From 711a050e1dfc815235dd6fc58765b5c74d0cb69c Mon Sep 17 00:00:00 2001 From: nailyk-fr Date: Fri, 3 Feb 2017 22:14:58 +0100 Subject: shinano-common: sepolicies: Add idd policy context Change-Id: I38050b1701c4bf3ee3929c17a1e8dad849b9e815 --- sepolicy/file.te | 7 +++++++ sepolicy/file_contexts | 16 ++++++++++++++++ sepolicy/idd.te | 13 +++++++++++++ 3 files changed, 36 insertions(+) create mode 100644 sepolicy/idd.te (limited to 'sepolicy') diff --git a/sepolicy/file.te b/sepolicy/file.te index 1fbdf98..3b612b6 100644 --- a/sepolicy/file.te +++ b/sepolicy/file.te @@ -1 +1,8 @@ type sysfs_vibrator, fs_type, sysfs_type; + +# TAD +type secd_socket, file_type; +type secd_data_file, file_type; + +# idd +type iddd_file, file_type, data_file_type; diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index ecc8452..7b54068 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -10,3 +10,19 @@ # Hardware tunables /sys/devices/virtual/timed_output/vibrator/vtg_level -- u:object_r:sysfs_vibrator:s0 + +#iddd +/system/bin/iddd u:object_r:iddd_exec:s0 +/idd(/.*)? u:object_r:iddd_file:s0 + +/system/bin/credmgrd u:object_r:credmgr_exec:s0 + +# Taimport +/data/etc(/.*) u:object_r:ta_data_file:s0 + +#TA +/dev/socket/secd_credmgr_sock u:object_r:secd_socket:s0 +/dev/socket/secd_devsec_sock u:object_r:secd_socket:s0 +/dev/socket/secd_ebl_sock u:object_r:secd_socket:s0 +/data/credmgr u:object_r:secd_data_file:s0 +/data/credmgr(/.*) u:object_r:secd_data_file:s0 diff --git a/sepolicy/idd.te b/sepolicy/idd.te new file mode 100644 index 0000000..e9f6a0d --- /dev/null +++ b/sepolicy/idd.te @@ -0,0 +1,13 @@ +type iddd, domain; + +type iddd_exec, exec_type, file_type; +init_daemon_domain(iddd) + +allow iddd self:socket create_socket_perms; +allow iddd iddd_file:fifo_file rw_file_perms; +allow iddd iddd_file:file rw_file_perms; +allow iddd iddd_file:dir rw_file_perms; + +type_transition iddd system_data_file:file iddd_file; + +type credmgr_exec, exec_type, file_type; -- cgit v1.2.3