1. seandroid
  2. Untitled project
  3. device/lge/mako


Robert Craig  committed 191a534

Minor SELinux policy updates.

Change-Id: Ib8e85c9f6439c943aabddb7543bfb9a77d80f982
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>

  • Participants
  • Parent commits adebb9c

Comments (0)

Files changed (5)

File sepolicy/camera.te

View file
 allow camera self:process execmem;
+allow camera camera_device:dir search;
 allow camera { video_device camera_device }:chr_file rw_file_perms;
 allow camera { surfaceflinger mediaserver }:fd use;
 # Connect to /data/app/sensor_ctl_socket
 unix_socket_connect(camera, sensors, sensors)
+allow camera sensors_socket:sock_file read;

File sepolicy/domain.te

View file
 allow domain kgsl_device:chr_file rw_file_perms;
+# libgsl is chatty about accessing /data/local/tmp
+dontaudit { surfaceflinger appdomain } shell_data_file:dir search;

File sepolicy/rmt.te

View file
 # opens and reads the primary block device
 allow rmt block_device:blk_file { open read };
+allow rmt block_device:dir search;
 # XXX should we allow sys_rawio on /dev/mem?
 allow rmt self:capability { sys_rawio };

File sepolicy/sensors.te

View file
 file_type_auto_trans(sensors, apk_data_file, sensors_socket);
 allow sensors sensors_data_file:dir create_dir_perms;
-allow sensors sensors_data_file:file r_file_perms;
+allow sensors sensors_data_file:file create_file_perms;
 dontaudit sensors apk_data_file:dir remove_name;
 # Access to sensor nodes

File sepolicy/system.te

View file
 # PowerManagerService
 unix_socket_connect(system, sensors, sensors)
+allow system sensors_socket:sock_file read;
 allow system sensors:unix_stream_socket sendto;
 # mpdecision access