diff options
| author | Simon Shields <keepcalm444@gmail.com> | 2015-12-12 15:24:33 +1100 |
|---|---|---|
| committer | Simon Shields <keepcalm444@gmail.com> | 2015-12-13 00:01:20 +1100 |
| commit | 7651d6d716cb6fd3ddb49e09b8cdd6bfbd82a62d (patch) | |
| tree | 132eb2fc093c2465ee943aa571a04b856b9d4856 | |
| parent | 0f6eaf519939d51b7d2c3018047b1bcabc73fa06 (diff) | |
| download | device_samsung_i9300-7651d6d716cb6fd3ddb49e09b8cdd6bfbd82a62d.zip device_samsung_i9300-7651d6d716cb6fd3ddb49e09b8cdd6bfbd82a62d.tar.gz device_samsung_i9300-7651d6d716cb6fd3ddb49e09b8cdd6bfbd82a62d.tar.bz2 | |
i9300: more selinux fixes
Change-Id: Ifa1f39c78c8b4fb96ab3024a4f7cdb3cc9d732bd
| -rw-r--r-- | rootdir/init.target.rc | 6 | ||||
| -rw-r--r-- | selinux/gpsd.te | 4 | ||||
| -rw-r--r-- | selinux/init.te | 2 | ||||
| -rw-r--r-- | selinux/macloader.te | 1 | ||||
| -rw-r--r-- | selinux/netd.te | 2 |
5 files changed, 15 insertions, 0 deletions
diff --git a/rootdir/init.target.rc b/rootdir/init.target.rc index c267195..4b9b015 100644 --- a/rootdir/init.target.rc +++ b/rootdir/init.target.rc @@ -34,6 +34,10 @@ on post-fs-data restorecon /sys/class/sec/gps/GPS_PWR_EN/value restorecon /sys/class/sec/gps/GPS_PWR_EN/direction + write /data/.cid.info 0 + restorecon /data/.cid.info + restorecon /data/ISP_CV + on fs # zram swapon_all /fstab.smdk4x12 @@ -54,3 +58,5 @@ service gps-daemon /system/bin/sh /system/bin/gps_daemon.sh user gps group system inet sdcard_rw gps seclabel u:r:glgps:s0 + + diff --git a/selinux/gpsd.te b/selinux/gpsd.te index a65f3da..589d15f 100644 --- a/selinux/gpsd.te +++ b/selinux/gpsd.te @@ -13,9 +13,13 @@ allow glgps gps_data_file:file { create rw_file_perms }; allow glgps gps_data_file:fifo_file { unlink create setattr getattr rw_file_perms }; allow glgps node:udp_socket { node_bind name_bind }; +allow glgps port:tcp_socket name_connect; +allow glgps self:tcp_socket { getopt write read }; allow glgps sysfs:file { setattr write }; allow glgps gps_device:chr_file { ioctl open read write }; allow glgps glgps:udp_socket { create bind }; +allow glgps glgps:tcp_socket { create connect }; +allow glgps fwmarkd_socket:sock_file write; allow glgps dnsproxyd_socket:sock_file write; allow glgps netd:unix_stream_socket connectto; diff --git a/selinux/init.te b/selinux/init.te index d9d20c2..795e077 100644 --- a/selinux/init.te +++ b/selinux/init.te @@ -7,6 +7,8 @@ allow init sysfs_display:lnk_file { read setattr }; allow init tmpfs:lnk_file create; allow init sysfs_sensor:lnk_file { setattr read }; +allow init rild:process noatsecure; + domain_trans(init, rootfs, glgps) domain_trans(init, rootfs, cpboot-daemon) domain_trans(init, rootfs, tinyplay) diff --git a/selinux/macloader.te b/selinux/macloader.te index 580f0d1..464f201 100644 --- a/selinux/macloader.te +++ b/selinux/macloader.te @@ -6,3 +6,4 @@ allow macloader efs_file:dir search; allow macloader efs_device_file:dir search; allow macloader wifi_data_file:file { read getattr open write setattr }; allow macloader self:capability { dac_override chown fowner fsetid }; +allow macloader system_data_file:dir w_dir_perms; diff --git a/selinux/netd.te b/selinux/netd.te index 2fdb809..eff1d89 100644 --- a/selinux/netd.te +++ b/selinux/netd.te @@ -1 +1,3 @@ allow netd init:tcp_socket { read write getopt }; +allow netd glgps:fd use; +allow netd glgps:tcp_socket { read write getopt setopt }; |