diff options
Diffstat (limited to '')
| -rw-r--r-- | sepolicy/cnd.te | 3 | ||||
| -rw-r--r-- | sepolicy/mediaprovider.te | 3 | ||||
| -rw-r--r-- | sepolicy/mm-qcamerad.te | 7 | ||||
| -rw-r--r-- | sepolicy/priv_app.te | 25 | ||||
| -rw-r--r-- | sepolicy/thermal-engine.te | 13 | 
5 files changed, 8 insertions, 43 deletions
| diff --git a/sepolicy/cnd.te b/sepolicy/cnd.te index 5b6938b..99ea2df 100644 --- a/sepolicy/cnd.te +++ b/sepolicy/cnd.te @@ -1,5 +1,4 @@ -allow cnd sysfs_msm_subsys:dir search; +allow cnd { sysfs_msm_subsys sysfs_soc }:dir search;  allow cnd sysfs_msm_subsys:file { getattr open read setattr }; -allow cnd sysfs_soc:dir search;  allow cnd system_data_file:dir read;  allow cnd system_data_file:file { getattr ioctl open read }; diff --git a/sepolicy/mediaprovider.te b/sepolicy/mediaprovider.te index bea5690..cd1717a 100644 --- a/sepolicy/mediaprovider.te +++ b/sepolicy/mediaprovider.te @@ -1,2 +1 @@ -allow mediaprovider cache_private_backup_file:dir r_dir_perms; -allow mediaprovider cache_recovery_file:dir r_dir_perms; +allow mediaprovider{ cache_private_backup_file cache_recovery_file }:dir r_dir_perms; diff --git a/sepolicy/mm-qcamerad.te b/sepolicy/mm-qcamerad.te index 4ae3bd5..5fb8b43 100644 --- a/sepolicy/mm-qcamerad.te +++ b/sepolicy/mm-qcamerad.te @@ -2,8 +2,5 @@ typeattribute  mm-qcamerad data_between_core_and_vendor_violators;  allow mm-qcamerad camera_data_file:dir create_dir_perms;  allow mm-qcamerad camera_data_file:file create_file_perms; - -allow mm-qcamerad sysfs_camera:dir search; -allow mm-qcamerad sysfs_camera:file r_file_perms; -allow mm-qcamerad sysfs_video:dir search; -allow mm-qcamerad sysfs_video:file r_file_perms; +allow mm-qcamerad { sysfs_camera sysfs_video }:dir search; +allow mm-qcamerad { sysfs_camera sysfs_video }:file r_file_perms; diff --git a/sepolicy/priv_app.te b/sepolicy/priv_app.te index 22617da..9439899 100644 --- a/sepolicy/priv_app.te +++ b/sepolicy/priv_app.te @@ -1,28 +1,7 @@  allow priv_app adsprpcd_file:filesystem getattr; -allow priv_app asec_apk_file:dir r_dir_perms; -allow priv_app bt_firmware_file:dir r_dir_perms; -allow priv_app cache_private_backup_file:dir r_dir_perms; -allow priv_app cgroup:dir r_dir_perms; -allow priv_app configfs:dir r_dir_perms; -allow priv_app configfs:file r_file_perms; -allow priv_app file_contexts_file:file r_file_perms; -allow priv_app firmware_file:dir r_file_perms; +allow priv_app { asec_apk_file bt_firmware_file cache_private_backup_file cgroup configfs mnt_media_rw_file radio_data_file }:dir r_dir_perms; +allow priv_app { configfs  file_contexts_file firmware_file hwservice_contexts_file keylayout_file mac_perms_file nonplat_service_contexts_file proc proc_interrupts proc_modules proc_stat seapp_contexts_file sepolicy_file service_contexts_file vendor_file vndservice_contexts_file }:file r_file_perms;  allow priv_app hal_memtrack_hwservice:hwservice_manager find; -allow priv_app hwservice_contexts_file:file r_file_perms; -allow priv_app keylayout_file:dir r_file_perms; -allow priv_app mac_perms_file:file r_file_perms; -allow priv_app mnt_media_rw_file:dir r_dir_perms; -allow priv_app nonplat_service_contexts_file:file r_file_perms; -allow priv_app proc_stat:file r_file_perms; -allow priv_app radio_data_file:dir r_dir_perms; -allow priv_app seapp_contexts_file:file r_file_perms; -allow priv_app sepolicy_file:file r_file_perms; -allow priv_app service_contexts_file:file r_file_perms; -allow priv_app vendor_file:file rx_file_perms; -allow priv_app vndservice_contexts_file:file r_file_perms; -allow priv_app proc_interrupts:file r_file_perms; -allow priv_app proc_modules:file r_file_perms; -allow priv_app proc:file r_file_perms;  allow priv_app device:dir open;  r_dir_file(priv_app, sysfs_type); diff --git a/sepolicy/thermal-engine.te b/sepolicy/thermal-engine.te index ffd8a30..5c1b2cd 100644 --- a/sepolicy/thermal-engine.te +++ b/sepolicy/thermal-engine.te @@ -1,13 +1,4 @@  typeattribute thermal-engine data_between_core_and_vendor_violators; -allow thermal-engine sysfs_msm_subsys:dir search; -allow thermal-engine sysfs_msm_subsys:file { getattr open read setattr }; -allow thermal-engine sysfs_usb_supply:dir search; -allow thermal-engine sysfs_usb_supply:file r_file_perms; - -allow thermal-engine sysfs_soc:dir search; - -allow thermal-engine sysfs_msm_core:dir search; -allow thermal-engine sysfs_msm_core:file r_file_perms; - -allow thermal-engine sysfs_rmtfs:dir search; +allow thermal-engine { sysfs_msm_core sysfs_msm_subsys sysfs_usb_supply }:file r_file_perms; +allow thermal-engine { sysfs_soc sysfs_msm_core sysfs_rmtfs sysfs_msm_subsys sysfs_usb_supply }:dir search; | 
