aboutsummaryrefslogtreecommitdiff
path: root/sepolicy/neverallows.te
diff options
context:
space:
mode:
Diffstat (limited to 'sepolicy/neverallows.te')
-rw-r--r--sepolicy/neverallows.te39
1 files changed, 39 insertions, 0 deletions
diff --git a/sepolicy/neverallows.te b/sepolicy/neverallows.te
new file mode 100644
index 0000000..eeb858b
--- /dev/null
+++ b/sepolicy/neverallows.te
@@ -0,0 +1,39 @@
+# CND
+allow cnd default_android_hwservice:hwservice_manager add;
+
+# Dataservice
+allow dataservice_app default_android_hwservice:hwservice_manager find;
+
+# IMS
+allow ims default_android_hwservice:hwservice_manager find;
+
+# Init
+binder_call(init, system_server);
+
+# Netmgrd
+allow netmgrd vendor_xlat_prop:property_service set;
+
+# Perf
+binder_call(system_app, perfprofd);
+
+# Priv-app
+allow priv_app device:dir open;
+allow priv_app proc:file { getattr open };
+allow priv_app proc_interrupts:file open;
+allow priv_app proc_modules:file { getattr open };
+
+# Qti init
+allow qti_init_shell self:capability { dac_override dac_read_search };
+allow qti_init_shell system_data_file:dir { add_name write remove_name };
+allow qti_init_shell system_data_file:file { create getattr open read rename setattr unlink write };
+allow qti_init_shell file_contexts_file:file { getattr open read };
+
+# ReadMac
+allow readmac self:capability dac_override;
+
+# RFS
+allow rfs_access self:capability { dac_override dac_read_search };
+
+# SystemServer
+allow system_server dalvikcache_data_file:file { execute write };
+allow system_server vendor_camera_prop:file { getattr open read };