diff options
| -rw-r--r-- | rootdir/etc/init.qcom.rc | 6 | ||||
| -rw-r--r-- | sepolicy/bluetooth.te | 1 | ||||
| -rw-r--r-- | sepolicy/file.te | 3 | ||||
| -rw-r--r-- | sepolicy/file_contexts | 29 | ||||
| -rw-r--r-- | sepolicy/macloader.te | 1 | ||||
| -rw-r--r-- | sepolicy/radio.te | 1 | ||||
| -rw-r--r-- | sepolicy/rild.te | 2 | ||||
| -rw-r--r-- | sepolicy/system_server.te | 5 |
8 files changed, 36 insertions, 12 deletions
diff --git a/rootdir/etc/init.qcom.rc b/rootdir/etc/init.qcom.rc index 0a5c387..a9b973b 100644 --- a/rootdir/etc/init.qcom.rc +++ b/rootdir/etc/init.qcom.rc @@ -144,6 +144,12 @@ on post-fs-data mkdir /data/misc/perfd 2755 root system mkdir /data/system/perfd 2770 root system + restorecon_recursive /efs + restorecon_recursive /efs/bluetooth + restorecon_recursive /efs/imei + restorecon_recursive /efs/FactoryApp + restorecon_recursive /efs/wifi + setprop vold.post_fs_data_done 1 on early-boot diff --git a/sepolicy/bluetooth.te b/sepolicy/bluetooth.te index c127f7c..285d017 100644 --- a/sepolicy/bluetooth.te +++ b/sepolicy/bluetooth.te @@ -1 +1,2 @@ allow bluetooth bluetooth_dev:chr_file rw_file_perms; +allow bluetooth bluetooth_efs_file:file { open read }; diff --git a/sepolicy/file.te b/sepolicy/file.te new file mode 100644 index 0000000..c4bf2da --- /dev/null +++ b/sepolicy/file.te @@ -0,0 +1,3 @@ +type sensors_efs_file, file_type; +type ril_efs_file, file_type; +type wifi_efs_file, file_type; diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index 8750c2f..4894fa0 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -1,11 +1,24 @@ -# Needed by fsck -/dev/block/platform/msm_sdcc\.1/by-name/efs u:object_r:efs_block_device:s0 +# bluetooth +/dev/btlock u:object_r:bluetooth_dev:s0 +/efs/bluetooth/bt_addr u:object_r:bluetooth_efs_file:s0 -# Needed by macloader -/data/\.cid\.info u:object_r:wifi_data_file:s0 +# fsck +/dev/block/platform/msm_sdcc\.1/by-name/efs u:object_r:efs_block_device:s0 -# Bluetooth -/dev/btlock u:object_r:bluetooth_dev:s0 +# macloader +/data/\.cid\.info u:object_r:wifi_data_file:s0 -# Needed by NFC -/dev/bcm2079x u:object_r:nfc_device:s0 +# NFC +/dev/bcm2079x u:object_r:nfc_device:s0 + +# ril +/efs/imei(/.*)? u:object_r:ril_efs_file:s0 +/efs/FactoryApp/keystr u:object_r:ril_efs_file:s0 + +# sensors +/efs/hw_offset u:object_r:sensors_efs_file:s0 +/efs/gyro_cal_data u:object_r:sensors_efs_file:s0 +/efs/FactoryApp/baro_delta u:object_r:sensors_efs_file:s0 + +# wifi +/efs/wifi/\.mac\.info u:object_r:wifi_efs_file:s0 diff --git a/sepolicy/macloader.te b/sepolicy/macloader.te index e7a3a56..f02cba7 100644 --- a/sepolicy/macloader.te +++ b/sepolicy/macloader.te @@ -2,6 +2,5 @@ type macloader, domain; type macloader_exec, exec_type, file_type; init_daemon_domain(macloader) -allow macloader efs_file:file { getattr open read }; allow macloader self:capability { chown fowner fsetid }; allow macloader wifi_data_file:file { getattr open setattr write }; diff --git a/sepolicy/radio.te b/sepolicy/radio.te new file mode 100644 index 0000000..9ba85de --- /dev/null +++ b/sepolicy/radio.te @@ -0,0 +1 @@ +allow radio system_app_data_file:dir getattr; diff --git a/sepolicy/rild.te b/sepolicy/rild.te index 1112f68..05aa4e4 100644 --- a/sepolicy/rild.te +++ b/sepolicy/rild.te @@ -1,4 +1,4 @@ allow rild self:capability dac_override; - allow rild proc_net:file write; +allow rild ril_efs_file:file { getattr open read }; allow rild system_app_data_file:dir search; diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te index 9e12eb8..f8e8512 100644 --- a/sepolicy/system_server.te +++ b/sepolicy/system_server.te @@ -1,4 +1,5 @@ -allow system_server efs_file:dir search; -allow system_server efs_file:file { open read write }; +allow system_server ril_efs_file:file { open read }; +allow system_server sensors_efs_file:file { open read write }; +allow system_server wifi_efs_file:file { open read }; allow system_server mdm_device:chr_file { getattr ioctl open read }; allow system_server system_file:file execmod; |