diff options
Diffstat (limited to 'sepolicy/workarounds.te')
| -rw-r--r-- | sepolicy/workarounds.te | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/sepolicy/workarounds.te b/sepolicy/workarounds.te new file mode 100644 index 0000000..1a776d3 --- /dev/null +++ b/sepolicy/workarounds.te @@ -0,0 +1,64 @@ +#============= credmgr ============== +allow credmgr iddd:unix_dgram_socket sendto; +allow credmgr iddd_file:sock_file write; +allow credmgr secd_data_file:file { write getattr setattr read lock open }; +allow credmgr self:capability dac_override; +allow credmgr socket_device:sock_file write; +allow credmgr suntrold:unix_stream_socket connectto; +allow credmgr tad:unix_stream_socket connectto; +allow credmgr tad_socket:sock_file write; +allow credmgr tee_device:chr_file { read write open ioctl }; + +#============= iddd ============== +allow iddd default_prop:property_service set; +allow iddd iddd_file:dir { remove_name search add_name }; +allow iddd iddd_file:file { rename create }; +allow iddd init:unix_stream_socket connectto; +allow iddd property_socket:sock_file write; +allow iddd iddd_file:file unlink; +allow iddd iddd_file:sock_file { write create unlink setattr }; +allow iddd logd:unix_stream_socket connectto; +allow iddd logdr_socket:sock_file write; +allow iddd self:netlink_socket { write bind create }; +allow iddd system_file:file execute_no_trans; + +#============= mediaserver ============== +allow mediaserver credmgr:unix_stream_socket connectto; +allow mediaserver socket_device:sock_file write; + +#============= suntrold ============== +allow suntrold self:capability dac_override; +allow suntrold socket_device:dir add_name; +allow suntrold socket_device:sock_file { create setattr }; +allow suntrold tad:unix_stream_socket connectto; +allow suntrold tad_socket:sock_file write; +allow suntrold tee_device:chr_file { read write ioctl open }; + +#============= system_server ============== +allow system_server ta_data_file:file { read open }; + +#============= ta_qmi ============== +allow ta_qmi self:capability { setuid setgid }; + +#============= tad ============== +allow tad block_device:blk_file { read write ioctl open }; +allow tad iddd:unix_dgram_socket sendto; +allow tad iddd_file:sock_file write; + +#============= thermanager ============== +allow thermanager sysfs_battery_supply:dir search; +allow thermanager sysfs_battery_supply:file { read write open }; + + + + +#============= init ============== +allow init block_device:blk_file setattr; +allow init debugfs:dir mounton; +allow init self:socket { read bind create write ioctl }; +allow init smem_log_device:chr_file { write ioctl }; +allow init socket_device:sock_file { create unlink setattr }; + +#============= taimport ============== +allow taimport ta_data_file:file unlink; + |