summaryrefslogtreecommitdiff
path: root/sepolicy
diff options
context:
space:
mode:
authornailyk-fr <nailyk_git@nailyk.fr>2017-02-03 22:14:58 +0100
committernailyk-fr <nailyk_git@nailyk.fr>2017-02-21 13:44:34 +0100
commit711a050e1dfc815235dd6fc58765b5c74d0cb69c (patch)
treec839da26e277f8040ec108084b74dee03d343668 /sepolicy
parenta60acfecd4da26c4f6ad79e2911fa8b214372670 (diff)
shinano-common: sepolicies: Add idd policy context
Change-Id: I38050b1701c4bf3ee3929c17a1e8dad849b9e815
Diffstat (limited to 'sepolicy')
-rw-r--r--sepolicy/file.te7
-rw-r--r--sepolicy/file_contexts16
-rw-r--r--sepolicy/idd.te13
3 files changed, 36 insertions, 0 deletions
diff --git a/sepolicy/file.te b/sepolicy/file.te
index 1fbdf98..3b612b6 100644
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -1 +1,8 @@
type sysfs_vibrator, fs_type, sysfs_type;
+
+# TAD
+type secd_socket, file_type;
+type secd_data_file, file_type;
+
+# idd
+type iddd_file, file_type, data_file_type;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index ecc8452..7b54068 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -10,3 +10,19 @@
# Hardware tunables
/sys/devices/virtual/timed_output/vibrator/vtg_level -- u:object_r:sysfs_vibrator:s0
+
+#iddd
+/system/bin/iddd u:object_r:iddd_exec:s0
+/idd(/.*)? u:object_r:iddd_file:s0
+
+/system/bin/credmgrd u:object_r:credmgr_exec:s0
+
+# Taimport
+/data/etc(/.*) u:object_r:ta_data_file:s0
+
+#TA
+/dev/socket/secd_credmgr_sock u:object_r:secd_socket:s0
+/dev/socket/secd_devsec_sock u:object_r:secd_socket:s0
+/dev/socket/secd_ebl_sock u:object_r:secd_socket:s0
+/data/credmgr u:object_r:secd_data_file:s0
+/data/credmgr(/.*) u:object_r:secd_data_file:s0
diff --git a/sepolicy/idd.te b/sepolicy/idd.te
new file mode 100644
index 0000000..e9f6a0d
--- /dev/null
+++ b/sepolicy/idd.te
@@ -0,0 +1,13 @@
+type iddd, domain;
+
+type iddd_exec, exec_type, file_type;
+init_daemon_domain(iddd)
+
+allow iddd self:socket create_socket_perms;
+allow iddd iddd_file:fifo_file rw_file_perms;
+allow iddd iddd_file:file rw_file_perms;
+allow iddd iddd_file:dir rw_file_perms;
+
+type_transition iddd system_data_file:file iddd_file;
+
+type credmgr_exec, exec_type, file_type;