diff options
| author | Jason Riordan <jriordan001@gmail.com> | 2017-02-15 21:24:46 -0500 |
|---|---|---|
| committer | Jason Riordan <jriordan001@gmail.com> | 2017-02-16 04:09:48 +0000 |
| commit | 94ead88c3036391a5c498d9f0ee80be01e948300 (patch) | |
| tree | 3892253afac8323e540d529daa9ff1d5fd5fad71 | |
| parent | 0cd99afebfc18889672f868fff931996a1513e70 (diff) | |
mofd: rework selinux for /config
Selinux insists on labeling /config as u:object_r:config_file:s0,
give in to my selinux master, and make use of this label instead
Change-Id: If59b71e5f5f23b907c31bf2931c633e2f3d851a7
| -rwxr-xr-x | rootdir/etc/init.common.rc | 1 | ||||
| -rwxr-xr-x | rootdir/etc/init.config_init.rc | 1 | ||||
| -rw-r--r-- | sepolicy/asus_config.te | 4 | ||||
| -rw-r--r-- | sepolicy/bluetooth.te | 2 | ||||
| -rw-r--r-- | sepolicy/file.te | 3 | ||||
| -rw-r--r-- | sepolicy/file_contexts | 7 | ||||
| -rw-r--r-- | sepolicy/mediaserver.te | 4 | ||||
| -rw-r--r-- | sepolicy/rild.te | 4 | ||||
| -rw-r--r-- | sepolicy/sensorhubd.te | 4 | ||||
| -rw-r--r-- | sepolicy/system_server.te | 2 | ||||
| -rw-r--r-- | sepolicy/vold.te | 2 |
11 files changed, 17 insertions, 17 deletions
diff --git a/rootdir/etc/init.common.rc b/rootdir/etc/init.common.rc index e722e20..a7e7dbd 100755 --- a/rootdir/etc/init.common.rc +++ b/rootdir/etc/init.common.rc @@ -63,7 +63,6 @@ on fs chown system system /config/em chmod 0770 /config/em chown system system /sys/class/usb_otg/otg0/a_bus_drop - restorecon_recursive /config restorecon_recursive /factory restorecon_recursive /logs diff --git a/rootdir/etc/init.config_init.rc b/rootdir/etc/init.config_init.rc index e8dc1ce..a83599c 100755 --- a/rootdir/etc/init.config_init.rc +++ b/rootdir/etc/init.config_init.rc @@ -3,6 +3,7 @@ on fs mkdir /local_cfg/platform mkdir /local_cfg/telephony_config mkdir /local_cfg/audiocomms_config + restorecon_recursive /config start config_init service config_init /system/bin/config_init.sh diff --git a/sepolicy/asus_config.te b/sepolicy/asus_config.te index 06d807a..969be56 100644 --- a/sepolicy/asus_config.te +++ b/sepolicy/asus_config.te @@ -8,8 +8,8 @@ set_prop(asus_config, asus_prop) set_prop(asus_config, config_prop) set_prop(asus_config, radio_prop) -allow asus_config asus_config_file:dir search; -allow asus_config asus_config_file:file rw_file_perms; +allow asus_config config_file:dir search; +allow asus_config config_file:file rw_file_perms; allow asus_config bluetooth_efs_file:dir r_dir_perms; allow asus_config bluetooth_efs_file:file { rw_file_perms setattr }; allow asus_config device:dir write; diff --git a/sepolicy/bluetooth.te b/sepolicy/bluetooth.te index b50b68d..dcab87a 100644 --- a/sepolicy/bluetooth.te +++ b/sepolicy/bluetooth.te @@ -1,7 +1,7 @@ type bluetooth_exec, exec_type, file_type; domain_auto_trans(init, bluetooth_exec, bluetooth) -allow bluetooth asus_config_file:dir search; +allow bluetooth config_file:dir search; allow bluetooth asus_tee_device:chr_file rw_file_perms; allow bluetooth bluetooth_device:chr_file rw_file_perms; allow bluetooth sysfs_bluetooth_writable:file w_file_perms; diff --git a/sepolicy/file.te b/sepolicy/file.te index 7437691..441b9a9 100644 --- a/sepolicy/file.te +++ b/sepolicy/file.te @@ -2,8 +2,7 @@ type log_file_we_dont_want_to_allow, file_type, data_file_type; # Asusconfig -type asus_config_file, file_type, sysfs_type; -allow file_type asus_config_file:filesystem associate; +type config_file, file_type, sysfs_type; # Bluetooth type bluetooth_config_file, file_type, data_file_type; diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index ee3e9b5..fa60648 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -1,5 +1,5 @@ # Asus config scripts / files -/sys/module/intel_mid_sfi/parameters(/.*)? u:object_r:asus_config_file:s0 +/sys/module/intel_mid_sfi/parameters(/.*)? u:object_r:config_file:s0 /system/bin/bcu_cpufreqrel u:object_r:asus_config_exec:s0 /system/bin/init\.class_main\.sh u:object_r:asus_config_exec:s0 /system/bin/config_init\.sh u:object_r:asus_config_exec:s0 @@ -7,8 +7,9 @@ /system/bin/init_config\.sh u:object_r:asus_config_exec:s0 /system/bin/logcontrol u:object_r:asus_config_exec:s0 /system/bin/sl_si_service u:object_r:asus_config_exec:s0 -/config(/.*)? u:object_r:asus_config_file:s0 -/local_cfg u:object_r:asus_config_file:s0 +/config(/.*)? u:object_r:config_file:s0 +/local_cfg u:object_r:config_file:s0 + # Asus logging that we are going to throttle /data/sensorhubd\.log u:object_r:log_file_we_dont_want_to_allow:s0 diff --git a/sepolicy/mediaserver.te b/sepolicy/mediaserver.te index 4c84900..fa4fe79 100644 --- a/sepolicy/mediaserver.te +++ b/sepolicy/mediaserver.te @@ -1,6 +1,6 @@ allow mediaserver asus_tee_device:chr_file rw_file_perms; -allow mediaserver asus_config_file:dir search; -allow mediaserver asus_config_file:file r_file_perms; +allow mediaserver config_file:dir search; +allow mediaserver config_file:file r_file_perms; allow mediaserver camera_device:chr_file rw_file_perms; allow mediaserver graphics_device:dir search; allow mediaserver factory_file:dir search; diff --git a/sepolicy/rild.te b/sepolicy/rild.te index cdf9491..c153d8e 100644 --- a/sepolicy/rild.te +++ b/sepolicy/rild.te @@ -1,5 +1,5 @@ -allow rild asus_config_file:dir r_dir_perms; -allow rild asus_config_file:file r_file_perms; +allow rild config_file:dir r_dir_perms; +allow rild config_file:file r_file_perms; allow rild device:dir r_dir_perms; allow rild factory_file:file r_file_perms; allow rild factory_file:dir { search }; diff --git a/sepolicy/sensorhubd.te b/sepolicy/sensorhubd.te index f9183b5..f65ff08 100644 --- a/sepolicy/sensorhubd.te +++ b/sepolicy/sensorhubd.te @@ -3,8 +3,8 @@ type sensorhubd, domain; type sensorhubd_exec, exec_type, file_type; init_daemon_domain(sensorhubd) -allow sensorhubd asus_config_file:dir search; -allow sensorhubd asus_config_file:file r_file_perms; +allow sensorhubd config_file:dir search; +allow sensorhubd config_file:file r_file_perms; allow sensorhubd efs_file:dir search; allow sensorhubd efs_file:file r_file_perms; allow sensorhubd factory_file:dir search; diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te index bb17057..2827340 100644 --- a/sepolicy/system_server.te +++ b/sepolicy/system_server.te @@ -1,5 +1,5 @@ #============= system_server ============== -allow system_server asus_config_file:dir search; +allow system_server config_file:dir search; allow system_server asus_tee_device:chr_file r_file_perms; allow system_server efs_file:dir r_dir_perms; allow system_server efs_file:file r_file_perms; diff --git a/sepolicy/vold.te b/sepolicy/vold.te index 223a5c0..0520b08 100644 --- a/sepolicy/vold.te +++ b/sepolicy/vold.te @@ -1,4 +1,4 @@ -allow vold asus_config_file:dir { r_dir_perms setattr }; +allow vold config_file:dir { r_dir_perms setattr }; allow vold asus_tee_device:chr_file { read open ioctl setattr }; allow vold factory_file:dir { rw_dir_perms setattr }; allow vold factory_file:file { create_file_perms rw_file_perms setattr }; |