diff options
| author | mosimchah <mosimchah@gmail.com> | 2019-06-17 00:40:18 -0400 |
|---|---|---|
| committer | mosimchah <mosimchah@gmail.com> | 2019-06-17 04:50:57 -0400 |
| commit | 6637b594eae91e357cd5a1158b9844539b202808 (patch) | |
| tree | 17b85b07e2fe88a46c4a6d4aaa2f1874a4b59cbe | |
| parent | 691341f9be2bdf5215e7d1e40258dc0ff85fe761 (diff) | |
kirin970: Fix some denials
Change-Id: Ie374379c9a9bf2eb3517c807e19af2a84786311a
| -rw-r--r-- | sepolicy/private/init.te | 2 | ||||
| -rw-r--r-- | sepolicy/private/installd.te | 2 | ||||
| -rw-r--r-- | sepolicy/private/kernel.te | 2 | ||||
| -rw-r--r-- | sepolicy/private/netd.te | 2 | ||||
| -rw-r--r-- | sepolicy/private/system_server.te | 1 | ||||
| -rw-r--r-- | sepolicy/private/vendor_init.te | 2 | ||||
| -rw-r--r-- | sepolicy/private/vold.te | 2 |
7 files changed, 13 insertions, 0 deletions
diff --git a/sepolicy/private/init.te b/sepolicy/private/init.te index 12dc1b9..8f43d22 100644 --- a/sepolicy/private/init.te +++ b/sepolicy/private/init.te @@ -29,3 +29,5 @@ allow init sysfs_led:file setattr; # Allow init to mount adbd binary allow init rootfs:file mounton; +allow init tmpfs:lnk_file create; + diff --git a/sepolicy/private/installd.te b/sepolicy/private/installd.te new file mode 100644 index 0000000..5033fcc --- /dev/null +++ b/sepolicy/private/installd.te @@ -0,0 +1,2 @@ +allow installd system_file:file unlink; + diff --git a/sepolicy/private/kernel.te b/sepolicy/private/kernel.te index 14ee49b..cd11d76 100644 --- a/sepolicy/private/kernel.te +++ b/sepolicy/private/kernel.te @@ -5,3 +5,5 @@ allow kernel dubai_log_device:chr_file { read write open }; allow kernel device:chr_file { create setattr }; allow kernel system_data_file:dir { create_dir_perms rw_dir_perms }; allow kernel system_data_file:file create_file_perms; +allow kernel splash2_data_file:dir search; + diff --git a/sepolicy/private/netd.te b/sepolicy/private/netd.te index 9d2f70d..16ca979 100644 --- a/sepolicy/private/netd.te +++ b/sepolicy/private/netd.te @@ -3,4 +3,6 @@ allow netd sysfs:file { read write open }; allow netd proc_net:dir { write add_name }; allow netd self:capability fsetid; allow netd proc_net:file create; +allow netd kernel:system module_request; +allow netd self:capability sys_module; diff --git a/sepolicy/private/system_server.te b/sepolicy/private/system_server.te index d732d65..2f8b4be 100644 --- a/sepolicy/private/system_server.te +++ b/sepolicy/private/system_server.te @@ -12,3 +12,4 @@ allow system_server sysfs_zram:lnk_file rw_file_perms; # Allow system_server to read inside /sys allow system_server sysfs:file r_file_perms; +allow system_server default_android_hwservice:hwservice_manager find; diff --git a/sepolicy/private/vendor_init.te b/sepolicy/private/vendor_init.te index 9fce680..41a223e 100644 --- a/sepolicy/private/vendor_init.te +++ b/sepolicy/private/vendor_init.te @@ -8,3 +8,5 @@ allow vendor_init sysfs_devices_system_cpu:dir { write add_name }; allow vendor_init proc:file create; allow vendor_init sysfs_android_usb:file create; allow vendor_init sysfs_devices_system_cpu:file create; +allow vendor_init nfc_data_file:dir setattr; + diff --git a/sepolicy/private/vold.te b/sepolicy/private/vold.te index 76b1c20..2c742d3 100644 --- a/sepolicy/private/vold.te +++ b/sepolicy/private/vold.te @@ -13,3 +13,5 @@ allow vold sys_block_sdd:file write; # Allow vold to write inside zram file system allow vold sysfs_zram:file write; +allow vold splash2_data_file:dir read; + |