Commit 7d3996ec authored by Bernhard Thoben's avatar Bernhard Thoben
Browse files

kitakami-common: sepolicy: Switched back to enforced SELinux mode.

Change-Id: I565f1ea6a77e2b9667ddd039b8dcccf3656e1273
parent ee4885be
......@@ -51,7 +51,6 @@ BUILD_BROKEN_USES_BUILD_COPY_HEADERS := true
# Boot image/kernel
BOARD_KERNEL_CMDLINE := androidboot.hardware=qcom user_debug=31 msm_rtb.filter=0x237 ehci-hcd.park=3 lpm_levels.sleep_disabled=1 boot_cpus=0-5 loop.max_part=7 dwc3_msm.hvdcp_max_current=1500 dwc3_msm.prop_chg_detect=Y coherent_pool=2M swiotlb=2048
BOARD_KERNEL_CMDLINE += androidboot.selinux=permissive
BOARD_KERNEL_IMAGE_NAME := Image.gz-dtb
BOARD_KERNEL_PAGESIZE := 4096
BOARD_KERNEL_BASE := 0x00000000
......
allow bootanim secd_exec:file { getattr read };
allow bootanim userspace_reboot_exported_prop:file { getattr open read };
allow credstore secd_exec:file { getattr read };
......@@ -4,3 +4,8 @@ vndbinder_use(hal_drm_clearkey)
type hal_drm_clearkey_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_drm_clearkey)
allow hal_drm_clearkey hal_drm_hwservice:hwservice_manager { add find };
allow hal_drm_clearkey hidl_base_hwservice:hwservice_manager add;
allow hal_drm_clearkey hwservicemanager_prop:file { getattr open read };
allow hal_drm_clearkey secd_exec:file { getattr read };
allow hal_drm_widevine secd_exec:file { getattr read };
......@@ -8,3 +8,4 @@ allow hal_dumpstate_impl hwservicemanager:binder { call transfer };
allow hal_dumpstate_impl hwservicemanager_prop:file { getattr map open read };
allow hal_dumpstate_impl hidl_base_hwservice:hwservice_manager add;
allow hal_dumpstate_impl hal_dumpstate_hwservice:hwservice_manager { add find };
allow hal_dumpstate_impl secd_exec:file read;
......@@ -19,4 +19,5 @@ allow hal_fingerprint_default diag_data_file:dir search;
allow hal_fingerprint_default fingerprintd_data_file:dir create_dir_perms;
allow hal_fingerprint_default sysfs_battery_supply:dir create_dir_perms;
allow hal_fingerprint_default fingerprintd_data_file:file create_file_perms;
allow hal_fingerprint_default sysfs_battery_supply:file create_file_perms;
\ No newline at end of file
allow hal_fingerprint_default sysfs_battery_supply:file create_file_perms;
allow hal_fingerprint_default secd_exec:file { getattr read };
allow hal_health_default sysfs:file { rw_file_perms };
\ No newline at end of file
allow hal_health_default sysfs:file { rw_file_perms };
allow hal_health_default secd_exec:file { getattr read };
allow hal_power_stats_default secd_exec:file { getattr read };
......@@ -53,3 +53,4 @@ allow init hal_fingerprint_hwservice:hwservice_manager { add find };
allow init iorapd_data_file:file rw_file_perms;
allow init system_file:dir relabelfrom;
allow init system_file:file { execute_no_trans relabelfrom };
allow init sysfs_livedisplay_tuneable:file setattr;
allow iorap_prefetcherd secd_exec:file { getattr read };
allow iorapd secd_exec:file { getattr read };
allow platform_app system_app_data_file:dir getattr;
allow platform_app exported_camera_prop:file read;
......@@ -15,3 +15,6 @@ allow system_server default_android_service:service_manager find;
allow system_server init:binder { call transfer };
allow system_server exfat:dir rw_dir_perms;
allow system_server vendor_security_patch_level_prop:file { r_file_perms };
allow system_server userspace_reboot_config_prop:file { getattr open read };
allow system_server userspace_reboot_exported_prop:file { getattr open read };
allow system_server exported_camera_prop:file read;
allow vendor_install_recovery block_device:blk_file { open read };
allow vendor_install_recovery secd_exec:file { getattr read };
......@@ -3,3 +3,4 @@ allow vold firmware_file:dir search;
allow vold firmware_file:file { getattr open read };
allow vold secd_exec:file { getattr read };
allow vold tee_prop:file { r_file_perms };
allow vold sysfs_mmc_host:file write;
allow zygote proc_cmdline:file { getattr open read };
allow zygote secd_exec:file { getattr read };
allow zygote device:file rw_file_perms;
allow zygote exported_camera_prop:file { getattr open read };
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment