mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-27 08:29:31 -05:00
b6575a362e
Signed-off-by: Tad <tad@spotco.us>
82 lines
2.6 KiB
Diff
82 lines
2.6 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Tad <tad@spotco.us>
|
|
Date: Wed, 13 Feb 2019 21:14:04 -0500
|
|
Subject: [PATCH] audit2allow sepolicies
|
|
|
|
Change-Id: I8a43008d22b302ed54838251e328619de5c1f890
|
|
---
|
|
sepolicy/init.te | 3 +++
|
|
sepolicy/logd.te | 1 +
|
|
sepolicy/netd.te | 1 +
|
|
sepolicy/platform_app.te | 1 +
|
|
sepolicy/rild.te | 5 +++++
|
|
sepolicy/sysinit.te | 1 +
|
|
sepolicy/system_server.te | 2 ++
|
|
7 files changed, 14 insertions(+)
|
|
create mode 100644 sepolicy/logd.te
|
|
create mode 100644 sepolicy/netd.te
|
|
create mode 100644 sepolicy/sysinit.te
|
|
|
|
diff --git a/sepolicy/init.te b/sepolicy/init.te
|
|
index 13c8bd4..c0980a6 100644
|
|
--- a/sepolicy/init.te
|
|
+++ b/sepolicy/init.te
|
|
@@ -7,3 +7,6 @@ allow init tmpfs:lnk_file create;
|
|
|
|
# For 'cpuset' module requests
|
|
allow init kernel:system module_request;
|
|
+
|
|
+allow init block_device:lnk_file relabelfrom;
|
|
+allow init perfprofd_exec:file getattr;
|
|
diff --git a/sepolicy/logd.te b/sepolicy/logd.te
|
|
new file mode 100644
|
|
index 0000000..2e9f1eb
|
|
--- /dev/null
|
|
+++ b/sepolicy/logd.te
|
|
@@ -0,0 +1 @@
|
|
+allow logd unlabeled:dir search;
|
|
diff --git a/sepolicy/netd.te b/sepolicy/netd.te
|
|
new file mode 100644
|
|
index 0000000..af9fbc1
|
|
--- /dev/null
|
|
+++ b/sepolicy/netd.te
|
|
@@ -0,0 +1 @@
|
|
+allow netd kernel:system module_request;
|
|
diff --git a/sepolicy/platform_app.te b/sepolicy/platform_app.te
|
|
index 4d92e6b..dadb55e 100644
|
|
--- a/sepolicy/platform_app.te
|
|
+++ b/sepolicy/platform_app.te
|
|
@@ -1 +1,2 @@
|
|
allow platform_app nfc_service:service_manager find;
|
|
+allow platform_app system_app_data_file:dir getattr;
|
|
diff --git a/sepolicy/rild.te b/sepolicy/rild.te
|
|
index 7c72874..5e35cf9 100644
|
|
--- a/sepolicy/rild.te
|
|
+++ b/sepolicy/rild.te
|
|
@@ -19,3 +19,8 @@ allow rild logcat_exec:file { getattr read open execute execute_no_trans };
|
|
# Device-specific calls could be moved into their respective device trees
|
|
# in the future.
|
|
allowxperm rild self:unix_stream_socket ioctl { 0x89a0 0x89a2 0x89a3 0x89f0 };
|
|
+allow rild system_file:file execmod;
|
|
+allow rild toolbox_exec:file getattr;
|
|
+allow rild toolbox_exec:file execute;
|
|
+allow rild toolbox_exec:file { open read };
|
|
+allow rild toolbox_exec:file execute_no_trans;
|
|
diff --git a/sepolicy/sysinit.te b/sepolicy/sysinit.te
|
|
new file mode 100644
|
|
index 0000000..5cd8eb3
|
|
--- /dev/null
|
|
+++ b/sepolicy/sysinit.te
|
|
@@ -0,0 +1 @@
|
|
+allow sysinit userinit_exec:file execute;
|
|
diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
|
|
index e59d7c6..d78ffbb 100644
|
|
--- a/sepolicy/system_server.te
|
|
+++ b/sepolicy/system_server.te
|
|
@@ -1,3 +1,5 @@
|
|
# system_server
|
|
|
|
# Needed for /system/vendor/lib/hw/gps.omap4.so
|
|
+
|
|
+allow system_server wifi_log_prop:property_service set;
|