diff options
Diffstat (limited to 'selinux')
-rw-r--r-- | selinux/bluetooth.te | 2 | ||||
-rw-r--r-- | selinux/file.te | 2 | ||||
-rw-r--r-- | selinux/file_contexts | 6 | ||||
-rw-r--r-- | selinux/gpsd.te | 1 | ||||
-rw-r--r-- | selinux/mediaserver.te | 4 | ||||
-rw-r--r-- | selinux/nfc.te | 2 | ||||
-rw-r--r-- | selinux/sysinit.te | 7 | ||||
-rw-r--r-- | selinux/system_server.te | 12 | ||||
-rw-r--r-- | selinux/ueventd.te | 4 | ||||
-rw-r--r-- | selinux/wpa_supplicant.te | 1 |
10 files changed, 29 insertions, 12 deletions
diff --git a/selinux/bluetooth.te b/selinux/bluetooth.te index 76e62ea..9d11918 100644 --- a/selinux/bluetooth.te +++ b/selinux/bluetooth.te @@ -1,4 +1,6 @@ allow bluetooth bluetooth_efs_file:dir search; allow bluetooth bluetooth_efs_file:file read; +allow bluetooth firmware_exynos:dir { open read search }; +allow bluetooth firmware_exynos:file { open read }; allow bluetooth sysfs:file write; allow bluetooth efs_device_file:dir search; diff --git a/selinux/file.te b/selinux/file.te index 15e8eff..c686d2f 100644 --- a/selinux/file.te +++ b/selinux/file.te @@ -1,5 +1,5 @@ type firmware_mfc, file_type; -type firmware_camera, file_type; +type firmware_exynos, file_type; type sensors_data_file, file_type, data_file_type; type sysfs_display, fs_type, sysfs_type; diff --git a/selinux/file_contexts b/selinux/file_contexts index 42b5fe4..35e4e99 100644 --- a/selinux/file_contexts +++ b/selinux/file_contexts @@ -28,7 +28,7 @@ # GPS /dev/ttySAC1 u:object_r:gps_device:s0 -/system/bin/gpsd u:object_r:gpsd_exec:s0 +/system/bin/glgps u:object_r:gpsd_exec:s0 # Sensors /dev/akm8975 u:object_r:sensors_device:s0 @@ -39,9 +39,9 @@ /efs/wifi/.mac.info u:object_r:wifi_data_file:s0 # Firmwares -/system/vendor/firmware(/.*)? u:object_r:firmware_camera:s0 +/system/vendor/firmware(/.*)? u:object_r:firmware_exynos:s0 /system/vendor/firmware/mfc_fw.bin u:object_r:firmware_mfc:s0 -/data/cfw(/.*)? u:object_r:firmware_camera:s0 +/data/cfw(/.*)? u:object_r:firmware_exynos:s0 # Vibrator /dev/tspdrv u:object_r:input_device:s0 diff --git a/selinux/gpsd.te b/selinux/gpsd.te index 5c7e39c..d58665e 100644 --- a/selinux/gpsd.te +++ b/selinux/gpsd.te @@ -1,3 +1,4 @@ +allow gpsd self:process execmem; allow gpsd rild:unix_stream_socket connectto; allow gpsd system_data_file:fifo_file { create read write setattr open }; allow gpsd servicemanager:binder call; diff --git a/selinux/mediaserver.te b/selinux/mediaserver.te index 6145b7c..43f5b21 100644 --- a/selinux/mediaserver.te +++ b/selinux/mediaserver.te @@ -1,5 +1,5 @@ -allow mediaserver { firmware_camera }:file r_file_perms; -allow mediaserver firmware_camera:dir r_dir_perms; +allow mediaserver { firmware_exynos }:file r_file_perms; +allow mediaserver firmware_exynos:dir r_dir_perms; allow mediaserver camera_data_file:file rw_file_perms; allow mediaserver mfc_device:chr_file rw_file_perms; diff --git a/selinux/nfc.te b/selinux/nfc.te index b8d1d44..6a6e324 100644 --- a/selinux/nfc.te +++ b/selinux/nfc.te @@ -1 +1 @@ -allow nfc firmware_camera:dir search; +allow nfc firmware_exynos:dir search; diff --git a/selinux/sysinit.te b/selinux/sysinit.te index 55e9dc5..0436ffe 100644 --- a/selinux/sysinit.te +++ b/selinux/sysinit.te @@ -1,6 +1,7 @@ -allow sysinit firmware_camera:dir { read search open getattr }; +allow sysinit firmware_exynos:dir { read search open getattr }; allow sysinit userinit_exec:file { getattr execute execute_no_trans read open }; -allow sysinit firmware_camera:dir { read search open getattr write remove_name add_name }; -allow sysinit firmware_camera:file { read open write getattr setattr create unlink }; +allow sysinit firmware_exynos:dir { read search open getattr write remove_name add_name }; +allow sysinit firmware_exynos:file { read open write getattr setattr create unlink }; allow sysinit sysinit:capability { dac_override chown fowner fsetid }; allow sysinit unlabeled:dir { search }; +allow sysinit surfaceflinger_exec:file { getattr }; diff --git a/selinux/system_server.te b/selinux/system_server.te index e42bdd0..a6b65ce 100644 --- a/selinux/system_server.te +++ b/selinux/system_server.te @@ -7,6 +7,7 @@ allow system_server sysfs:file { read open write }; allow system_server self:capability { sys_module }; allow system_server efs_file:dir search; +allow system_server efs_file:file read; allow system_server efs_device_file:dir search; allow system_server uhid_device:chr_file { read ioctl write open }; @@ -16,3 +17,14 @@ allow system_server wifi_data_file:file { read open }; allow system_server default_prop:property_service set; allow system_server gpsd:binder transfer; +type_transition system_server system_data_file:fifo_file gps_data_file ".gps.interface.pipe.to_jni"; + +# Access .gps.interface.pipe.to_gpsd. +allow system_server gps_data_file:dir search; +allow system_server gps_data_file:fifo_file { write setattr rw_file_perms }; + +# Access /data/sensors/gps* socket +allow system_server gps_data_file:sock_file create_file_perms; +allow system_server gps_data_file:dir rw_dir_perms; +allow system_server gps_data_file:file rw_file_perms; + diff --git a/selinux/ueventd.te b/selinux/ueventd.te index 1d993e4..8044d34 100644 --- a/selinux/ueventd.te +++ b/selinux/ueventd.te @@ -1,4 +1,4 @@ # Firmwares allow ueventd { firmware_mfc }:file r_file_perms; -allow ueventd { firmware_camera }:dir search; -allow ueventd { firmware_camera }:file { read getattr open }; +allow ueventd { firmware_exynos }:dir search; +allow ueventd { firmware_exynos }:file { read getattr open }; diff --git a/selinux/wpa_supplicant.te b/selinux/wpa_supplicant.te index 6e221e3..c7568f3 100644 --- a/selinux/wpa_supplicant.te +++ b/selinux/wpa_supplicant.te @@ -7,4 +7,5 @@ allow wpa wpa_socket:unix_dgram_socket { read write }; allow wpa_socket system_app:unix_dgram_socket sendto; allow wpa_socket wifi_data_file:sock_file unlink; + allow wpa rfkill_device:chr_file rw_file_perms; |