From ad0bc3c46f222f9f3a76f94136fb73e165368d83 Mon Sep 17 00:00:00 2001
From: Alexander Diewald <Diewi@diewald-net.com>
Date: Sun, 8 Oct 2017 19:35:45 +0200
Subject: SEPolicy: Add ioctl whitelist for UIM.

Adds a list of ioctls, which are emitted by the UIM service. This
service setups the broadcom BT/FM driver.

Change-Id: Ib37674796a5e2d677a4bb3f596110f906f290b74
Signed-off-by: Alexander Diewald <Diewi@diewald-net.com>
---
 sepolicy/ioctl_defines | 5 +++++
 sepolicy/ioctl_macros  | 7 +++++++
 sepolicy/uim.te        | 2 ++
 3 files changed, 14 insertions(+)
 create mode 100644 sepolicy/ioctl_defines
 create mode 100644 sepolicy/ioctl_macros

(limited to 'sepolicy')

diff --git a/sepolicy/ioctl_defines b/sepolicy/ioctl_defines
new file mode 100644
index 0000000..a031d75
--- /dev/null
+++ b/sepolicy/ioctl_defines
@@ -0,0 +1,5 @@
+define(`TCGETS', `0x00005401')
+define(`TCSETS', `0x00005402')
+define(`TCFLSH', `0x0000540b')
+define(`TIOCSETD', `0x00005423')
+define(`IOCTLUNKNOWN', `0x000055c8')
diff --git a/sepolicy/ioctl_macros b/sepolicy/ioctl_macros
new file mode 100644
index 0000000..99df172
--- /dev/null
+++ b/sepolicy/ioctl_macros
@@ -0,0 +1,7 @@
+define(`uim_sock_ipc_ioctls', `{
+TCGETS
+TCSETS
+TCFLSH
+TIOCSETD
+IOCTLUNKNOWN
+}')
diff --git a/sepolicy/uim.te b/sepolicy/uim.te
index c452704..11b7fbf 100644
--- a/sepolicy/uim.te
+++ b/sepolicy/uim.te
@@ -12,3 +12,5 @@ allow uim ta_data_file:dir search;
 allow uim bluetooth_prop:sock_file write;
 allow uim ta_data_file:file r_file_perms;
 allow uim hci_attach_dev:chr_file ioctl; 
+
+allowxperm uim hci_attach_dev:chr_file ioctl uim_sock_ipc_ioctls;
-- 
cgit v1.2.3