aboutsummaryrefslogtreecommitdiff
path: root/sepolicy
diff options
context:
space:
mode:
Diffstat (limited to 'sepolicy')
-rw-r--r--sepolicy/credmgrd.te14
-rw-r--r--sepolicy/file_contexts1
2 files changed, 15 insertions, 0 deletions
diff --git a/sepolicy/credmgrd.te b/sepolicy/credmgrd.te
index d696393..9a26a89 100644
--- a/sepolicy/credmgrd.te
+++ b/sepolicy/credmgrd.te
@@ -63,4 +63,18 @@ allow credmgrd ion_device:chr_file { ioctl open read };
#============= credmgrd ==============
allow credmgrd cache_file:dir search;
+#============= credmgr init script ==============
+allow credmgrd cache_file:dir add_name;
+allow credmgrd cache_file:file { create getattr open read unlink write };
+allow credmgrd credmgrd_data_file:dir { getattr rename search };
+allow credmgrd devpts:chr_file { getattr ioctl open read write };
+allow credmgrd init:unix_stream_socket connectto;
+allow credmgrd property_socket:sock_file write;
+allow credmgrd shell_exec:file { getattr read };
+allow credmgrd system_data_file:dir { add_name remove_name write };
+allow credmgrd system_file:file execute_no_trans;
+allow credmgrd system_prop:property_service set;
+allow credmgrd toolbox_exec:file { execute execute_no_trans getattr open read };
+allow credmgrd credmgrd_data_file:dir { relabelto reparent rmdir };
+allow credmgrd system_data_file:dir { create relabelfrom setattr };
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index de91760..ef24289 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -37,6 +37,7 @@
###########
#credmgrd
/system/bin/credmgrd u:object_r:credmgrd_exec:s0
+/system/bin/credmgrfirstboot.sh u:object_r:credmgrd_exec:s0
/dev/socket/credmgr u:object_r:credmgrd_socket:s0
/data/credmgr(/.*)? u:object_r:credmgrd_data_file:s0
/cache/CredentialManagerData u:object_r:credmgrd_data_file:s0
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-26 12:10:22 +0000