diff options
| author | tilaksidduram <tilaksidduram@gmail.com> | 2015-11-21 13:07:00 +0530 |
|---|---|---|
| committer | tilaksidduram <tilaksidduram@gmail.com> | 2015-11-21 13:07:00 +0530 |
| commit | b9382656be8e21727ba646340ca95255c7cda65d (patch) | |
| tree | 37379401ba31ba1bbed806c3e09fc696f62b8057 | |
| parent | bf09a17aaeaa177a582d749d8c8d41db55b90927 (diff) | |
| download | device_samsung_n7100-b9382656be8e21727ba646340ca95255c7cda65d.zip device_samsung_n7100-b9382656be8e21727ba646340ca95255c7cda65d.tar.gz device_samsung_n7100-b9382656be8e21727ba646340ca95255c7cda65d.tar.bz2 | |
n7100: Update sepolicy for M
| -rw-r--r-- | sepolicy/bluetooth.te | 2 | ||||
| -rw-r--r-- | sepolicy/device.te | 1 | ||||
| -rw-r--r-- | sepolicy/file.te | 2 | ||||
| -rw-r--r-- | sepolicy/gpsd.te | 3 | ||||
| -rw-r--r-- | sepolicy/mediaserver.te | 3 | ||||
| -rw-r--r-- | sepolicy/netd.te | 2 | ||||
| -rw-r--r-- | sepolicy/nfc.te | 3 | ||||
| -rw-r--r-- | sepolicy/rild.te | 2 | ||||
| -rw-r--r-- | sepolicy/servicemanager.te | 1 | ||||
| -rw-r--r-- | sepolicy/shared_relro.te | 1 | ||||
| -rw-r--r-- | sepolicy/system_server.te | 3 | ||||
| -rw-r--r-- | sepolicy/untrusted_app.te | 5 | ||||
| -rw-r--r-- | sepolicy/vold.te | 1 | ||||
| -rw-r--r-- | sepolicy/wpa.te | 1 | ||||
| -rw-r--r-- | sepolicy/wpa_supplicant.te | 11 | ||||
| -rw-r--r-- | sepolicy/zygote.te | 1 |
16 files changed, 39 insertions, 3 deletions
diff --git a/sepolicy/bluetooth.te b/sepolicy/bluetooth.te index 7106722..d2dd05f 100644 --- a/sepolicy/bluetooth.te +++ b/sepolicy/bluetooth.te @@ -2,3 +2,5 @@ allow bluetooth firmware_exynos:dir { read open search }; allow bluetooth firmware_exynos:file { read open }; allow bluetooth bluetooth_efs_file:dir search; allow bluetooth bluetooth_efs_file:file read; +allow bluetooth sysfs:file write; +allow bluetooth efs_device_file:dir search; diff --git a/sepolicy/device.te b/sepolicy/device.te index ef8edbe..4d1980c 100644 --- a/sepolicy/device.te +++ b/sepolicy/device.te @@ -12,6 +12,7 @@ type rfkill_device, dev_type; # MFC device type mfc_device, dev_type; +type hpd_device, dev_type; # Fm radio device type fm_radio_device, dev_type; diff --git a/sepolicy/file.te b/sepolicy/file.te index 6ada8e6..a5fb225 100644 --- a/sepolicy/file.te +++ b/sepolicy/file.te @@ -10,4 +10,6 @@ type sensors_data_file, file_type, data_file_type; # Display sysfs type sysfs_display, fs_type, sysfs_type; +type efs_device_file, file_type; + diff --git a/sepolicy/gpsd.te b/sepolicy/gpsd.te index 309ab1a..9d588f3 100644 --- a/sepolicy/gpsd.te +++ b/sepolicy/gpsd.te @@ -1,7 +1,8 @@ allow gpsd rild:unix_stream_socket connectto; allow gpsd system_data_file:dir { add_name write }; -allow gpsd system_data_file:file { create write lock open }; +#allow gpsd system_data_file:file { create write lock open }; allow gpsd system_data_file:fifo_file { create read write open setattr }; +allow gpsd system_data_file:dir { read write setattr open add_name }; allow gpsd sysfs_wake_lock:file { read write open }; allow gpsd servicemanager:binder call; allow gpsd system_server:binder call; diff --git a/sepolicy/mediaserver.te b/sepolicy/mediaserver.te index 8d43cdb..0cfdc9c 100644 --- a/sepolicy/mediaserver.te +++ b/sepolicy/mediaserver.te @@ -1,3 +1,6 @@ allow mediaserver camera_data_file:file write; allow mediaserver mfc_device:chr_file { read write ioctl open }; allow mediaserver ump_device:chr_file { read write ioctl open }; + +# Bluetooth audio +allow mediaserver bluetooth:unix_stream_socket { connectto }; diff --git a/sepolicy/netd.te b/sepolicy/netd.te index ee1496b..30d6940 100644 --- a/sepolicy/netd.te +++ b/sepolicy/netd.te @@ -1 +1,3 @@ allow netd self:capability fsetid; +allow netd init:tcp_socket { read write getopt }; +allow netd log_device:chr_file { open write }; diff --git a/sepolicy/nfc.te b/sepolicy/nfc.te index 6a6e324..e1f83cb 100644 --- a/sepolicy/nfc.te +++ b/sepolicy/nfc.te @@ -1 +1,2 @@ -allow nfc firmware_exynos:dir search; +allow nfc firmware_camera:dir { search }; +allow nfc log_device:chr_file { write }; diff --git a/sepolicy/rild.te b/sepolicy/rild.te index 061742a..32f520c 100644 --- a/sepolicy/rild.te +++ b/sepolicy/rild.te @@ -1,3 +1,3 @@ allow rild self:process execmem; -allow rild system_data_file:dir { write remove_name add_name setattr }; +#allow rild system_data_file:dir { write remove_name add_name setattr }; allow rild system_data_file:file { write create unlink setattr }; diff --git a/sepolicy/servicemanager.te b/sepolicy/servicemanager.te index 3b3bda8..4f5475d 100644 --- a/sepolicy/servicemanager.te +++ b/sepolicy/servicemanager.te @@ -1,4 +1,5 @@ allow servicemanager gpsd:dir search; allow servicemanager gpsd:file { read open }; allow servicemanager gpsd:process getattr; +allow servicemanager log_device:chr_file { open write }; diff --git a/sepolicy/shared_relro.te b/sepolicy/shared_relro.te new file mode 100644 index 0000000..f7f75b3 --- /dev/null +++ b/sepolicy/shared_relro.te @@ -0,0 +1 @@ +allow shared_relro log_device:chr_file { write }; diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te index f18517d..4b700e5 100644 --- a/sepolicy/system_server.te +++ b/sepolicy/system_server.te @@ -4,4 +4,7 @@ allow system_server sensors_data_file:file { read open }; allow system_server uhid_device:chr_file { read write ioctl open }; allow system_server ump_device:chr_file { read write ioctl open }; allow system_server gpsd:binder transfer; +allow system_server dex2oat_exec:file { execute execute_no_trans read open }; +allow system_server system_file:file { execmod }; +allow system_server self:capability sys_module; diff --git a/sepolicy/untrusted_app.te b/sepolicy/untrusted_app.te index adaf51a..a937288 100644 --- a/sepolicy/untrusted_app.te +++ b/sepolicy/untrusted_app.te @@ -1,2 +1,7 @@ allow untrusted_app ump_device:chr_file { open read write ioctl }; +allow untrusted_app block_device:dir { open read search }; +allow untrusted_app kernel:system { module_request }; +allow untrusted_app firmware_camera:dir { read getattr open }; +allow untrusted_app firmware_camera:file getattr; +allow untrusted_app firmware_mfc:file getattr; diff --git a/sepolicy/vold.te b/sepolicy/vold.te index 8068d38..1418d7a 100644 --- a/sepolicy/vold.te +++ b/sepolicy/vold.te @@ -1,2 +1,3 @@ allow vold efs_file:dir { read getattr open ioctl }; +allow vold boot_block_device:blk_file { read write open ioctl getattr }; diff --git a/sepolicy/wpa.te b/sepolicy/wpa.te index 4f5ef08..b44a49c 100644 --- a/sepolicy/wpa.te +++ b/sepolicy/wpa.te @@ -1 +1,2 @@ allow wpa rfkill_device:chr_file { read open }; +allow wpa log_device:chr_file { open write }; diff --git a/sepolicy/wpa_supplicant.te b/sepolicy/wpa_supplicant.te new file mode 100644 index 0000000..98fdc25 --- /dev/null +++ b/sepolicy/wpa_supplicant.te @@ -0,0 +1,11 @@ +allow wpa init:unix_dgram_socket { read write }; + +# logwrapper used with wpa_supplicant +allow wpa devpts:chr_file { read write }; + +allow wpa wpa_socket:unix_dgram_socket { read write }; +allow wpa_socket system_server:unix_dgram_socket sendto; + +allow wpa_socket wifi_data_file:sock_file unlink; +allow wpa rfkill_device:chr_file rw_file_perms; +allow wpa log_device:chr_file { open }; diff --git a/sepolicy/zygote.te b/sepolicy/zygote.te new file mode 100644 index 0000000..05c4d7d --- /dev/null +++ b/sepolicy/zygote.te @@ -0,0 +1 @@ +allow zygote log_device:chr_file { open }; |