diff options
| author | Cosme Domínguez Díaz <cosme.ddiaz@gmail.com> | 2018-05-06 13:29:23 +0200 |
|---|---|---|
| committer | Cosme Domínguez Díaz <cosme.ddiaz@gmail.com> | 2018-05-06 20:16:29 +0200 |
| commit | 8942b0b2d8762e58c6ac96372863d50291233560 (patch) | |
| tree | f415609ff10246127ce31f9bb5f2f675711d6c30 | |
| parent | 544876dbd9415ff28f6401f6197f6e45a1c0759f (diff) | |
msm8996-common: More SELinux fixes...
| -rw-r--r-- | sepolicy/file_contexts | 3 | ||||
| -rw-r--r-- | sepolicy/genfs_contexts | 1 | ||||
| -rw-r--r-- | sepolicy/hal_fingerprint_default.te | 5 | ||||
| -rw-r--r-- | sepolicy/system_server.te | 2 |
4 files changed, 8 insertions, 3 deletions
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index 9e25999..ce50b3f 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -1,6 +1,5 @@ # Partitions -/dev/block/platform/soc/624000\.ufshc/by-name/persist u:object_r:persist_block_device:s0 -/dev/block/platform/soc/7464900\.sdhci/by-name/persist u:object_r:persist_block_device:s0 +/dev/block/platform/soc/(624000\.ufshc|7464900\.sdhci)/by-name/persist u:object_r:persist_block_device:s0 # Devices /dev/fpc1020 u:object_r:fpc1020_device:s0 diff --git a/sepolicy/genfs_contexts b/sepolicy/genfs_contexts index 99cf5c2..7efd294 100644 --- a/sepolicy/genfs_contexts +++ b/sepolicy/genfs_contexts @@ -34,6 +34,7 @@ genfscon sysfs /devices/soc/soc:qcom,cnss u:object_r:sysfs_msm_subsy genfscon sysfs /devices/soc/9300000.qcom,lpass u:object_r:sysfs_msm_subsys:s0 genfscon sysfs /devices/soc/1c00000.qcom,ssc u:object_r:sysfs_msm_subsys:s0 genfscon sysfs /devices/soc/2080000.qcom,mss u:object_r:sysfs_msm_subsys:s0 +genfscon sysfs /devices/soc/91c0000.slim u:object_r:sysfs_msm_subsys:s0 genfscon sysfs /kernel/boot_adsp/boot u:object_r:sysfs_msm_subsys:s0 genfscon sysfs /kernel/boot_slpi/boot u:object_r:sysfs_msm_subsys:s0 genfscon sysfs /devices/soc/600000.qcom,pcie u:object_r:sysfs_pcie:s0 diff --git a/sepolicy/hal_fingerprint_default.te b/sepolicy/hal_fingerprint_default.te index d5a91a1..3a655b1 100644 --- a/sepolicy/hal_fingerprint_default.te +++ b/sepolicy/hal_fingerprint_default.te @@ -1,3 +1,5 @@ +typeattribute hal_fingerprint_default socket_between_core_and_vendor_violators; + r_dir_file(hal_fingerprint_default, firmware_file) allow hal_fingerprint_default tee_device:chr_file ioctl; allow hal_fingerprint_default fpc_data_file:dir rw_dir_perms; @@ -5,4 +7,5 @@ allow hal_fingerprint_default sysfs_fingerprint:dir r_dir_perms; allow hal_fingerprint_default sysfs_fingerprint:file rw_file_perms; allow hal_fingerprint_default tee_device:chr_file rw_file_perms; allow hal_fingerprint_default firmware_file:file r_file_perms; -allow hal_fingerprint_default system_data_file:dir rw_dir_perms; +allow hal_fingerprint_default fpc_data_file:dir create_dir_perms; +allow hal_fingerprint_default fpc_data_file:sock_file { create setattr unlink }; diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te index 631fa7b..c3cd476 100644 --- a/sepolicy/system_server.te +++ b/sepolicy/system_server.te @@ -4,6 +4,8 @@ allow system_server sysfs_fingerprint:file rw_file_perms; allow system_server install_data_file:file getattr; +allow system_server zygote:process getpgid; + # /vendor/usr/keylayout r_dir_file(system_server, idc_file) # /vendor/usr/idc |