Commits

Robert Craig  committed f59b9d7

Exempt bluetooth domain from property_service set.

Also add policy to tee dir access.

Change-Id: I9ad6fad2df5b75c4713dd7ccb85ea829ca88bb0b
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>

  • Participants
  • Parent commits 043c7c0
  • Branches seandroid-4.0.4, seandroid-4.1 1
    1. seandroid-4.2

Comments (0)

Files changed (2)

 neverallow appdomain fs_type:filesystem ~getattr;
 
 # Ability to set system properties.
-neverallow { appdomain -system_app -radio -shell } property_type:property_service set;
+neverallow { appdomain -system_app -radio -shell -bluetooth } property_type:property_service set;
 init_daemon_domain(tee)
 allow tee self:capability { dac_override };
 allow tee tee_device:chr_file rw_file_perms;
-allow tee tee_data_file:dir { getattr write add_name };
+allow tee tee_data_file:dir rw_dir_perms;
 allow tee tee_data_file:file create_file_perms;
 allow tee self:netlink_socket { create bind read };