diff options
| author | Michael Bestas <mikeioannina@cyanogenmod.org> | 2016-12-04 21:21:24 +0200 |
|---|---|---|
| committer | Ilya Lebedev <ashuli2003@gmail.com> | 2016-12-19 18:35:17 +0300 |
| commit | ec978cdb0708b06abc299361a248adcf771bad3f (patch) | |
| tree | fafcd05e25069d973cdae0d68d73acd25506ecae | |
| parent | 76a77412791bcca696ccc463461eb058bb2b1400 (diff) | |
msm8916-common: Update sepolicies for 7.x
Change-Id: I8f7e6f80d64a149dff87ce8b2651f2939b481912
| -rw-r--r-- | rootdir/etc/init.qcom.rc | 2 | ||||
| -rw-r--r-- | sepolicy/bluetooth_loader.te | 31 | ||||
| -rw-r--r-- | sepolicy/file_contexts | 7 | ||||
| -rw-r--r-- | sepolicy/netmgrd.te | 1 | ||||
| -rw-r--r-- | sepolicy/property_contexts | 1 | ||||
| -rw-r--r-- | sepolicy/wcnss_service.te | 1 |
6 files changed, 2 insertions, 41 deletions
diff --git a/rootdir/etc/init.qcom.rc b/rootdir/etc/init.qcom.rc index 435a672..1d67a20 100644 --- a/rootdir/etc/init.qcom.rc +++ b/rootdir/etc/init.qcom.rc @@ -507,7 +507,7 @@ service qseecomd /system/bin/qseecomd service perfd /vendor/bin/perfd class main user root - group root + group root readproc disabled writepid /dev/cpuset/system-background/tasks diff --git a/sepolicy/bluetooth_loader.te b/sepolicy/bluetooth_loader.te deleted file mode 100644 index 242f4a2..0000000 --- a/sepolicy/bluetooth_loader.te +++ /dev/null @@ -1,31 +0,0 @@ -# Bluetooth executables and scripts -type bluetooth_loader, domain; -type bluetooth_loader_exec, exec_type, file_type; - -# Start bdAddrLoader from init -init_daemon_domain(bluetooth_loader) - -# Run init.qcom.bt.sh -allow bluetooth_loader shell_exec:file { entrypoint read }; -allow bluetooth_loader bluetooth_loader_exec:file { getattr open execute_no_trans }; - -# init.qcom.bt.sh needs /system/bin/log access -allow bluetooth_loader devpts:chr_file rw_file_perms; - -# Run hci_qcomm_init from init.qcom.bt.sh -domain_auto_trans(bluetooth_loader, hci_attach_exec, hci_attach) -allow hci_attach bluetooth_loader:fd use; - -# Set persist.service.bdroid.* and bluetooth.* property values -set_prop(bluetooth_loader, bluetooth_prop) - -# Allow getprop/setprop for init.qcom.bt.sh -allow bluetooth_loader system_file:file execute_no_trans; - -# Access the smd device -allow bluetooth_loader hci_attach_dev:chr_file rw_file_perms; - -# And qmuxd -allow bluetooth_loader qmuxd_socket:dir { write add_name remove_name search }; -allow bluetooth_loader qmuxd_socket:sock_file { create setattr getattr write unlink }; -allow bluetooth_loader qmuxd:unix_stream_socket { connectto }; diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts deleted file mode 100644 index 6ac26d6..0000000 --- a/sepolicy/file_contexts +++ /dev/null @@ -1,7 +0,0 @@ -/persist/.genmac u:object_r:wifi_data_file:s0 -/persist/.bt_nv.bin u:object_r:bluetooth_data_file:s0 - -/system/etc/init\.qcom\.bt\.sh u:object_r:bluetooth_loader_exec:s0 - -/dev/smd3 u:object_r:hci_attach_dev:s0 -/dev/mmc3416x u:object_r:sensors_device:s0 diff --git a/sepolicy/netmgrd.te b/sepolicy/netmgrd.te new file mode 100644 index 0000000..a034c0c --- /dev/null +++ b/sepolicy/netmgrd.te @@ -0,0 +1 @@ +allow netmgrd self:capability dac_override; diff --git a/sepolicy/property_contexts b/sepolicy/property_contexts deleted file mode 100644 index a0b78e9..0000000 --- a/sepolicy/property_contexts +++ /dev/null @@ -1 +0,0 @@ -qualcomm.bt. u:object_r:bluetooth_prop:s0 diff --git a/sepolicy/wcnss_service.te b/sepolicy/wcnss_service.te deleted file mode 100644 index a4fe3c0..0000000 --- a/sepolicy/wcnss_service.te +++ /dev/null @@ -1 +0,0 @@ -allow wcnss_service persist_file:dir search; |