Commits

Stephen Smalley committed b7a6939

Sync to seandroid branch.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Comments (0)

Files changed (4)

 
 on post-fs-data
     mkdir /data/media 0770 media_rw media_rw
+    restorecon_recursive /data/media
 
     setprop vold.post_fs_data_done 1
     mkdir /data/misc/wifi 0770 wifi wifi
 	chmod 0660 /sys/class/rfkill/rfkill0/state
 	chown bluetooth net_bt_stack /sys/class/rfkill/rfkill0/state
 	chown bluetooth net_bt_stack /sys/class/rfkill/rfkill0/type
-	restorecon /sys/class/rfkill/rfkill0/state
-	restorecon /sys/class/rfkill/rfkill0/type
 
 on boot
     # override init.rc to keep plenty of large order chunks around
 
     mount_all /fstab.manta
     mount ext4 /dev/block/platform/dw_mmc.0/by-name/efs /factory rw remount
-    restorecon /factory
-    restorecon /factory/bluetooth
-    restorecon /factory/bluetooth/bt_addr
-    restorecon /factory/FactoryApp
-    restorecon /factory/FactoryApp/
-    restorecon /factory/FactoryApp/baro_delta
-    restorecon /factory/FactoryApp/factorymode
-    restorecon /factory/FactoryApp/fdata
-    restorecon /factory/FactoryApp/hist_nv
-    restorecon /factory/FactoryApp/hw_ver
-    restorecon /factory/FactoryApp/keystr
-    restorecon /factory/FactoryApp/reset_flag
-    restorecon /factory/FactoryApp/test_nv
-    restorecon /factory/hdcp2.keys
-    restorecon /factory/wv.keys
-    restorecon /factory/wifi
-    restorecon /factory/wifi/
+    restorecon_recursive /factory
     mount ext4 /dev/block/platform/dw_mmc.0/by-name/efs /factory ro remount
     setprop ro.crypto.fuse_sdcard true
 
 # NFC: create data/nfc for nv storage
     mkdir /data/nfc 770 nfc nfc
     mkdir /data/nfc/param 770 nfc nfc
+    restorecon_recursive /data/nfc
 
 # audio: permissions for voice processing
     # global switch for voice processing effects

init.recovery.manta.rc

 # Set watchdog timer to 30 seconds and pet it every 10 seconds to get a 20 second margin
 service watchdogd /sbin/watchdogd 10 20
     class core
+    seclabel u:r:watchdogd:s0

sepolicy/device.te

-type mali_device, dev_type, mlstrustedobject;
 type secmem_device, dev_type;
 # Unified Memory Management device
 type ump_device, dev_type;

sepolicy/file_contexts

 /dev/video44            u:object_r:camera_device:s0
 /dev/media2             u:object_r:camera_device:s0
 
-/data/nfc               u:object_r:nfc_data_file:s0
+/data/nfc(/.*)?               u:object_r:nfc_data_file:s0
 
 /factory(/.*)?          u:object_r:efs_file:s0
 /factory/bluetooth(/.*)?        u:object_r:bluetooth_efs_file:s0
 
 /system/bin/mcDriverDaemon  --  u:object_r:tee_exec:s0
 
+/sys/devices/platform/bcm43241_bluetooth/rfkill/rfkill0/state -- u:object_r:sysfs_bluetooth_writable:s0
+/sys/devices/platform/bcm43241_bluetooth/rfkill/rfkill0/type -- u:object_r:sysfs_bluetooth_writable:s0
 /sys/devices/virtual/power_supply/manta-battery/charge_enabled u:object_r:sysfs_charge_enabled:s0