author | Xindong Xu <xindong.xu@amlogic.com> | 2017-11-07 10:45:50 (GMT) |
---|---|---|
committer | Xindong Xu <xindong.xu@amlogic.com> | 2017-11-09 09:12:20 (GMT) |
commit | 90fa911a44139cf7dad56f5b180dbf86df8ee458 (patch) | |
tree | 8884c9552bc7dbf94568bcd2af57057228ee5ae4 | |
parent | 8d7a228a0cd9d7df00a4d8f5d51716f748f576cf (diff) | |
download | amlogic-o-90fa911a44139cf7dad56f5b180dbf86df8ee458.zip amlogic-o-90fa911a44139cf7dad56f5b180dbf86df8ee458.tar.gz amlogic-o-90fa911a44139cf7dad56f5b180dbf86df8ee458.tar.bz2 |
sepolicy: add sepolicy for recovery [1/1]
PD# 153611
add sepolicy for recovery
Change-Id: I536443a8a0a6484885959766a8df1312fde3366a
-rw-r--r-- | common/sepolicy/adbd.te | 1 | ||||
-rw-r--r-- | common/sepolicy/charger.te | 2 | ||||
-rw-r--r-- | common/sepolicy/firmload.te | 4 | ||||
-rw-r--r-- | common/sepolicy/recovery.te | 34 | ||||
-rw-r--r-- | common/sepolicy/shell.te | 3 | ||||
-rw-r--r-- | common/sepolicy/system_app.te | 5 |
6 files changed, 43 insertions, 6 deletions
diff --git a/common/sepolicy/adbd.te b/common/sepolicy/adbd.te new file mode 100644 index 0000000..01a14f2 --- a/dev/null +++ b/common/sepolicy/adbd.te @@ -0,0 +1 @@ +allow adbd ctl_mdnsd_prop:property_service set; diff --git a/common/sepolicy/charger.te b/common/sepolicy/charger.te new file mode 100644 index 0000000..92bac53 --- a/dev/null +++ b/common/sepolicy/charger.te @@ -0,0 +1,2 @@ +allow charger self:capability2 wake_alarm; + diff --git a/common/sepolicy/firmload.te b/common/sepolicy/firmload.te index e394ffb..7ffa6f3 100644 --- a/common/sepolicy/firmload.te +++ b/common/sepolicy/firmload.te @@ -4,7 +4,7 @@ init_daemon_domain(firmload) allow firmload drm_device:chr_file { open read write ioctl }; allow firmload rootfs:lnk_file getattr; -allow firmload system_data_file:dir { write add_name }; +allow firmload system_data_file:dir { write add_name create write }; allow firmload system_data_file:file { read open getattr }; allow firmload sysfs:file { read open getattr }; -allow firmload proc:file { read open getattr }; +allow firmload proc:file { read open getattr };
\ No newline at end of file diff --git a/common/sepolicy/recovery.te b/common/sepolicy/recovery.te new file mode 100644 index 0000000..9d309ce --- a/dev/null +++ b/common/sepolicy/recovery.te @@ -0,0 +1,34 @@ +allow recovery aml_display_prop:property_service set; +allow recovery input_device:chr_file write; +allow recovery kmsg_device:chr_file { write open read }; +allow recovery self:netlink_kobject_uevent_socket { create setopt bind read }; +allow recovery sysfs_xbmc:file { read write open }; +allow recovery system_prop:property_service set; +allow recovery self:capability net_admin; + +allow recovery uboot_prop:property_service set; +allow recovery rootfs:dir create_dir_perms; +allow recovery sysfs:dir mounton; + +allow recovery vfat:dir create_dir_perms; +allow recovery vfat:file create_file_perms; + +allow recovery env_device:chr_file rw_file_perms; +allow recovery input_device:chr_file write; +allow recovery property_data_file:dir { search }; +allow recovery device:dir rw_dir_perms; +allow recovery bootloader_device:chr_file rw_file_perms; +allow recovery defendkey_device:chr_file rw_file_perms; +allow recovery dtb_device:chr_file { open read write }; +allow recovery aml_display_prop:property_service set; +allow recovery recovery:capability { net_admin }; + +allow recovery aml_display_prop:file {open read getattr}; +allow recovery uboot_prop:file {open read getattr}; + +allow recovery update_data_file:file rw_file_perms; +allow recovery update_data_file:dir { search read write open }; + +allow shell tmpfs:file {open read getattr}; +allow shell sysfs:file {read}; +allow shell rootfs:file {execute_no_trans};
\ No newline at end of file diff --git a/common/sepolicy/shell.te b/common/sepolicy/shell.te index 5c3da9a..d1444a2 100644 --- a/common/sepolicy/shell.te +++ b/common/sepolicy/shell.te @@ -1,6 +1,5 @@ -allow shell rootfs:file { entrypoint }; +allow shell rootfs:file { entrypoint execute read getattr }; allow shell sysfs:file { read open getattr }; - allow shell hdcptx_device:chr_file { open read write getattr ioctl }; diff --git a/common/sepolicy/system_app.te b/common/sepolicy/system_app.te index 1ffe0b0..f570405 100644 --- a/common/sepolicy/system_app.te +++ b/common/sepolicy/system_app.te @@ -40,8 +40,9 @@ #allow system_app pppoe_wrapper_socket:sock_file create; #allow system_app pppoe_wrapper_socket:sock_file unlink; #allow system_app pppoe_wrapper_socket:file create; -#allow system_app cache_recovery_file:dir { search read open write add_name remove_name}; -#allow system_app cache_recovery_file:file { create rw_file_perms unlink}; + +allow system_app cache_recovery_file:dir { search read open write add_name remove_name }; +allow system_app cache_recovery_file:file { create getattr open read write }; #allow system_app update_engine:binder {call transfer}; # |