diff options
| -rw-r--r-- | sepolicy/audioserver.te | 3 | ||||
| -rw-r--r-- | sepolicy/cnd.te | 3 | ||||
| -rw-r--r-- | sepolicy/dpmd.te | 3 | ||||
| -rw-r--r-- | sepolicy/fingerprintd.te | 6 | ||||
| -rw-r--r-- | sepolicy/ims.te | 3 | ||||
| -rw-r--r-- | sepolicy/ipacm-diag.te | 3 | ||||
| -rw-r--r-- | sepolicy/location.te | 3 | ||||
| -rw-r--r-- | sepolicy/netmgrd.te | 5 | ||||
| -rw-r--r-- | sepolicy/priv_app.te | 2 | ||||
| -rw-r--r-- | sepolicy/qmuxd.te | 3 | ||||
| -rw-r--r-- | sepolicy/qti.te | 3 | ||||
| -rw-r--r-- | sepolicy/rild.te | 3 | ||||
| -rw-r--r-- | sepolicy/sensors.te | 3 | ||||
| -rw-r--r-- | sepolicy/surfaceflinger.te | 3 | ||||
| -rw-r--r-- | sepolicy/system_server.te | 12 | ||||
| -rw-r--r-- | sepolicy/thermal-engine.te | 4 | ||||
| -rw-r--r-- | sepolicy/time_daemon.te | 3 | ||||
| -rw-r--r-- | sepolicy/wcnss_filter.te | 1 | ||||
| -rw-r--r-- | sepolicy/wcnss_service.te | 3 |
19 files changed, 63 insertions, 6 deletions
diff --git a/sepolicy/audioserver.te b/sepolicy/audioserver.te index 332b327..65a6bf3 100644 --- a/sepolicy/audioserver.te +++ b/sepolicy/audioserver.te @@ -1 +1,4 @@ set_prop(audioserver, diag_prop); +allow audioserver diag_device:chr_file { read write }; +allow audioserver diag_device:chr_file open; +allow audioserver diag_device:chr_file ioctl; diff --git a/sepolicy/cnd.te b/sepolicy/cnd.te index 8d25b5f..654dece 100644 --- a/sepolicy/cnd.te +++ b/sepolicy/cnd.te @@ -1,2 +1,5 @@ allow cnd diag_prop:property_service set; get_prop(cnd, diag_prop); +allow cnd diag_device:chr_file { read write }; +allow cnd diag_device:chr_file open; +allow cnd diag_device:chr_file ioctl; diff --git a/sepolicy/dpmd.te b/sepolicy/dpmd.te index dad0de7..5a47688 100644 --- a/sepolicy/dpmd.te +++ b/sepolicy/dpmd.te @@ -1 +1,4 @@ get_prop(dpmd, diag_prop); +allow dpmd diag_device:chr_file { read write }; +allow dpmd diag_device:chr_file open; +allow dpmd diag_device:chr_file ioctl; diff --git a/sepolicy/fingerprintd.te b/sepolicy/fingerprintd.te index b505659..0a693bf 100644 --- a/sepolicy/fingerprintd.te +++ b/sepolicy/fingerprintd.te @@ -8,3 +8,9 @@ allow fingerprintd sysfs_fpc_irq:file rw_file_perms; allow fingerprintd tee_device:chr_file rw_file_perms; allow fingerprintd sysfs:file write; allow fingerprintd vfat:file r_file_perms; +allow fingerprintd system_data_file:dir { read write }; +allow fingerprintd system_data_file:dir { open remove_name }; +allow fingerprintd system_data_file:sock_file unlink; +allow fingerprintd system_data_file:dir add_name; +allow fingerprintd system_data_file:sock_file create; +allow fingerprintd system_data_file:sock_file setattr; diff --git a/sepolicy/ims.te b/sepolicy/ims.te index 472504a..13f3f51 100644 --- a/sepolicy/ims.te +++ b/sepolicy/ims.te @@ -1,3 +1,6 @@ allow ims diag_prop:property_service set; allow ims self:capability net_raw; get_prop(ims, diag_prop); +allow ims diag_device:chr_file { read write }; +allow ims diag_device:chr_file open; +allow ims diag_device:chr_file ioctl; diff --git a/sepolicy/ipacm-diag.te b/sepolicy/ipacm-diag.te index db7fc42..d81b682 100644 --- a/sepolicy/ipacm-diag.te +++ b/sepolicy/ipacm-diag.te @@ -1,2 +1,5 @@ set_prop(ipacm-diag, diag_prop) set_prop(ipacm-diag, system_prop) +allow ipacm-diag diag_device:chr_file { read write }; +allow ipacm-diag diag_device:chr_file open; +allow ipacm-diag diag_device:chr_file ioctl; diff --git a/sepolicy/location.te b/sepolicy/location.te index 756bb26..73d1f32 100644 --- a/sepolicy/location.te +++ b/sepolicy/location.te @@ -1 +1,4 @@ allow location permission_service:service_manager find; +allow location diag_device:chr_file { read write }; +allow location diag_device:chr_file open; +allow location diag_device:chr_file ioctl; diff --git a/sepolicy/netmgrd.te b/sepolicy/netmgrd.te index ab1140f..81c6213 100644 --- a/sepolicy/netmgrd.te +++ b/sepolicy/netmgrd.te @@ -1,5 +1,6 @@ type_transition netmgrd system_data_file:file netmgrd_data_file "log.txt"; - allow netmgrd self:capability dac_override; allow netmgrd netmgrd_data_file:file rw_file_perms; - +allow netmgrd diag_device:chr_file { read write }; +allow netmgrd diag_device:chr_file open; +allow netmgrd diag_device:chr_file ioctl; diff --git a/sepolicy/priv_app.te b/sepolicy/priv_app.te index c2dfcc0..72e3223 100644 --- a/sepolicy/priv_app.te +++ b/sepolicy/priv_app.te @@ -1,4 +1,2 @@ allow priv_app device:dir r_dir_perms; allow priv_app rfs_system_file:dir r_dir_perms; - - diff --git a/sepolicy/qmuxd.te b/sepolicy/qmuxd.te index 6f2f530..c0a40f4 100644 --- a/sepolicy/qmuxd.te +++ b/sepolicy/qmuxd.te @@ -1 +1,4 @@ set_prop(qmuxd, diag_prop) +allow qmuxd diag_device:chr_file { read write }; +allow qmuxd diag_device:chr_file open; +allow qmuxd diag_device:chr_file ioctl; diff --git a/sepolicy/qti.te b/sepolicy/qti.te index 09692b5..172211a 100644 --- a/sepolicy/qti.te +++ b/sepolicy/qti.te @@ -1 +1,4 @@ set_prop(qti, diag_prop) +allow qti diag_device:chr_file { read write }; +allow qti diag_device:chr_file open; +allow qti diag_device:chr_file ioctl; diff --git a/sepolicy/rild.te b/sepolicy/rild.te index 7093468..97e582b 100644 --- a/sepolicy/rild.te +++ b/sepolicy/rild.te @@ -1,4 +1,7 @@ allow rild nv_data_file:dir rw_dir_perms; allow rild nv_data_file:file create_file_perms; allow rild diag_prop:property_service set; +allow rild diag_device:chr_file { read write }; get_prop(rild, diag_prop); +allow rild diag_device:chr_file open; +allow rild diag_device:chr_file ioctl; diff --git a/sepolicy/sensors.te b/sepolicy/sensors.te index 3f82807..899c77b 100644 --- a/sepolicy/sensors.te +++ b/sepolicy/sensors.te @@ -1 +1,4 @@ set_prop(sensors, diag_prop) +allow sensors diag_device:chr_file { read write }; +allow sensors diag_device:chr_file open; +allow sensors diag_device:chr_file ioctl; diff --git a/sepolicy/surfaceflinger.te b/sepolicy/surfaceflinger.te index 5dd9fdc..1b654f0 100644 --- a/sepolicy/surfaceflinger.te +++ b/sepolicy/surfaceflinger.te @@ -1 +1,4 @@ get_prop(surfaceflinger, diag_prop); +allow surfaceflinger diag_device:chr_file { read write }; +allow surfaceflinger diag_device:chr_file open; +allow surfaceflinger diag_device:chr_file ioctl; diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te index 0cbb3e8..7c9fd5c 100644 --- a/sepolicy/system_server.te +++ b/sepolicy/system_server.te @@ -6,4 +6,14 @@ allow system_server sensors_persist_file:dir search; allow system_server proc_stat:file r_file_perms; allow system_server unlabeled:file unlink; get_prop(system_server, diag_prop); - +allow system_server diag_device:chr_file { read write }; +allow system_server drmserver:process setsched; +allow system_server keystore:process setsched; +allow system_server mediacodec:process setsched; +allow system_server mediadrmserver:process setsched; +allow system_server mediaextractor:process setsched; +allow system_server sdcardd:process setsched; +allow system_server vold:process setsched; +allow system_server zygote:process setsched; +allow system_server diag_device:chr_file open; +allow system_server diag_device:chr_file ioctl; diff --git a/sepolicy/thermal-engine.te b/sepolicy/thermal-engine.te index a101e5f..7565599 100644 --- a/sepolicy/thermal-engine.te +++ b/sepolicy/thermal-engine.te @@ -1,7 +1,9 @@ type_transition thermal-engine system_data_file:file thermal_data_file "decrypt.txt"; - allow thermal-engine sysfs_kgsl:file r_file_perms; allow thermal-engine system_data_file:dir w_dir_perms; allow thermal-engine thermal_data_file:file create_file_perms; allow thermal-engine sysfs_usb_supply:dir search; allow thermal-engine sysfs_usb_supply:file r_file_perms; +allow thermal-engine diag_device:chr_file { read write }; +allow thermal-engine diag_device:chr_file open; +allow thermal-engine diag_device:chr_file ioctl; diff --git a/sepolicy/time_daemon.te b/sepolicy/time_daemon.te index 6bd661a..53503d9 100644 --- a/sepolicy/time_daemon.te +++ b/sepolicy/time_daemon.te @@ -1,2 +1,5 @@ allow time_daemon property_socket:sock_file write; get_prop(time_daemon, diag_prop); +allow time_daemon diag_device:chr_file { read write }; +allow time_daemon diag_device:chr_file open; +allow time_daemon diag_device:chr_file ioctl; diff --git a/sepolicy/wcnss_filter.te b/sepolicy/wcnss_filter.te index aad7936..7de2b1c 100644 --- a/sepolicy/wcnss_filter.te +++ b/sepolicy/wcnss_filter.te @@ -1 +1,2 @@ get_prop(wcnss_filter, diag_prop); +allow wcnss_filter diag_device:chr_file { ioctl open read write }; diff --git a/sepolicy/wcnss_service.te b/sepolicy/wcnss_service.te index 2982cf8..32252f5 100644 --- a/sepolicy/wcnss_service.te +++ b/sepolicy/wcnss_service.te @@ -5,3 +5,6 @@ allow wcnss_service self:capability { net_raw }; get_prop(wcnss_service, diag_prop); +allow wcnss_service diag_device:chr_file { read write }; +allow wcnss_service diag_device:chr_file open; +allow wcnss_service diag_device:chr_file ioctl; |