summaryrefslogtreecommitdiff
path: root/sepolicy
diff options
context:
space:
mode:
Diffstat (limited to 'sepolicy')
-rw-r--r--sepolicy/credmgrd.te3
-rw-r--r--sepolicy/dontaudit.te2
-rw-r--r--sepolicy/file_contexts1
3 files changed, 5 insertions, 1 deletions
diff --git a/sepolicy/credmgrd.te b/sepolicy/credmgrd.te
index 2b61930..38edd9f 100644
--- a/sepolicy/credmgrd.te
+++ b/sepolicy/credmgrd.te
@@ -18,4 +18,7 @@ allow credmgrd system_data_root_file:dir { create_dir_perms relabelfrom };
allow credmgrd credmgrd_data_file:dir { create_dir_perms relabelto };
allow credmgrd credmgrd_data_file:file create_file_perms;
+# Allow suntrold.sh to start suntrold
+allow credmgrd credmgrd_exec:file rx_file_perms;
+
set_prop(credmgrd, credmgrd_prop)
diff --git a/sepolicy/dontaudit.te b/sepolicy/dontaudit.te
index 2ddef4b..faf73b3 100644
--- a/sepolicy/dontaudit.te
+++ b/sepolicy/dontaudit.te
@@ -1 +1 @@
-dontaudit domain credmgrd_exec:file *;
+dontaudit { domain -credmgrd } credmgrd_exec:file *;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index d95a492..d953062 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -18,6 +18,7 @@
/(vendor|system/vendor)/bin/credmgrd u:object_r:credmgrd_exec:s0
/(vendor|system/vendor)/bin/credmgrfirstboot\.sh u:object_r:credmgrd_exec:s0
/(vendor|system/vendor)/bin/suntrold u:object_r:credmgrd_exec:s0
+/(vendor|system/vendor)/bin/suntrold.sh u:object_r:credmgrd_exec:s0
# Lineage hardware
/(vendor|system/vendor)/bin/hw/vendor\.lineage\.touch@1\.0-service\.shinano u:object_r:hal_lineage_touch_default_exec:s0
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-21 20:13:29 +0000