diff options
Diffstat (limited to 'sepolicy/neverallows.te')
-rw-r--r-- | sepolicy/neverallows.te | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/sepolicy/neverallows.te b/sepolicy/neverallows.te new file mode 100644 index 0000000..eeb858b --- /dev/null +++ b/sepolicy/neverallows.te @@ -0,0 +1,39 @@ +# CND +allow cnd default_android_hwservice:hwservice_manager add; + +# Dataservice +allow dataservice_app default_android_hwservice:hwservice_manager find; + +# IMS +allow ims default_android_hwservice:hwservice_manager find; + +# Init +binder_call(init, system_server); + +# Netmgrd +allow netmgrd vendor_xlat_prop:property_service set; + +# Perf +binder_call(system_app, perfprofd); + +# Priv-app +allow priv_app device:dir open; +allow priv_app proc:file { getattr open }; +allow priv_app proc_interrupts:file open; +allow priv_app proc_modules:file { getattr open }; + +# Qti init +allow qti_init_shell self:capability { dac_override dac_read_search }; +allow qti_init_shell system_data_file:dir { add_name write remove_name }; +allow qti_init_shell system_data_file:file { create getattr open read rename setattr unlink write }; +allow qti_init_shell file_contexts_file:file { getattr open read }; + +# ReadMac +allow readmac self:capability dac_override; + +# RFS +allow rfs_access self:capability { dac_override dac_read_search }; + +# SystemServer +allow system_server dalvikcache_data_file:file { execute write }; +allow system_server vendor_camera_prop:file { getattr open read }; |