-rw-r--r-- | common/sepolicy/adbd.te | 1 | ||||
-rw-r--r-- | common/sepolicy/charger.te | 2 | ||||
-rw-r--r-- | common/sepolicy/firmload.te | 4 | ||||
-rw-r--r-- | common/sepolicy/recovery.te | 34 | ||||
-rw-r--r-- | common/sepolicy/shell.te | 3 | ||||
-rw-r--r-- | common/sepolicy/system_app.te | 5 |
6 files changed, 43 insertions, 6 deletions
diff --git a/common/sepolicy/recovery.te b/common/sepolicy/recovery.te new file mode 100644 index 0000000..9d309ce --- a/dev/null +++ b/common/sepolicy/recovery.te @@ -0,0 +1,34 @@ +allow recovery aml_display_prop:property_service set; +allow recovery input_device:chr_file write; +allow recovery kmsg_device:chr_file { write open read }; +allow recovery self:netlink_kobject_uevent_socket { create setopt bind read }; +allow recovery sysfs_xbmc:file { read write open }; +allow recovery system_prop:property_service set; +allow recovery self:capability net_admin; + +allow recovery uboot_prop:property_service set; +allow recovery rootfs:dir create_dir_perms; +allow recovery sysfs:dir mounton; + +allow recovery vfat:dir create_dir_perms; +allow recovery vfat:file create_file_perms; + +allow recovery env_device:chr_file rw_file_perms; +allow recovery input_device:chr_file write; +allow recovery property_data_file:dir { search }; +allow recovery device:dir rw_dir_perms; +allow recovery bootloader_device:chr_file rw_file_perms; +allow recovery defendkey_device:chr_file rw_file_perms; +allow recovery dtb_device:chr_file { open read write }; +allow recovery aml_display_prop:property_service set; +allow recovery recovery:capability { net_admin }; + +allow recovery aml_display_prop:file {open read getattr}; +allow recovery uboot_prop:file {open read getattr}; + +allow recovery update_data_file:file rw_file_perms; +allow recovery update_data_file:dir { search read write open }; + +allow shell tmpfs:file {open read getattr}; +allow shell sysfs:file {read}; +allow shell rootfs:file {execute_no_trans};
\ No newline at end of file |