diff options
author | nailyk-fr <nailyk_git@nailyk.fr> | 2017-02-12 13:31:17 +0100 |
---|---|---|
committer | nailyk-fr <nailyk_git@nailyk.fr> | 2017-02-21 20:24:25 +0100 |
commit | 181043c8705f2f7576f1a1e21bafd7e14cde3f06 (patch) | |
tree | 79dd4d1b26ec6abe225c2a31c0ca321038973c79 /sepolicy/credmgrd.te | |
parent | 91b15b8584a12ebd8e321d32536ed8ced1e321d7 (diff) |
shinano-common: sepolicies: Add camera related entries
Change-Id: Icfc6a998c6c5615351ed59111284858b9f27893c
shinano-common: Rework credmgrd sepolicies
Change-Id: Id922021b05ed0313b5cd7e506641632277a82105
shinano-common: Fix last camera denials
Change-Id: Ibf96ebf0a136ffa40be85369896f57645c24157c
Diffstat (limited to 'sepolicy/credmgrd.te')
-rw-r--r-- | sepolicy/credmgrd.te | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/sepolicy/credmgrd.te b/sepolicy/credmgrd.te new file mode 100644 index 0000000..82c4929 --- /dev/null +++ b/sepolicy/credmgrd.te @@ -0,0 +1,62 @@ +#credmgrd define +type credmgrd, domain; +type credmgrd_exec, exec_type, file_type; +type credmgrd_data_file, file_type; +type credmgrd_socket, file_type; +init_daemon_domain(credmgrd); + +#credmgrd self +allow credmgrd self:socket create_socket_perms; +allow credmgrd self:file rw_file_perms; +allow credmgrd self:dir rw_file_perms; +allow credmgrd self:fifo_file rw_file_perms; +allow credmgrd credmgrd_data_file:file { getattr lock open read setattr write }; +allow credmgrd cache_file:dir { remove_name write }; +allow credmgrd credmgrd_data_file:dir { add_name open read remove_name write }; +allow credmgrd credmgrd_data_file:file { create unlink }; + + +#credmgdr tad +allow credmgrd tad_block_device:blk_file { read write ioctl open }; +allow credmgrd tad_socket:unix_dgram_socket sendto; +allow credmgrd tad_socket:unix_stream_socket connectto; +allow credmgrd tad:unix_stream_socket connectto; +allow credmgrd tad_socket:sock_file write; + +#credmgrd camera server +allow credmgrd camera_socket:file { read write getattr open }; +allow credmgrd camera_socket:unix_stream_socket sendto; +allow credmgrd camera_socket:unix_stream_socket connectto; + +#credmgrd mediaserver +allow mediaserver credmgrd:unix_stream_socket connectto; + +#credmgrd mm-qcamera +allow credmgrd mm-qcamerad:file { read write getattr open }; +allow credmgrd mm-qcamerad:unix_stream_socket sendto; +allow credmgrd mm-qcamerad:unix_stream_socket connectto; + +#credmgrd qseecomd tee +allow credmgrd tee_device:chr_file rw_file_perms; + +#credmgrd suntrold +allow credmgrd suntrold_sock_socket:unix_dgram_socket sendto; +allow credmgrd suntrold_sock_socket:unix_stream_socket connectto; +allow credmgrd suntrold_sock_socket:sock_file write; +allow credmgrd suntrold:unix_stream_socket connectto; + +#credmgrd iddd +allow credmgrd iddd:unix_dgram_socket sendto; +allow credmgrd iddd_file:dir search; +allow credmgrd iddd_file:sock_file write; +allow credmgrd iddd_file:unix_stream_socket connectto; +allow credmgrd iddd_file:unix_dgram_socket sendto; + + +#/mnt/idd is tmpfs +allow credmgrd tmpfs:lnk_file read; + +#credmgrd ion +allow credmgrd ion_device:chr_file { ioctl open read }; + + |