diff options
Diffstat (limited to 'sepolicy')
| -rw-r--r-- | sepolicy/file_contexts | 1 | ||||
| -rw-r--r-- | sepolicy/readmac.te | 17 |
2 files changed, 18 insertions, 0 deletions
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index affd4b0..65154cf 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -28,3 +28,4 @@ /sys/kernel/debug/rmt_storage/rmts u:object_r:debugfs_rmts:s0 /system/bin/ifaadaemon u:object_r:ifaadaemon_exec:s0 +/system/bin/readmac u:object_r:readmac_exec:s0 diff --git a/sepolicy/readmac.te b/sepolicy/readmac.te new file mode 100644 index 0000000..adb739e --- /dev/null +++ b/sepolicy/readmac.te @@ -0,0 +1,17 @@ +type readmac, domain; +type readmac_exec, exec_type, file_type; + +# Allow for transition from init domain to readmac +init_daemon_domain(readmac) + +# Allow readmac to communicate with qmuxd via qmux_radio socket +qmux_socket(readmac) + +# Allow readmac to fully access wlan_mac.bin persist file +allow readmac persist_file:dir rw_dir_perms; +allow readmac persist_file:file create_file_perms; + +allow readmac self:capability dac_override; +allow readmac self:socket create_socket_perms; + +allow readmac diag_device:chr_file rw_file_perms; |