Commit 8e9e444f authored by Bernhard Thoben's avatar Bernhard Thoben
Browse files

kitakami-common: sepolicy: A few little changes.

Change-Id: I23d1c60712228b6d1f945c8b820ab0f952ef9b03
parent d21521d5
allow charger device:dir r_dir_perms;
allow charger self:capability { dac_override dac_read_search };
allow charger sysfs_battery_supply:file r_file_perms;
allow charger sysfs:file { open read getattr };
allow charger sysfs:file r_file_perms;
allow charger sysfs_usb_supply:file r_file_perms;
......@@ -16,5 +16,4 @@ allow hal_fingerprint_default sysfs_battery_supply:dir search;
allow hal_fingerprint_default sysfs_battery_supply:file r_file_perms;
allow hal_fingerprint_default system_data_file:dir create_dir_perms;
allow hal_fingerprint_default system_data_file:sock_file create_file_perms;
allow hal_fingerprint_default tee_device:chr_file ioctl;
allow hal_fingerprint_default tee_device:chr_file rw_file_perms;
# init-power-sh service
type init-power-sh, domain;
type init-power-sh_exec, exec_type, file_type;
......
......@@ -2,7 +2,7 @@ allow init block_device:blk_file setattr;
allow init cameraserver:fd use;
allow init debugfs:file w_file_perms;
allow init diag_data_file:dir mounton;
allow init diag_data_file:file { lock rename };
allow init diag_data_file:file create_file_perms;
allow init diag_data_file:sock_file write;
allow init fingerprintd_data_file:file rename;
allow init hal_drm_hwservice:hwservice_manager add;
......
......@@ -2,6 +2,7 @@
type loc_launcher, domain;
type loc_launcher_exec, exec_type, file_type;
# Started by init
init_daemon_domain(loc_launcher)
allow loc_launcher location_data_file:dir rw_dir_perms;
......
......@@ -7,7 +7,6 @@ init_daemon_domain(mlog_qmi_service)
# Allow mlog_qmi_service to create self:socket
allow mlog_qmi_service self:socket create_socket_perms;
allow mlog_qmi_service self:socket { create read write };
allowxperm mlog_qmi_service self:socket ioctl msm_sock_ipc_ioctls;
# Allow mlog_qmi_service to use net_raw capability
......
......@@ -15,6 +15,5 @@ allow rild servicemanager:binder call;
allow rild socket_device:sock_file write;
allow rild tad_socket:sock_file write;
allow rild tad:unix_stream_socket connectto;
allow rild tee_device:chr_file ioctl;
allow rild tee_device:chr_file rw_file_perms;
allow rild vendor_file:file ioctl;
......@@ -2,5 +2,5 @@ allow sensors device:dir w_dir_perms;
allow sensors input_device:chr_file { relabelfrom getattr link };
allow sensors input_device:dir search;
allow sensors sysfs:file r_file_perms;
allow sensors tad_socket:sock_file { write };
allow sensors tad_socket:sock_file write;
allow sensors tmpfs:file rw_file_perms;
......@@ -16,9 +16,9 @@ allow timekeep self:capability {
dac_override
dac_read_search
};
allow timekeep timekeep_data_file:file create_file_perms;
allow timekeep timekeep_data_file:dir create_dir_perms;
allow timekeep time_data_file:dir create_dir_perms;
allow timekeep time_data_file:file create_file_perms;
allow timekeep sysfs:file r_file_perms;
allow timekeep sysfs_rtc:dir search;
allow timekeep time_data_file:dir create_dir_perms;
allow timekeep time_data_file:file create_file_perms;
allow timekeep timekeep_data_file:dir create_dir_perms;
allow timekeep timekeep_data_file:file create_file_perms;
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment