1. seandroid
  2. Untitled project
  3. external/sepolicy

Commits

Stephen Smalley  committed 5708962 Merge

Merge branch 'seandroid' into intent_mac

  • Participants
  • Parent commits 72a51fc, 7029647

Comments (0)

Files changed (8)

File bluetoothd.te

-# bluetoothd - bluetooth daemon
-type bluetoothd, domain;
-type bluetoothd_exec, exec_type, file_type;
-
-init_daemon_domain(bluetoothd)
-allow bluetoothd self:capability { setuid net_raw net_bind_service net_admin };
-allow bluetoothd self:socket *;
-allow bluetoothd bluetoothd_data_file:dir create_dir_perms;
-allow bluetoothd bluetoothd_data_file:file create_file_perms;
-unix_socket_connect(bluetoothd, dbus, dbusd)

File dbusd.te

-# dbus daemon
-type dbusd, domain;
-type dbusd_exec, exec_type, file_type;
-
-init_daemon_domain(dbusd)
-# Reads /proc/pid/cmdline of clients
-r_dir_file(dbusd, system)
-r_dir_file(dbusd, bluetoothd)

File file.te

View file
 # /data/gps
 type gps_data_file, file_type, data_file_type;
 # /data/misc subdirectories
-type bluetoothd_data_file, file_type, data_file_type;
 type bluetooth_data_file, file_type, data_file_type;
 type keystore_data_file, file_type, data_file_type;
 type vpn_data_file, file_type, data_file_type;
 type adbd_socket, file_type;
 type audio_socket, file_type;
 type bluetooth_socket, file_type;
-type dbus_socket, file_type;
 type dnsproxyd_socket, file_type, mlstrustedobject;
 type gps_socket, file_type;
 type installd_socket, file_type;

File file_contexts

View file
 /dev/socket		u:object_r:socket_device:s0
 /dev/socket/adbd	u:object_r:adbd_socket:s0
 /dev/socket/bluetooth	u:object_r:bluetooth_socket:s0
-/dev/socket/dbus_bluetooth	u:object_r:bluetooth_socket:s0
-/dev/socket/dbus	u:object_r:dbus_socket:s0
 /dev/socket/dnsproxyd	u:object_r:dnsproxyd_socket:s0
 /dev/socket/gps		u:object_r:gps_socket:s0
 /dev/socket/installd	u:object_r:installd_socket:s0
 /system/bin/netd	u:object_r:netd_exec:s0
 /system/bin/rild	u:object_r:rild_exec:s0
 /system/bin/mediaserver	u:object_r:mediaserver_exec:s0
-/system/bin/dbus-daemon	u:object_r:dbusd_exec:s0
 /system/bin/installd	u:object_r:installd_exec:s0
 /system/bin/keystore	u:object_r:keystore_exec:s0
 /system/bin/debuggerd	u:object_r:debuggerd_exec:s0
-/system/bin/bluetoothd	u:object_r:bluetoothd_exec:s0
 /system/bin/wpa_supplicant	u:object_r:wpa_exec:s0
 /system/bin/qemud	u:object_r:qemud_exec:s0
 /system/bin/sdcard      u:object_r:sdcardd_exec:s0
 /data/local/tmp(/.*)?	u:object_r:shell_data_file:s0
 # Misc data
 /data/misc/audit(/.*)?		u:object_r:audit_log:s0
-/data/misc/bluetoothd(/.*)?	u:object_r:bluetoothd_data_file:s0
 /data/misc/bluetooth(/.*)?	u:object_r:bluetooth_data_file:s0
 /data/misc/bluedroid(/.*)?	u:object_r:bluetooth_data_file:s0
 /data/misc/keystore(/.*)?	u:object_r:keystore_data_file:s0

File global_macros

View file
 define(`ipc_class_set', `{ sem msgq shm ipc }')
 
 #####################################
-# Common Application groupings
-#
-define(`non_system_app_set', `{ appdomain -system_app }')
-
-#####################################
 # Common groupings of permissions.
 #
 define(`x_file_perms', `{ getattr execute execute_no_trans }')

File installd.te

View file
 allow installd dalvikcache_data_file:file create_file_perms;
 allow installd data_file_type:dir create_dir_perms;
 allow installd data_file_type:dir { relabelfrom relabelto };
-allow installd data_file_type:{ file lnk_file sock_file } { getattr unlink };
+allow installd data_file_type:{ file_class_set } { getattr unlink };
 allow installd apk_data_file:file r_file_perms;
 allow installd apk_tmp_file:file r_file_perms;
 allow installd system_file:file x_file_perms;

File system.te

View file
 unix_socket_connect(system, vold, vold)
 unix_socket_connect(system, zygote, zygote)
 unix_socket_connect(system, keystore, keystore)
-unix_socket_connect(system, dbus, dbusd)
 unix_socket_connect(system, gps, gpsd)
-unix_socket_connect(system, bluetooth, bluetoothd)
 unix_socket_connect(system, racoon, racoon)
 unix_socket_send(system, wpa, wpa)
 

File te_macros

View file
 ')
 
 #####################################
-# Non system_app application set
-#
-define(`non_system_app_set', `{ appdomain -system_app }')
-
-
-#####################################
 # write_klog(domain)
 # Ability to write to kernel log via
 # klog_write()
 allow $1 klog_device:chr_file { create open write unlink };
 allow $1 device:dir { write add_name remove_name };
 ')
+
+#####################################
+# Non system_app application set
+#
+define(`non_system_app_set', `{ appdomain -system_app }')