shinano-common: Cleanup sepolicy

Change-Id: If615758376413b16fcc80addd03a9ba5cd388e8a
author: Arian <arian.kulmer@web.de> 2020-12-11 00:07:18 +0100
committer: Arian <arian.kulmer@web.de> 2020-12-21 19:20:35 +0100
commit: f12ef27cb9fc9f9cda9078230c5ab5b4ce0d4d93 (patch)
tree: 6578430d6f24122fc5904c34220cb205345ba28a /sepolicy/credmgrd.te
parent: d3c930897d2429bedcfbd713dae369b53840f97b (diff)
1 files changed, 21 insertions, 0 deletions
diff --git a/sepolicy/credmgrd.te b/sepolicy/credmgrd.te
new file mode 100644
index 0000000..5d185e2
--- /dev/null
+++ b/sepolicy/credmgrd.te
@@ -0,0 +1,21 @@
+init_daemon_domain(credmgrd)
+
+allow credmgrd credmgrd_socket:dir rw_dir_perms;
+allow credmgrd credmgrd_socket:sock_file create_file_perms;
+allow credmgrd firmware_file:dir search;
+allow credmgrd firmware_file:file r_file_perms;
+allow credmgrd ion_device:chr_file rw_file_perms;
+allow credmgrd tad:unix_stream_socket connectto;
+allow credmgrd tad_socket:sock_file rw_file_perms;
+allow credmgrd tee_device:chr_file rw_file_perms;
+allow credmgrd vendor_toolbox_exec:file rx_file_perms;
+
+allow credmgrd cache_file:dir create_dir_perms;
+allow credmgrd cache_file:file create_file_perms;
+
+# Needed to create /data/credmgr
+allow credmgrd system_data_file:dir { create_dir_perms relabelfrom };
+allow credmgrd credmgrd_data_file:dir { create_dir_perms relabelto };
+allow credmgrd credmgrd_data_file:file create_file_perms;
+
+set_prop(credmgrd, credmgrd_prop)
author	Arian <arian.kulmer@web.de>	2020-12-11 00:07:18 +0100
committer	Arian <arian.kulmer@web.de>	2020-12-21 19:20:35 +0100
commit	f12ef27cb9fc9f9cda9078230c5ab5b4ce0d4d93 (patch)
tree	6578430d6f24122fc5904c34220cb205345ba28a /sepolicy/credmgrd.te
parent	d3c930897d2429bedcfbd713dae369b53840f97b (diff)