Commit 8958eac2 authored by Bernhard Thoben's avatar Bernhard Thoben
Browse files

kitakami-common: sepolicy: Added some more properties.

Change-Id: I1600bc595e55e6b3347ce3a3f70b2171e58e9e89
parent 3a803fcf
......@@ -2,5 +2,10 @@ allow cameraserver hal_configstore_ISurfaceFlingerConfigs:hwservice_manager find
allow cameraserver init:unix_dgram_socket sendto;
allow cameraserver qcamerasvr:unix_dgram_socket sendto;
allow cameraserver qcamerasvr:unix_stream_socket connectto;
allow cameraserver sysfs_graphics:file { getattr open read };
allow cameraserver sysfs_battery_supply:dir search;
allow cameraserver sysfs_battery_supply:file r_file_perms;
allow cameraserver sysfs_camera_torch:dir search;
allow cameraserver sysfs_camera_torch:file rw_file_perms;
allow cameraserver sysfs_camera_torch:lnk_file read;
allow cameraserver sysfs_graphics:file r_file_perms;
allow cameraserver ta_data_file:dir search;
allow crash_dump camera_prop:file { getattr open };
allow crash_dump init:process ptrace;
allow crash_dump keystore:process ptrace;
allow fsck block_device:blk_file { read write };
allow fsck diag_partition_device:blk_file rw_file_perms;
......@@ -28,6 +28,7 @@ allow init sysfs_msm_perf:file { open write };
allow init sysfs_thermal:file write;
allow init sysfs_wake_lock:file { append open };
allow init system_data_file:file { ioctl lock };
allow init system_file:dir relabelfrom;
allow init system_file:file execute_no_trans;
allow init tee_device:chr_file { ioctl open read write };
allow init trim_area_partition_device:blk_file setattr;
......
......@@ -8,9 +8,11 @@ init_daemon_domain(qcamerasvr)
allow qcamerasvr camera_data_file:dir { add_name remove_name search write };
allow qcamerasvr camera_data_file:sock_file { create unlink };
allow qcamerasvr camera_prop:file { getattr open read };
allow qcamerasvr camera_socket:sock_file unlink;
allow qcamerasvr cameraserver:fd use;
allow qcamerasvr ion_device:chr_file { open read };
allow qcamerasvr sysfs:file { open read };
allow qcamerasvr hal_graphics_allocator_default:fd use;
allow qcamerasvr ion_device:chr_file r_file_perms;
allow qcamerasvr sysfs:file rw_file_perms;
allow qcamerasvr sysfs_graphics:file { open read };
allow qcamerasvr ta_data_file:dir search;
allow qcamerasvr video_device:chr_file { ioctl open read write };
type vendor, domain;
type vendor_exec, exec_type, file_type;
# Started by init
init_daemon_domain(vendor)
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment