diff options
| author | Bruno Martins <bgcngm@gmail.com> | 2017-12-12 22:00:04 +0000 |
|---|---|---|
| committer | Bruno Martins <bgcngm@gmail.com> | 2018-02-14 21:50:26 +0000 |
| commit | a9bd17c034aaeea469a49997380904bd6e1225b3 (patch) | |
| tree | 62839580398411878c61de24f0984e82ea127688 | |
| parent | c16c3b3f52b2755315c6de1712403df3afeedd2c (diff) | |
flounder: Fix SELinux permissions for hal_dumpstate_impl
Change-Id: I9f04c50dfd1e6b14eec712ad79153251260bc3af
| -rw-r--r-- | sepolicy/dumpstate.te | 4 | ||||
| -rw-r--r-- | sepolicy/file.te | 5 | ||||
| -rw-r--r-- | sepolicy/file_contexts | 5 | ||||
| -rw-r--r-- | sepolicy/hal_dumpstate_impl.te | 20 |
4 files changed, 34 insertions, 0 deletions
diff --git a/sepolicy/dumpstate.te b/sepolicy/dumpstate.te new file mode 100644 index 0000000..6f93819 --- /dev/null +++ b/sepolicy/dumpstate.te @@ -0,0 +1,4 @@ +allow dumpstate gatekeeper_service:service_manager find; +allow dumpstate system_block_device:blk_file getattr; +r_dir_file(dumpstate, sysfs_zram) +userdebug_or_eng(`r_dir_file(dumpstate, debugfs_mmc)') diff --git a/sepolicy/file.te b/sepolicy/file.te index 713c84f..ced95e0 100644 --- a/sepolicy/file.te +++ b/sepolicy/file.te @@ -18,7 +18,12 @@ type sysfs_socinfo, sysfs_type, fs_type; type sysfs_tegra_fuse, sysfs_type, fs_type; +type debugfs_nvavp, debugfs_type, fs_type; type debugfs_nvmap, debugfs_type, fs_type; +type debugfs_usb, debugfs_type, fs_type; +type debugfs_fg, debugfs_type, fs_type; +type debugfs_shrinker, debugfs_type, fs_type; +type debugfs_tegradc, debugfs_type, fs_type; # /data/gps type gps_data_file, file_type, data_file_type; diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index 092b8ce..e8d9ab2 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -81,7 +81,12 @@ /dev/block/mmcblk0p27 u:object_r:frp_block_device:s0 # debugfs files +/sys/kernel/debug/nvavp(/.*)? u:object_r:debugfs_nvavp:s0 /sys/kernel/debug/nvmap(/.*)? u:object_r:debugfs_nvmap:s0 +/sys/kernel/debug/bq2419x-regs u:object_r:debugfs_usb:s0 +/sys/kernel/debug/max17050-regs u:object_r:debugfs_fg:s0 +/sys/kernel/debug/shrinker u:object_r:debugfs_shrinker:s0 +/sys/kernel/debug/tegradc\.0(/.*)? u:object_r:debugfs_tegradc:s0 # Didim file /sys/devices/platform/host1x/tegradc\.0/smartdimmer/aggressiveness u:object_r:sysfs_didim:s0 diff --git a/sepolicy/hal_dumpstate_impl.te b/sepolicy/hal_dumpstate_impl.te index 892facd..091a81b 100644 --- a/sepolicy/hal_dumpstate_impl.te +++ b/sepolicy/hal_dumpstate_impl.te @@ -6,3 +6,23 @@ init_daemon_domain(hal_dumpstate_impl) # Access to files for dumping allow hal_dumpstate_impl sysfs:file { open read }; + +userdebug_or_eng(` + allow hal_dumpstate_impl debugfs_nvavp:dir r_dir_perms; + allow hal_dumpstate_impl debugfs_nvavp:file r_file_perms; + + allow hal_dumpstate_impl debugfs_usb:dir r_dir_perms; + allow hal_dumpstate_impl debugfs_usb:file r_file_perms; + + allow hal_dumpstate_impl debugfs_fg:dir r_dir_perms; + allow hal_dumpstate_impl debugfs_fg:file r_file_perms; + + allow hal_dumpstate_impl debugfs_nvavp:dir r_dir_perms; + allow hal_dumpstate_impl debugfs_nvavp:file r_file_perms; + + allow hal_dumpstate_impl debugfs_shrinker:dir r_dir_perms; + allow hal_dumpstate_impl debugfs_shrinker:file r_file_perms; + + allow hal_dumpstate_impl debugfs_tegradc:dir r_dir_perms; + allow hal_dumpstate_impl debugfs_tegradc:file r_file_perms; +') |