diff options
Diffstat (limited to 'sepolicy')
| -rw-r--r-- | sepolicy/credmgrd.te | 3 | ||||
| -rw-r--r-- | sepolicy/dontaudit.te | 2 | ||||
| -rw-r--r-- | sepolicy/file_contexts | 1 |
3 files changed, 5 insertions, 1 deletions
diff --git a/sepolicy/credmgrd.te b/sepolicy/credmgrd.te index 2b61930..38edd9f 100644 --- a/sepolicy/credmgrd.te +++ b/sepolicy/credmgrd.te @@ -18,4 +18,7 @@ allow credmgrd system_data_root_file:dir { create_dir_perms relabelfrom }; allow credmgrd credmgrd_data_file:dir { create_dir_perms relabelto }; allow credmgrd credmgrd_data_file:file create_file_perms; +# Allow suntrold.sh to start suntrold +allow credmgrd credmgrd_exec:file rx_file_perms; + set_prop(credmgrd, credmgrd_prop) diff --git a/sepolicy/dontaudit.te b/sepolicy/dontaudit.te index 2ddef4b..faf73b3 100644 --- a/sepolicy/dontaudit.te +++ b/sepolicy/dontaudit.te @@ -1 +1 @@ -dontaudit domain credmgrd_exec:file *; +dontaudit { domain -credmgrd } credmgrd_exec:file *; diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index d95a492..d953062 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -18,6 +18,7 @@ /(vendor|system/vendor)/bin/credmgrd u:object_r:credmgrd_exec:s0 /(vendor|system/vendor)/bin/credmgrfirstboot\.sh u:object_r:credmgrd_exec:s0 /(vendor|system/vendor)/bin/suntrold u:object_r:credmgrd_exec:s0 +/(vendor|system/vendor)/bin/suntrold.sh u:object_r:credmgrd_exec:s0 # Lineage hardware /(vendor|system/vendor)/bin/hw/vendor\.lineage\.touch@1\.0-service\.shinano u:object_r:hal_lineage_touch_default_exec:s0 |