diff options
| -rw-r--r-- | sepolicy/hal_nfc_default.te | 5 | ||||
| -rw-r--r-- | sepolicy/installd.te | 1 | ||||
| -rw-r--r-- | sepolicy/platform_app.te | 3 | ||||
| -rw-r--r-- | sepolicy/priv_app.te | 4 | ||||
| -rw-r--r-- | sepolicy/traceur_app.te | 3 | ||||
| -rw-r--r-- | sepolicy/untrusted_app.te | 3 | ||||
| -rw-r--r-- | sepolicy/untrusted_app_25.te | 6 |
7 files changed, 23 insertions, 2 deletions
diff --git a/sepolicy/hal_nfc_default.te b/sepolicy/hal_nfc_default.te index 3a438e94..f111e01b 100644 --- a/sepolicy/hal_nfc_default.te +++ b/sepolicy/hal_nfc_default.te @@ -1,5 +1,6 @@ -dontaudit hal_nfc_default nxpese_hwservice:hwservice_manager find; -dontaudit hal_nfc_default nxpnfc_hwservice:hwservice_manager add; +allow hal_nfc_default nxpese_hwservice:hwservice_manager find; +allow hal_nfc_default nxpnfc_hwservice:hwservice_manager add; allow hal_nfc_default nfc_vendor_data_file:dir { add_name search write }; allow hal_nfc_default nfc_vendor_data_file:file { create getattr open read write }; + diff --git a/sepolicy/installd.te b/sepolicy/installd.te index abbca715..e00830f7 100644 --- a/sepolicy/installd.te +++ b/sepolicy/installd.te @@ -1 +1,2 @@ allow installd dex2oat:process noatsecure; +allow installd idmap:process noatsecure; diff --git a/sepolicy/platform_app.te b/sepolicy/platform_app.te index c21e326f..6ab670d9 100644 --- a/sepolicy/platform_app.te +++ b/sepolicy/platform_app.te @@ -19,3 +19,6 @@ allow platform_app system_app_data_file:dir r_dir_perms; allow platform_app contexthub_prop:file read; allow platform_app time:unix_stream_socket connectto; allow platform_app sysfs_thermal:dir search; +allow platform_app ctl_bootanim_prop:file read; +allow platform_app ctl_bugreport_prop:file read; +allow platform_app ctl_console_prop:file read; diff --git a/sepolicy/priv_app.te b/sepolicy/priv_app.te index ff137c3b..f2627504 100644 --- a/sepolicy/priv_app.te +++ b/sepolicy/priv_app.te @@ -9,3 +9,7 @@ allow priv_app postinstall_file:filesystem getattr; allow priv_app proc_interrupts:file open; allow priv_app sysfs_android_usb:file open; allow priv_app sysfs_mac_address:file { getattr open read }; +allow priv_app ctl_bootanim_prop:file read; +allow priv_app ctl_bugreport_prop:file read; +allow priv_app contexthub_prop:file read; +allow priv_app ctl_bugreport_prop:file read; diff --git a/sepolicy/traceur_app.te b/sepolicy/traceur_app.te new file mode 100644 index 00000000..35083a50 --- /dev/null +++ b/sepolicy/traceur_app.te @@ -0,0 +1,3 @@ +allow traceur_app boottime_prop:file read; +allow traceur_app contexthub_prop:file read; +allow traceur_app ctl_bootanim_prop:file read; diff --git a/sepolicy/untrusted_app.te b/sepolicy/untrusted_app.te index 8f5d43d2..cc5ada9b 100644 --- a/sepolicy/untrusted_app.te +++ b/sepolicy/untrusted_app.te @@ -1,3 +1,6 @@ allow untrusted_app proc_asound:dir search; allow untrusted_app proc_version:file { getattr }; allow untrusted_app proc_vmstat:file { getattr }; +allow untrusted_app boottime_prop:file read; +allow untrusted_app contexthub_prop:file read; +allow untrusted_app ctl_bootanim_prop:file read; diff --git a/sepolicy/untrusted_app_25.te b/sepolicy/untrusted_app_25.te new file mode 100644 index 00000000..fa8c0c95 --- /dev/null +++ b/sepolicy/untrusted_app_25.te @@ -0,0 +1,6 @@ +allow untrusted_app_25 boottime_prop:file read; +allow untrusted_app_25 contexthub_prop:file read; +allow untrusted_app_25 ctl_bootanim_prop:file read; +allow untrusted_app_25 ctl_bugreport_prop:file read; +allow untrusted_app_25 ctl_console_prop:file read; +allow untrusted_app_25 ctl_default_prop:file read; |