Commit 8e9e444f authored by Bernhard Thoben's avatar Bernhard Thoben
Browse files

kitakami-common: sepolicy: A few little changes.

Change-Id: I23d1c60712228b6d1f945c8b820ab0f952ef9b03
parent d21521d5
allow charger device:dir r_dir_perms; allow charger device:dir r_dir_perms;
allow charger self:capability { dac_override dac_read_search }; allow charger self:capability { dac_override dac_read_search };
allow charger sysfs_battery_supply:file r_file_perms; allow charger sysfs_battery_supply:file r_file_perms;
allow charger sysfs:file { open read getattr }; allow charger sysfs:file r_file_perms;
allow charger sysfs_usb_supply:file r_file_perms; allow charger sysfs_usb_supply:file r_file_perms;
...@@ -16,5 +16,4 @@ allow hal_fingerprint_default sysfs_battery_supply:dir search; ...@@ -16,5 +16,4 @@ allow hal_fingerprint_default sysfs_battery_supply:dir search;
allow hal_fingerprint_default sysfs_battery_supply:file r_file_perms; allow hal_fingerprint_default sysfs_battery_supply:file r_file_perms;
allow hal_fingerprint_default system_data_file:dir create_dir_perms; allow hal_fingerprint_default system_data_file:dir create_dir_perms;
allow hal_fingerprint_default system_data_file:sock_file create_file_perms; allow hal_fingerprint_default system_data_file:sock_file create_file_perms;
allow hal_fingerprint_default tee_device:chr_file ioctl;
allow hal_fingerprint_default tee_device:chr_file rw_file_perms; allow hal_fingerprint_default tee_device:chr_file rw_file_perms;
# init-power-sh service
type init-power-sh, domain; type init-power-sh, domain;
type init-power-sh_exec, exec_type, file_type; type init-power-sh_exec, exec_type, file_type;
......
...@@ -2,7 +2,7 @@ allow init block_device:blk_file setattr; ...@@ -2,7 +2,7 @@ allow init block_device:blk_file setattr;
allow init cameraserver:fd use; allow init cameraserver:fd use;
allow init debugfs:file w_file_perms; allow init debugfs:file w_file_perms;
allow init diag_data_file:dir mounton; allow init diag_data_file:dir mounton;
allow init diag_data_file:file { lock rename }; allow init diag_data_file:file create_file_perms;
allow init diag_data_file:sock_file write; allow init diag_data_file:sock_file write;
allow init fingerprintd_data_file:file rename; allow init fingerprintd_data_file:file rename;
allow init hal_drm_hwservice:hwservice_manager add; allow init hal_drm_hwservice:hwservice_manager add;
......
...@@ -2,6 +2,7 @@ ...@@ -2,6 +2,7 @@
type loc_launcher, domain; type loc_launcher, domain;
type loc_launcher_exec, exec_type, file_type; type loc_launcher_exec, exec_type, file_type;
# Started by init
init_daemon_domain(loc_launcher) init_daemon_domain(loc_launcher)
allow loc_launcher location_data_file:dir rw_dir_perms; allow loc_launcher location_data_file:dir rw_dir_perms;
......
...@@ -7,7 +7,6 @@ init_daemon_domain(mlog_qmi_service) ...@@ -7,7 +7,6 @@ init_daemon_domain(mlog_qmi_service)
# Allow mlog_qmi_service to create self:socket # Allow mlog_qmi_service to create self:socket
allow mlog_qmi_service self:socket create_socket_perms; allow mlog_qmi_service self:socket create_socket_perms;
allow mlog_qmi_service self:socket { create read write };
allowxperm mlog_qmi_service self:socket ioctl msm_sock_ipc_ioctls; allowxperm mlog_qmi_service self:socket ioctl msm_sock_ipc_ioctls;
# Allow mlog_qmi_service to use net_raw capability # Allow mlog_qmi_service to use net_raw capability
......
...@@ -15,6 +15,5 @@ allow rild servicemanager:binder call; ...@@ -15,6 +15,5 @@ allow rild servicemanager:binder call;
allow rild socket_device:sock_file write; allow rild socket_device:sock_file write;
allow rild tad_socket:sock_file write; allow rild tad_socket:sock_file write;
allow rild tad:unix_stream_socket connectto; allow rild tad:unix_stream_socket connectto;
allow rild tee_device:chr_file ioctl;
allow rild tee_device:chr_file rw_file_perms; allow rild tee_device:chr_file rw_file_perms;
allow rild vendor_file:file ioctl; allow rild vendor_file:file ioctl;
...@@ -2,5 +2,5 @@ allow sensors device:dir w_dir_perms; ...@@ -2,5 +2,5 @@ allow sensors device:dir w_dir_perms;
allow sensors input_device:chr_file { relabelfrom getattr link }; allow sensors input_device:chr_file { relabelfrom getattr link };
allow sensors input_device:dir search; allow sensors input_device:dir search;
allow sensors sysfs:file r_file_perms; allow sensors sysfs:file r_file_perms;
allow sensors tad_socket:sock_file { write }; allow sensors tad_socket:sock_file write;
allow sensors tmpfs:file rw_file_perms; allow sensors tmpfs:file rw_file_perms;
...@@ -16,9 +16,9 @@ allow timekeep self:capability { ...@@ -16,9 +16,9 @@ allow timekeep self:capability {
dac_override dac_override
dac_read_search dac_read_search
}; };
allow timekeep timekeep_data_file:file create_file_perms;
allow timekeep timekeep_data_file:dir create_dir_perms;
allow timekeep time_data_file:dir create_dir_perms;
allow timekeep time_data_file:file create_file_perms;
allow timekeep sysfs:file r_file_perms; allow timekeep sysfs:file r_file_perms;
allow timekeep sysfs_rtc:dir search; allow timekeep sysfs_rtc:dir search;
allow timekeep time_data_file:dir create_dir_perms;
allow timekeep time_data_file:file create_file_perms;
allow timekeep timekeep_data_file:dir create_dir_perms;
allow timekeep timekeep_data_file:file create_file_perms;
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment