diff options
| author | mosimchah <mosimchah@gmail.com> | 2019-03-24 02:24:56 -0400 |
|---|---|---|
| committer | mosimchah <mosimchah@gmail.com> | 2019-03-24 20:55:42 -0400 |
| commit | 3f17996af731ddf927f3e0cfb93c4d773a7827e9 (patch) | |
| tree | b0af90f9036d4321bad0a663b05ea65802bb2e74 | |
| parent | 6b37bba6cdbf58147e3c97456a806847bbb327ed (diff) | |
kirin970: Fix some denials
Change-Id: I595022a10b85d9dc338c310a2dee2e6c20a4c3b4
| -rw-r--r-- | sepolicy/private/init.te | 5 | ||||
| -rw-r--r-- | sepolicy/private/irqbalance.te | 4 | ||||
| -rw-r--r-- | sepolicy/private/netd.te | 5 | ||||
| -rw-r--r-- | sepolicy/private/platform_app.te | 3 | ||||
| -rw-r--r-- | sepolicy/private/priv_app.te | 11 | ||||
| -rw-r--r-- | sepolicy/private/vendor_init.te | 8 |
6 files changed, 36 insertions, 0 deletions
diff --git a/sepolicy/private/init.te b/sepolicy/private/init.te index 2fba7e8..f98e2ce 100644 --- a/sepolicy/private/init.te +++ b/sepolicy/private/init.te @@ -1,3 +1,5 @@ +domain_trans(init, rootfs, adbd) + # Allow init to mount block devices allow init { hisee_data_file @@ -24,3 +26,6 @@ allow init kernel:system module_request; allow hwsched system_data_file:lnk_file read; allow init sysfs_led:file setattr; + +# Allow init to mount adbd binary +allow init rootfs:file mounton; diff --git a/sepolicy/private/irqbalance.te b/sepolicy/private/irqbalance.te index 6d3aba4..7c1ca13 100644 --- a/sepolicy/private/irqbalance.te +++ b/sepolicy/private/irqbalance.te @@ -4,3 +4,7 @@ type irqbalance_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(irqbalance); allow irqbalance self:capability dac_override; + +allow irqbalance proc:dir { write add_name }; +allow irqbalance proc:file create; + diff --git a/sepolicy/private/netd.te b/sepolicy/private/netd.te index 0a8b7a4..9d2f70d 100644 --- a/sepolicy/private/netd.te +++ b/sepolicy/private/netd.te @@ -1 +1,6 @@ allow netd sysfs:file { read write open }; + +allow netd proc_net:dir { write add_name }; +allow netd self:capability fsetid; +allow netd proc_net:file create; + diff --git a/sepolicy/private/platform_app.te b/sepolicy/private/platform_app.te index 93bc5f5..2375376 100644 --- a/sepolicy/private/platform_app.te +++ b/sepolicy/private/platform_app.te @@ -1,3 +1,6 @@ # Allow platform_app to read and write to sysfs_devices_platform_amba allow platform_app sysfs_devices_platform_amba:dir r_dir_perms; allow platform_app sysfs_devices_platform_amba:file rw_file_perms; + +allow platform_app app_data_file:file execute; +allow platform_app bluetooth_prop:file { read write open }; diff --git a/sepolicy/private/priv_app.te b/sepolicy/private/priv_app.te index 5c9b49d..c71f79a 100644 --- a/sepolicy/private/priv_app.te +++ b/sepolicy/private/priv_app.te @@ -7,3 +7,14 @@ allow priv_app default_hisi_hwservice:hwservice_manager find; allow priv_app mnt_modem_file:dir search; allow priv_app sysfs:file { read write open }; + +allow priv_app bluetooth_prop:file { read write open }; +allow priv_app bootloader_boot_reason_prop:file { read write open }; +allow priv_app boottime_prop:file { read write open }; +allow priv_app device:dir { read write open }; +allow priv_app proc:file { read write open getattr }; +allow priv_app proc_interrupts:file { read write open }; +allow priv_app proc_modules:file { read write open getattr }; +allow priv_app sysfs:dir { read write open }; +allow priv_app sysfs_android_usb:file { read write open }; + diff --git a/sepolicy/private/vendor_init.te b/sepolicy/private/vendor_init.te index ded5968..9fce680 100644 --- a/sepolicy/private/vendor_init.te +++ b/sepolicy/private/vendor_init.te @@ -1,2 +1,10 @@ allow vendor_init kernel:system module_request; allow vendor_init tmpfs:lnk_file create; + +allow vendor_init proc:dir { write add_name }; +allow vendor_init sysfs_android_usb:dir { write add_name }; +allow vendor_init sysfs_devices_system_cpu:dir { write add_name }; + +allow vendor_init proc:file create; +allow vendor_init sysfs_android_usb:file create; +allow vendor_init sysfs_devices_system_cpu:file create; |