SEPolicy: Add ioctl whitelist for UIM.

Adds a list of ioctls, which are emitted by the UIM service. This service setups the broadcom BT/FM driver. Change-Id: Ib37674796a5e2d677a4bb3f596110f906f290b74 Signed-off-by: Alexander Diewald <Diewi@diewald-net.com>
author: Alexander Diewald <Diewi@diewald-net.com> 2017-10-08 19:35:45 +0200
committer: Arian <arian.kulmer@web.de> 2019-10-07 11:07:17 +0200
commit: ad0bc3c46f222f9f3a76f94136fb73e165368d83 (patch)
tree: c7a1214ddde47891b072569dfbba69b7185625e8 /sepolicy
parent: 9e3d5f035f58e667adbfaf612fc208457c00b6d3 (diff)
3 files changed, 14 insertions, 0 deletions
diff --git a/sepolicy/ioctl_defines b/sepolicy/ioctl_defines
new file mode 100644
index 0000000..a031d75
--- /dev/null
+++ b/sepolicy/ioctl_defines
@@ -0,0 +1,5 @@
+define(`TCGETS', `0x00005401')
+define(`TCSETS', `0x00005402')
+define(`TCFLSH', `0x0000540b')
+define(`TIOCSETD', `0x00005423')
+define(`IOCTLUNKNOWN', `0x000055c8')
diff --git a/sepolicy/ioctl_macros b/sepolicy/ioctl_macros
new file mode 100644
index 0000000..99df172
--- /dev/null
+++ b/sepolicy/ioctl_macros
@@ -0,0 +1,7 @@
+define(`uim_sock_ipc_ioctls', `{
+TCGETS
+TCSETS
+TCFLSH
+TIOCSETD
+IOCTLUNKNOWN
+}')
diff --git a/sepolicy/uim.te b/sepolicy/uim.te
index c452704..11b7fbf 100644
--- a/sepolicy/uim.te
+++ b/sepolicy/uim.te
@@ -12,3 +12,5 @@ allow uim ta_data_file:dir search;
 allow uim bluetooth_prop:sock_file write;
 allow uim ta_data_file:file r_file_perms;
 allow uim hci_attach_dev:chr_file ioctl; 
+
+allowxperm uim hci_attach_dev:chr_file ioctl uim_sock_ipc_ioctls;
author	Alexander Diewald <Diewi@diewald-net.com>	2017-10-08 19:35:45 +0200
committer	Arian <arian.kulmer@web.de>	2019-10-07 11:07:17 +0200
commit	ad0bc3c46f222f9f3a76f94136fb73e165368d83 (patch)
tree	c7a1214ddde47891b072569dfbba69b7185625e8 /sepolicy
parent	9e3d5f035f58e667adbfaf612fc208457c00b6d3 (diff)