diff options
| author | diegocr <diegocr@gmail.com> | 2017-03-20 18:11:20 +0100 |
|---|---|---|
| committer | davidevinavil <davidevinavil@gmail.com> | 2017-04-07 13:32:26 +0200 |
| commit | e0e3e7574e8329a91dbf7812c5d2aa70b35b95ef (patch) | |
| tree | 7ae231f64dc274ff78c65e3f18e6544e879a93ff | |
| parent | 213d1db0f4d2acb5425bdb2ea673b42e39c5e022 (diff) | |
sepolicy: Fix some denials 2
Change-Id: Ic1c92ba6e902f208809cd10e106f8cd070642410
| -rw-r--r-- | sepolicy/sysinit.te | 16 | ||||
| -rw-r--r-- | sepolicy/system_server.te | 1 |
2 files changed, 17 insertions, 0 deletions
diff --git a/sepolicy/sysinit.te b/sepolicy/sysinit.te new file mode 100644 index 0000000..549fe58 --- /dev/null +++ b/sepolicy/sysinit.te @@ -0,0 +1,16 @@ +allow sysinit adsprpcd_file:dir getattr; +allow sysinit cache_file:dir getattr; +allow sysinit proc:file write; +allow sysinit proc_dirty_ratio:file write; +allow sysinit self:capability { dac_override dac_read_search }; +allow sysinit storage_file:dir getattr; +allow sysinit system_block_device:blk_file read; +allow sysinit proc:file open; +allow sysinit proc_dirty_ratio:file open; +allow sysinit system_block_device:blk_file open; +allow sysinit proc:file read; +allow sysinit proc_dirty_ratio:file read; +allow sysinit system_block_device:blk_file ioctl; +allow sysinit proc:file getattr; +allow sysinit proc_dirty_ratio:file getattr; +allow sysinit self:capability sys_admin; diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te index 7c9fd5c..e9c07c8 100644 --- a/sepolicy/system_server.te +++ b/sepolicy/system_server.te @@ -17,3 +17,4 @@ allow system_server vold:process setsched; allow system_server zygote:process setsched; allow system_server diag_device:chr_file open; allow system_server diag_device:chr_file ioctl; +allow system_server kernel:system syslog_read; |