diff options
Diffstat (limited to 'sepolicy')
-rw-r--r-- | sepolicy/credmgrd.te | 14 | ||||
-rw-r--r-- | sepolicy/file_contexts | 1 |
2 files changed, 15 insertions, 0 deletions
diff --git a/sepolicy/credmgrd.te b/sepolicy/credmgrd.te index d696393..9a26a89 100644 --- a/sepolicy/credmgrd.te +++ b/sepolicy/credmgrd.te @@ -63,4 +63,18 @@ allow credmgrd ion_device:chr_file { ioctl open read }; #============= credmgrd ============== allow credmgrd cache_file:dir search; +#============= credmgr init script ============== +allow credmgrd cache_file:dir add_name; +allow credmgrd cache_file:file { create getattr open read unlink write }; +allow credmgrd credmgrd_data_file:dir { getattr rename search }; +allow credmgrd devpts:chr_file { getattr ioctl open read write }; +allow credmgrd init:unix_stream_socket connectto; +allow credmgrd property_socket:sock_file write; +allow credmgrd shell_exec:file { getattr read }; +allow credmgrd system_data_file:dir { add_name remove_name write }; +allow credmgrd system_file:file execute_no_trans; +allow credmgrd system_prop:property_service set; +allow credmgrd toolbox_exec:file { execute execute_no_trans getattr open read }; +allow credmgrd credmgrd_data_file:dir { relabelto reparent rmdir }; +allow credmgrd system_data_file:dir { create relabelfrom setattr }; diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index de91760..ef24289 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -37,6 +37,7 @@ ########### #credmgrd /system/bin/credmgrd u:object_r:credmgrd_exec:s0 +/system/bin/credmgrfirstboot.sh u:object_r:credmgrd_exec:s0 /dev/socket/credmgr u:object_r:credmgrd_socket:s0 /data/credmgr(/.*)? u:object_r:credmgrd_data_file:s0 /cache/CredentialManagerData u:object_r:credmgrd_data_file:s0 |