summaryrefslogtreecommitdiffstats
path: root/selinux/secril.te
diff options
context:
space:
mode:
Diffstat (limited to 'selinux/secril.te')
-rw-r--r--selinux/secril.te25
1 files changed, 25 insertions, 0 deletions
diff --git a/selinux/secril.te b/selinux/secril.te
new file mode 100644
index 0000000..7761d80
--- /dev/null
+++ b/selinux/secril.te
@@ -0,0 +1,25 @@
+# sec-ril
+type secril-daemon, domain;
+type secril-daemon_exec, exec_type, file_type;
+
+# Start /system/bin/sec-ril from init
+init_daemon_domain(secril-daemon)
+
+allow secril-daemon secril-daemon_exec:file { open execute_no_trans getattr };
+allow secril-daemon self:udp_socket { create ioctl };
+unix_socket_connect(secril-daemon, property, init)
+unix_socket_connect(secril-daemon, rild, rild)
+
+allow secril-daemon { efs_file }:file rw_file_perms;
+allow secril-daemon system_data_file:dir create_dir_perms;
+allow secril-daemon system_data_file:file unlink;
+allow secril-daemon radio_data_file:file { create_file_perms };
+allow secril-daemon kernel:system module_request;
+allow secril-daemon self:capability { sys_module fsetid setuid setgid net_admin net_raw dac_override };
+allow secril-daemon system_file:file x_file_perms;
+allow secril-daemon sysfs:file rw_file_perms;
+allow secril-daemon shell_exec:file rx_file_perms;
+allow secril-daemon app_data_file:file rw_file_perms;
+allow secril-daemon app_data_file:dir search;
+allow secril-daemon zygote_exec:file rx_file_perms;
+allow secril-daemon ashmem_device:chr_file x_file_perms; \ No newline at end of file
generated by cgit v1.1 at 2024-12-22 10:16:41 +0000