summaryrefslogtreecommitdiff
path: root/sepolicy
diff options
context:
space:
mode:
authortunturn <arbiter1000@gmail.com>2017-03-09 12:36:22 +1100
committerMax Weffers <rcstar6696@gmail.com>2017-03-14 13:19:58 +0100
commitbda77e8b2f5266a03031a294af96876c4410ea6e (patch)
tree68cada46cc2aae1031d12394ad1c18161ace6e66 /sepolicy
parent0fb1a17dca83816d614ecc4bcf466b559c8e9d09 (diff)
sepolicy: changes for bluetooth denials
Change-Id: I2ca85cd2c555b74f8de63c05e1e6dd2cc292dac9
Diffstat (limited to 'sepolicy')
-rw-r--r--sepolicy/file.te4
-rw-r--r--sepolicy/file_contexts3
-rw-r--r--sepolicy/init.te5
-rw-r--r--sepolicy/te_macros9
-rw-r--r--sepolicy/uim.te13
5 files changed, 33 insertions, 1 deletions
diff --git a/sepolicy/file.te b/sepolicy/file.te
index 3b612b6..da08fbe 100644
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -6,3 +6,7 @@ type secd_data_file, file_type;
# idd
type iddd_file, file_type, data_file_type;
+
+# BRCM BT FM
+type brcm_ldisc_sysfs, sysfs_type, fs_type;
+type brcm_uim_exec, exec_type, file_type;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index f4f6c13..3c1a1d8 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -36,7 +36,8 @@
/system/bin/wvkbd u:object_r:wv_exec:s0
-
+# Bluetooth
+/system/bin/brcm-uim-sysfs u:object_r:brcm_uim_exec:s0
###########
#credmgrd
diff --git a/sepolicy/init.te b/sepolicy/init.te
new file mode 100644
index 0000000..dd6d281
--- /dev/null
+++ b/sepolicy/init.te
@@ -0,0 +1,5 @@
+#FM BCM
+allow init hci_attach_dev:chr_file rw_file_perms;
+allow init brcm_uim_exec:file { execute getattr read open };
+allow init brcm_ldisc_sysfs:lnk_file { read };
+allow init uim:process { siginh noatsecure transition rlimitinh };
diff --git a/sepolicy/te_macros b/sepolicy/te_macros
new file mode 100644
index 0000000..136d928
--- /dev/null
+++ b/sepolicy/te_macros
@@ -0,0 +1,9 @@
+# rw_dir_file(domain, type)
+# Allow the specified domain to read and write directories, files
+# and symbolic links of the specified type.
+define(`rw_dir_file', `
+allow $1 $2:dir rw_dir_perms;
+allow $1 $2:{ file lnk_file } rw_file_perms;
+')
+
+
diff --git a/sepolicy/uim.te b/sepolicy/uim.te
new file mode 100644
index 0000000..1a38892
--- /dev/null
+++ b/sepolicy/uim.te
@@ -0,0 +1,13 @@
+type uim, domain;
+
+rw_dir_file(uim, sysfs)
+rw_dir_file(uim, brcm_ldisc_sysfs)
+rw_dir_file(uim, bluetooth_data_file)
+rw_dir_file(uim, sysfs_bluetooth_writable)
+allow uim brcm_uim_exec:file { entrypoint getattr read execute };
+allow uim hci_attach_dev:chr_file { read write ioctl open };
+allow uim self:capability { net_admin dac_override };
+allow uim rootfs:lnk_file getattr;
+allow uim ta_data_file:dir search;
+allow uim bluetooth_prop:sock_file write;
+allow uim ta_data_file:file r_file_perms;