aboutsummaryrefslogtreecommitdiff
path: root/sepolicy/dashd.te
blob: 41525dd8e10302d5248762134dde86099741fa43 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
# dash daemon

# dashd seclabel is specified in init.rc since
# it lives in the rootfs and has no unique file type.
type dashd, domain;

# Write to /dev/kmsg
allow dashd kmsg_device:chr_file rw_file_perms;

allow dashd self:capability { net_admin sys_tty_config };
wakelock_use(dashd)
allow dashd self:netlink_kobject_uevent_socket create_socket_perms;
binder_use(dashd)
binder_service(dashd)
binder_call(dashd, system_server)

# Write to state file.
allow dashd sysfs:file write;

###
### dashd: charger mode
###

# Read /sys/fs/pstore/console-ramoops
# Don't worry about overly broad permissions for now, as there's
# only one file in /sys/fs/pstore
allow dashd pstorefs:dir r_dir_perms;
allow dashd pstorefs:file r_file_perms;

allow dashd graphics_device:dir r_dir_perms;
allow dashd graphics_device:chr_file rw_file_perms;
allow dashd input_device:dir r_dir_perms;
allow dashd input_device:chr_file  rw_file_perms;
allow dashd tty_device:chr_file rw_file_perms;
allow dashd ashmem_device:chr_file execute;
allow dashd self:process execmem;
allow dashd proc_sysrq:file rw_file_perms;
allow dashd self:capability { sys_boot dac_override};
allow dashd device:dir { open read write } ;
#allow dashd device:chr_file { write read };

allow dashd proc_stat:file r_file_perms;
allow dashd sysfs_batteryinfo:file r_file_perms;

r_dir_file(dashd, sysfs_usb_supply);
r_dir_file(dashd, sysfs_battery_supply);