summaryrefslogtreecommitdiff
path: root/sepolicy
diff options
context:
space:
mode:
authornailyk-fr <nailyk_git@nailyk.fr>2017-03-12 19:42:22 +0100
committerMax Weffers <rcstar6696@gmail.com>2017-03-27 14:09:20 +0200
commit98fb5e441250ff0ec52e2dd7355fbfbb026695ad (patch)
tree4246d8e3991107bacece35aef8f3aa6e64ad1cfd /sepolicy
parent48856dd0c794ab0bba2133226d33e94c8c6465c3 (diff)
shinano-common: vendor: Camera init
Change-Id: I0b85560bb56beee0d21751fe55587c2de4b8ff00
Diffstat (limited to 'sepolicy')
-rw-r--r--sepolicy/credmgrd.te14
-rw-r--r--sepolicy/file_contexts1
2 files changed, 15 insertions, 0 deletions
diff --git a/sepolicy/credmgrd.te b/sepolicy/credmgrd.te
index d696393..9a26a89 100644
--- a/sepolicy/credmgrd.te
+++ b/sepolicy/credmgrd.te
@@ -63,4 +63,18 @@ allow credmgrd ion_device:chr_file { ioctl open read };
#============= credmgrd ==============
allow credmgrd cache_file:dir search;
+#============= credmgr init script ==============
+allow credmgrd cache_file:dir add_name;
+allow credmgrd cache_file:file { create getattr open read unlink write };
+allow credmgrd credmgrd_data_file:dir { getattr rename search };
+allow credmgrd devpts:chr_file { getattr ioctl open read write };
+allow credmgrd init:unix_stream_socket connectto;
+allow credmgrd property_socket:sock_file write;
+allow credmgrd shell_exec:file { getattr read };
+allow credmgrd system_data_file:dir { add_name remove_name write };
+allow credmgrd system_file:file execute_no_trans;
+allow credmgrd system_prop:property_service set;
+allow credmgrd toolbox_exec:file { execute execute_no_trans getattr open read };
+allow credmgrd credmgrd_data_file:dir { relabelto reparent rmdir };
+allow credmgrd system_data_file:dir { create relabelfrom setattr };
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index de91760..ef24289 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -37,6 +37,7 @@
###########
#credmgrd
/system/bin/credmgrd u:object_r:credmgrd_exec:s0
+/system/bin/credmgrfirstboot.sh u:object_r:credmgrd_exec:s0
/dev/socket/credmgr u:object_r:credmgrd_socket:s0
/data/credmgr(/.*)? u:object_r:credmgrd_data_file:s0
/cache/CredentialManagerData u:object_r:credmgrd_data_file:s0