diff options
author | myko <myko.hkg@gmail.com> | 2013-11-11 12:20:23 +0530 |
---|---|---|
committer | tilaksidduram <tilaksidduram@gmail.com> | 2013-11-17 11:45:13 +0530 |
commit | c4265aceacf50158cc3855d4b037d0f7b9cf092c (patch) | |
tree | 6d0b774d6d6a9ef08c0ec5993ae0a2145d81c6a3 | |
parent | 338cedd2c3076d28d1d3135212b3ca148bbb36f1 (diff) | |
download | device_samsung_n7100-c4265aceacf50158cc3855d4b037d0f7b9cf092c.zip device_samsung_n7100-c4265aceacf50158cc3855d4b037d0f7b9cf092c.tar.gz device_samsung_n7100-c4265aceacf50158cc3855d4b037d0f7b9cf092c.tar.bz2 |
N7100 - Added Selinux support
Change-Id: I8272187a8bfafbe0185be40c65fa166f711d4f1f
-rw-r--r-- | BoardConfig.mk | 16 | ||||
-rw-r--r-- | selinux/device.te | 3 | ||||
-rw-r--r-- | selinux/domain.te | 2 | ||||
-rw-r--r-- | selinux/file.te | 5 | ||||
-rw-r--r-- | selinux/file_contexts | 37 | ||||
-rw-r--r-- | selinux/init.te | 1 | ||||
-rw-r--r-- | selinux/mediaserver.te | 3 | ||||
-rw-r--r-- | selinux/rild.te | 7 | ||||
-rw-r--r-- | selinux/system.te | 10 | ||||
-rw-r--r-- | selinux/ueventd.te | 3 | ||||
-rwxr-xr-x | selinux/wpa_supplicant.te | 10 |
11 files changed, 97 insertions, 0 deletions
diff --git a/BoardConfig.mk b/BoardConfig.mk index f2cf6b3..a957a02 100644 --- a/BoardConfig.mk +++ b/BoardConfig.mk @@ -40,3 +40,19 @@ TARGET_OTA_ASSERT_DEVICE := t03g,n7100,GT-N7100 # Recovery TARGET_RECOVERY_FSTAB := device/samsung/n7100/rootdir/fstab.smdk4x12 RECOVERY_FSTAB_VERSION := 2 + +# Selinux +BOARD_SEPOLICY_DIRS += \ + device/samsung/n7100/selinux + +BOARD_SEPOLICY_UNION += \ + device.te \ + domain.te \ + file.te \ + file_contexts \ + init.te \ + mediaserver.te \ + rild.te \ + system.te \ + ueventd.te \ + wpa_supplicant.te diff --git a/selinux/device.te b/selinux/device.te new file mode 100644 index 0000000..cca8ee1 --- /dev/null +++ b/selinux/device.te @@ -0,0 +1,3 @@ +type mali_device, dev_type, mlstrustedobject; +type rfkill_device, dev_type; +type efs_block_device, dev_type; diff --git a/selinux/domain.te b/selinux/domain.te new file mode 100644 index 0000000..26e8033 --- /dev/null +++ b/selinux/domain.te @@ -0,0 +1,2 @@ +## /dev/mali, /dev/ump +allow domain mali_device:chr_file rw_file_perms; diff --git a/selinux/file.te b/selinux/file.te new file mode 100644 index 0000000..2a01dac --- /dev/null +++ b/selinux/file.te @@ -0,0 +1,5 @@ +type firmware_mfc, file_type; +type firmware_camera, file_type; + +type camera_data_file, file_type, data_file_type; +type sensors_data_file, file_type, data_file_type; diff --git a/selinux/file_contexts b/selinux/file_contexts new file mode 100644 index 0000000..9713bce --- /dev/null +++ b/selinux/file_contexts @@ -0,0 +1,37 @@ +# GFX +/dev/mali u:object_r:mali_device:s0 +/dev/ump u:object_r:mali_device:s0 +/dev/fimg2d u:object_r:mali_device:s0 + +# RIL +/dev/umts_boot0 u:object_r:radio_device:s0 +/dev/umts_boot1 u:object_r:radio_device:s0 +/dev/umts_ipc0 u:object_r:radio_device:s0 +/dev/umts_ramdump0 u:object_r:radio_device:s0 +/dev/umts_rfs0 u:object_r:radio_device:s0 + +/dev/block/mmcblk0p10 u:object_r:efs_block_device:s0 + +# Camera +/data/ISP_CV u:object_r:camera_data_file:s0 +/dev/exynos-mem u:object_r:video_device:s0 + +# Bluetooth +/dev/ttySAC0 u:object_r:hci_attach_dev:s0 +/efs/bluetooth/(/.*)? u:object_r:bluetooth_efs_file:s0 + +# GPS +/dev/ttySAC1 u:object_r:gps_device:s0 + +# Sensors +/dev/akm8975 u:object_r:sensors_device:s0 +/efs/gyro_cal_data u:object_r:sensors_data_file:s0 + +# Wifi +/dev/rfkill u:object_r:rfkill_device:s0 +/efs/wifi/.mac.info u:object_r:wifi_data_file:s0 + +# Firmwares +/system/vendor/firmware(/.*)? u:object_r:firmware_camera:s0 +/system/vendor/firmware/mfc_fw.bin u:object_r:firmware_mfc:s0 +/data/cfw(/.*)? u:object_r:firmware_camera:s0 diff --git a/selinux/init.te b/selinux/init.te new file mode 100644 index 0000000..3f11893 --- /dev/null +++ b/selinux/init.te @@ -0,0 +1 @@ +allow init wpa_socket:unix_dgram_socket { bind create }; diff --git a/selinux/mediaserver.te b/selinux/mediaserver.te new file mode 100644 index 0000000..520da3a --- /dev/null +++ b/selinux/mediaserver.te @@ -0,0 +1,3 @@ +allow mediaserver { firmware_camera }:file r_file_perms; +allow mediaserver firmware_camera:dir r_dir_perms; +allow mediaserver camera_data_file:file rw_file_perms; diff --git a/selinux/rild.te b/selinux/rild.te new file mode 100644 index 0000000..7f817d0 --- /dev/null +++ b/selinux/rild.te @@ -0,0 +1,7 @@ +allow rild self:netlink_socket { create bind read write }; +allow rild self:netlink_route_socket { write }; +allow rild self:netlink_kobject_uevent_socket { create bind read write setopt }; + +allow rild radio_device:chr_file rw_file_perms; +allow rild efs_block_device:blk_file rw_file_perms; +allow rild efs_file:file { read open write setattr }; diff --git a/selinux/system.te b/selinux/system.te new file mode 100644 index 0000000..395aeea --- /dev/null +++ b/selinux/system.te @@ -0,0 +1,10 @@ +allow system input_device:chr_file { read ioctl write open }; +allow system sensors_device:chr_file { read open }; +allow system sensors_data_file:file r_file_perms; +allow system wpa_socket:unix_dgram_socket sendto; + +allow system sysfs:file { read open write }; +allow system self:capability { sys_module }; + +# /efs/wifi/.mac.info +allow system wifi_data_file:file { read open }; diff --git a/selinux/ueventd.te b/selinux/ueventd.te new file mode 100644 index 0000000..4037e57 --- /dev/null +++ b/selinux/ueventd.te @@ -0,0 +1,3 @@ +# Firmwares +allow ueventd { firmware_mfc }:file r_file_perms; +allow ueventd { firmware_camera }:dir search; diff --git a/selinux/wpa_supplicant.te b/selinux/wpa_supplicant.te new file mode 100755 index 0000000..ab5fb24 --- /dev/null +++ b/selinux/wpa_supplicant.te @@ -0,0 +1,10 @@ +allow wpa init:unix_dgram_socket { read write }; + +# logwrapper used with wpa_supplicant +allow wpa devpts:chr_file { read write }; + +allow wpa wpa_socket:unix_dgram_socket { read write }; +allow wpa_socket system:unix_dgram_socket sendto; + +allow wpa_socket wifi_data_file:sock_file unlink; +allow wpa rfkill_device:chr_file rw_file_perms;
\ No newline at end of file |