summaryrefslogtreecommitdiffstats
path: root/selinux/kickstart.te
diff options
context:
space:
mode:
Diffstat (limited to 'selinux/kickstart.te')
-rwxr-xr-xselinux/kickstart.te44
1 files changed, 0 insertions, 44 deletions
diff --git a/selinux/kickstart.te b/selinux/kickstart.te
deleted file mode 100755
index 14e1ad5..0000000
--- a/selinux/kickstart.te
+++ /dev/null
@@ -1,44 +0,0 @@
-# kickstart processes and scripts
-type kickstart, domain;
-type kickstart_exec, exec_type, file_type;
-
-# kickstart_checker.sh talks to init over the property socket
-unix_socket_connect(kickstart, property, init)
-
-# Start /system/bin/qcks from init
-init_daemon_domain(kickstart)
-
-# Spawn /system/bin/efsks and /system/bin/ks
-allow kickstart kickstart_exec:file { open execute_no_trans getattr };
-
-# Run dd on m9kefs[123] block devices; write to /data/qcks/
-# Run cat on firmware and m9kefs[123] data; write to /data/qcks/
-allow kickstart efs_block_device:blk_file rw_file_perms;
-allow kickstart kickstart_data_file:file create_file_perms;
-allow kickstart kickstart_data_file:dir rw_dir_perms;
-allow kickstart radio_efs_file:file r_file_perms;
-allow kickstart radio_efs_file:dir search;
-
-# Let qcks access /dev/mdm node (modem driver)
-allow kickstart radio_device:chr_file rw_file_perms;
-
-# Allow /dev/ttyUSB0 access
-allow kickstart radio_device:chr_file { write ioctl getattr };
-
-# Allow to run toolbox commands
-allow kickstart shell_exec:file rx_file_perms;
-# Toolbox commands for firmware dd
-allow kickstart system_file:file execute_no_trans;
-
-# Access to /dev/block/platform/msm_sdcc.1/by-name/m9kefs2
-allow kickstart block_device:dir { getattr write search };
-
-# Set system property key
-allow kickstart radio_prop:property_service set;
-
-allow kickstart shell_exec:file entrypoint;
-# ls on /data/qcks/
-allow kickstart self:capability { dac_override setuid };
-
-# XXX Label sysfs files with a specific type?
-allow kickstart sysfs:file rw_file_perms; \ No newline at end of file