diff options
| -rw-r--r-- | sepolicy/cnd.te | 1 | ||||
| -rw-r--r-- | sepolicy/dataservice_app.te | 1 | ||||
| -rw-r--r-- | sepolicy/ims.te | 1 | ||||
| -rw-r--r-- | sepolicy/netmgrd.te | 1 | ||||
| -rw-r--r-- | sepolicy/priv_app.te | 4 | ||||
| -rw-r--r-- | sepolicy/qti_init_shell.te | 4 | ||||
| -rw-r--r-- | sepolicy/rfs_access.te | 1 | ||||
| -rw-r--r-- | sepolicy/system_server.te | 3 |
8 files changed, 16 insertions, 0 deletions
diff --git a/sepolicy/cnd.te b/sepolicy/cnd.te index 5b6938b..6bf32b4 100644 --- a/sepolicy/cnd.te +++ b/sepolicy/cnd.te @@ -3,3 +3,4 @@ allow cnd sysfs_msm_subsys:file { getattr open read setattr }; allow cnd sysfs_soc:dir search; allow cnd system_data_file:dir read; allow cnd system_data_file:file { getattr ioctl open read }; +allow cnd default_android_hwservice:hwservice_manager add; diff --git a/sepolicy/dataservice_app.te b/sepolicy/dataservice_app.te new file mode 100644 index 0000000..c518cc5 --- /dev/null +++ b/sepolicy/dataservice_app.te @@ -0,0 +1 @@ +allow dataservice_app default_android_hwservice:hwservice_manager find; diff --git a/sepolicy/ims.te b/sepolicy/ims.te index a46b104..cb96ea5 100644 --- a/sepolicy/ims.te +++ b/sepolicy/ims.te @@ -2,3 +2,4 @@ allow ims sysfs_msm_subsys:dir search; allow ims sysfs_msm_subsys:file { getattr open read setattr }; allow ims sysfs_soc:dir search; allow ims ctl_default_prop:property_service set; +allow ims default_android_hwservice:hwservice_manager find; diff --git a/sepolicy/netmgrd.te b/sepolicy/netmgrd.te index 06bbe17..c791cee 100644 --- a/sepolicy/netmgrd.te +++ b/sepolicy/netmgrd.te @@ -5,3 +5,4 @@ allow netmgrd sysfs_net:file rw_file_perms; allow netmgrd sysfs_soc:dir search; allow netmgrd property_socket:sock_file write; allow netmgrd init:unix_stream_socket connectto; +allow netmgrd vendor_xlat_prop:property_service set; diff --git a/sepolicy/priv_app.te b/sepolicy/priv_app.te index 0b0b72b..d62b1bb 100644 --- a/sepolicy/priv_app.te +++ b/sepolicy/priv_app.te @@ -20,6 +20,10 @@ allow priv_app sepolicy_file:file r_file_perms; allow priv_app service_contexts_file:file r_file_perms; allow priv_app vendor_file:file rx_file_perms; allow priv_app vndservice_contexts_file:file r_file_perms; +allow priv_app device:dir open; +allow priv_app proc:file { getattr open }; +allow priv_app proc_interrupts:file open; +allow priv_app proc_modules:file { getattr open }; r_dir_file(priv_app, sysfs_type); binder_call(priv_app, hal_memtrack_default); diff --git a/sepolicy/qti_init_shell.te b/sepolicy/qti_init_shell.te index a5ec8a4..a62472e 100644 --- a/sepolicy/qti_init_shell.te +++ b/sepolicy/qti_init_shell.te @@ -2,3 +2,7 @@ allow qti_init_shell sysfs:file write; allow qti_init_shell vendor_radio_data_file:dir { getattr open read search setattr }; allow qti_init_shell vfat:file { getattr open read setattr }; allow qti_init_shell vfat:dir { open read search }; +allow qti_init_shell self:capability { dac_override dac_read_search }; +allow qti_init_shell system_data_file:dir { add_name write remove_name }; +allow qti_init_shell system_data_file:file { create getattr open read rename setattr unlink write }; +allow qti_init_shell file_contexts_file:file { getattr open read }; diff --git a/sepolicy/rfs_access.te b/sepolicy/rfs_access.te new file mode 100644 index 0000000..e64a575 --- /dev/null +++ b/sepolicy/rfs_access.te @@ -0,0 +1 @@ +allow rfs_access self:capability { dac_override dac_read_search }; diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te index 51face6..2236fd4 100644 --- a/sepolicy/system_server.te +++ b/sepolicy/system_server.te @@ -9,3 +9,6 @@ allow system_server zygote:process getpgid; r_dir_file(system_server, idc_file) # /vendor/usr/idc r_dir_file(system_server, keylayout_file) + +allow system_server dalvikcache_data_file:file { execute write }; +allow system_server vendor_camera_prop:file { getattr open read }; |