diff options
Diffstat (limited to 'sepolicy/workarounds.te')
-rw-r--r-- | sepolicy/workarounds.te | 100 |
1 files changed, 100 insertions, 0 deletions
diff --git a/sepolicy/workarounds.te b/sepolicy/workarounds.te index 1a776d3..52203d8 100644 --- a/sepolicy/workarounds.te +++ b/sepolicy/workarounds.te @@ -1,3 +1,8 @@ +allow cameraserver camera_socket:dir { search write add_name }; +allow cameraserver camera_socket:file { read write getattr open }; +allow mm-qcamerad camera_socket:dir { search write add_name }; +allow mm-qcamerad camera_socket:file { read write getattr open }; + #============= credmgr ============== allow credmgr iddd:unix_dgram_socket sendto; allow credmgr iddd_file:sock_file write; @@ -62,3 +67,98 @@ allow init socket_device:sock_file { create unlink setattr }; #============= taimport ============== allow taimport ta_data_file:file unlink; + +#============= credmgr ============== +allow credmgr ion_device:chr_file { ioctl open read }; + +#============= init ============== +allow init debugfs:file write; + +#============= qti_init_shell ============== +allow qti_init_shell tad:unix_stream_socket connectto; +allow qti_init_shell tad_socket:sock_file write; + +#============= scd ============== +allow scd socket_device:dir { add_name write }; +allow scd socket_device:sock_file { create setattr }; +allow scd sysfs:file { getattr open read }; + +#============= suntrold ============== +allow suntrold ion_device:chr_file { ioctl open read }; + +#============= tad ============== +allow tad proc:file { open read }; +allow tad rootfs:file { entrypoint read }; + +#============= taimport ============== +allow taimport adbsecure_prop:property_service set; +allow taimport init:unix_stream_socket connectto; +allow taimport property_socket:sock_file write; + +#============= thermanager ============== +allow thermanager sysfs:file { open read }; + +#============= wv ============== +allow wv ion_device:chr_file { ioctl open read }; +allow wv socket_device:sock_file write; +allow wv suntrold:unix_stream_socket connectto; +allow wv tad:unix_stream_socket connectto; +allow wv tad_socket:sock_file write; +allow wv tee_device:chr_file { ioctl open read write }; + + + + + +#============= cameraserver ============== +allow cameraserver ta_data_file:dir { getattr open read }; +allow cameraserver sudaemon:unix_dgram_socket sendto; +allow cameraserver sudaemon:unix_stream_socket connectto; +allow cameraserver mm-qcamerad:unix_stream_socket sendto; +allow cameraserver mm-qcamerad:unix_stream_socket connectto; + + + +#============r credmgr ============== +allow credmgr ion_device:chr_file { ioctl open read }; + +#============= init ============== +allow init debugfs:file write; + +#============= mm-qcamerad ============== +allow mm-qcamerad system_file:file execmod; +allow mm-qcamerad system_prop:property_service set; +allow mm-qcamerad ta_data_file:dir { getattr open read }; + +#============= qti_init_shell ============== +allow qti_init_shell tad:unix_stream_socket connectto; +allow qti_init_shell tad_socket:sock_file write; + +#============= scd ============== +allow scd socket_device:dir { add_name write }; +allow scd socket_device:sock_file { create setattr }; +allow scd sysfs:file { getattr open read }; + +#============= suntrold ============== +allow suntrold ion_device:chr_file { ioctl open read }; + +#============= tad ============== +allow tad proc:file { open read }; +allow tad rootfs:file { entrypoint read }; + +#============= taimport ============== +allow taimport adbsecure_prop:property_service set; +allow taimport init:unix_stream_socket connectto; +allow taimport property_socket:sock_file write; + +#============= thermanager ============== +allow thermanager sysfs:file { open read }; + +#============= wv ============== +allow wv ion_device:chr_file { ioctl open read }; +allow wv socket_device:sock_file write; +allow wv suntrold:unix_stream_socket connectto; +allow wv tad:unix_stream_socket connectto; +allow wv tad_socket:sock_file write; +allow wv tee_device:chr_file { ioctl open read write }; + |