287 files changed, 177798 insertions, 0 deletions
diff --git a/sepolicy/bootvideo.te b/sepolicy/bootvideo.te new file mode 100644 index 0000000..49a341e --- a/dev/null +++ b/sepolicy/bootvideo.te @@ -0,0 +1,36 @@ +type bootvideo, domain; +type bootvideo_exec, exec_type, vendor_file_type, file_type; +#init_daemon_domain(bootvideo) +#binder_use(bootvideo); +#unix_socket_connect(bootvideo, property, init); + +#Bootvideo +allow bootvideo media_prop:file { read open getattr }; +allow bootvideo sysfs:file { read open getattr }; +allow bootvideo proc:file { read open getattr }; +allow bootvideo sysfs_audio_cap:file { read open getattr }; + +#Self +allow bootvideo self:process execmem; +allow bootvideo self:capability {dac_override dac_read_search}; + +#System device +#allow bootvideo video_device:chr_file rw_file_perms; +allow bootvideo audio_device:dir r_dir_perms; +#allow bootvideo audio_device:chr_file rw_file_perms; +#allow bootvideo uio_device:chr_file rw_file_perms; +#allow bootvideo dvb_video_device:chr_file rw_file_perms; + +#File system and property +allow bootvideo system_control:binder call; +#allow bootvideo property_socket:property_service set; +allow bootvideo media_prop:property_service set; +allow bootvideo property_socket:sock_file write; + +#System volume file +allow bootvideo system_data_file:file open; + +allow bootvideo sysfs_xbmc:file { open read write getattr }; +#allow bootvideo system_control_service:service_manager find; + +set_prop(bootvideo, system_prop) |