diff options
Diffstat (limited to 'sepolicy/credmgrd.te')
| -rw-r--r-- | sepolicy/credmgrd.te | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/sepolicy/credmgrd.te b/sepolicy/credmgrd.te new file mode 100644 index 0000000..5d185e2 --- /dev/null +++ b/sepolicy/credmgrd.te @@ -0,0 +1,21 @@ +init_daemon_domain(credmgrd) + +allow credmgrd credmgrd_socket:dir rw_dir_perms; +allow credmgrd credmgrd_socket:sock_file create_file_perms; +allow credmgrd firmware_file:dir search; +allow credmgrd firmware_file:file r_file_perms; +allow credmgrd ion_device:chr_file rw_file_perms; +allow credmgrd tad:unix_stream_socket connectto; +allow credmgrd tad_socket:sock_file rw_file_perms; +allow credmgrd tee_device:chr_file rw_file_perms; +allow credmgrd vendor_toolbox_exec:file rx_file_perms; + +allow credmgrd cache_file:dir create_dir_perms; +allow credmgrd cache_file:file create_file_perms; + +# Needed to create /data/credmgr +allow credmgrd system_data_file:dir { create_dir_perms relabelfrom }; +allow credmgrd credmgrd_data_file:dir { create_dir_perms relabelto }; +allow credmgrd credmgrd_data_file:file create_file_perms; + +set_prop(credmgrd, credmgrd_prop) |