diff options
| author | mark <mcampbellsmith@gmail.com> | 2013-08-16 22:37:42 +1000 |
|---|---|---|
| committer | Gerrit Code Review <gerrit@cyanogenmod.org> | 2013-08-24 15:18:37 +0000 |
| commit | e752b23df936271a20a2da6f5818067535a2e7be (patch) | |
| tree | 344b8383b833ee15b69f11ae524351be846b1f54 /selinux/secril.te | |
| parent | 80e197c1e48c55a79249140d84585493dac24ad8 (diff) | |
| download | device_samsung_i9305-e752b23df936271a20a2da6f5818067535a2e7be.zip device_samsung_i9305-e752b23df936271a20a2da6f5818067535a2e7be.tar.gz device_samsung_i9305-e752b23df936271a20a2da6f5818067535a2e7be.tar.bz2 | |
i9305: Add selinux policies
Change-Id: I69d96e7084c7b0871c9d2cd318db05b461912a43
Diffstat (limited to 'selinux/secril.te')
| -rw-r--r-- | selinux/secril.te | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/selinux/secril.te b/selinux/secril.te new file mode 100644 index 0000000..7761d80 --- /dev/null +++ b/selinux/secril.te @@ -0,0 +1,25 @@ +# sec-ril +type secril-daemon, domain; +type secril-daemon_exec, exec_type, file_type; + +# Start /system/bin/sec-ril from init +init_daemon_domain(secril-daemon) + +allow secril-daemon secril-daemon_exec:file { open execute_no_trans getattr }; +allow secril-daemon self:udp_socket { create ioctl }; +unix_socket_connect(secril-daemon, property, init) +unix_socket_connect(secril-daemon, rild, rild) + +allow secril-daemon { efs_file }:file rw_file_perms; +allow secril-daemon system_data_file:dir create_dir_perms; +allow secril-daemon system_data_file:file unlink; +allow secril-daemon radio_data_file:file { create_file_perms }; +allow secril-daemon kernel:system module_request; +allow secril-daemon self:capability { sys_module fsetid setuid setgid net_admin net_raw dac_override }; +allow secril-daemon system_file:file x_file_perms; +allow secril-daemon sysfs:file rw_file_perms; +allow secril-daemon shell_exec:file rx_file_perms; +allow secril-daemon app_data_file:file rw_file_perms; +allow secril-daemon app_data_file:dir search; +allow secril-daemon zygote_exec:file rx_file_perms; +allow secril-daemon ashmem_device:chr_file x_file_perms;
\ No newline at end of file |