis self:socket { create_socket_perms }; +allow vis self:socket { create_socket_perms_no_ioctl }; allow vis self:tcp_socket { create_stream_socket_perms }; allow vis netd:unix_stream_socket connectto; allow vis node:tcp_socket node_bind; |