sanders: address some denials

Change-Id: I90239f922aea3b7684b492ea34f137ef31577221
2018-04-02 10:41:10 +02:00
parent da902d3674
commit 3f951ce093
3 changed files with 15 additions and 0 deletions
--- a/sepolicy/netd.te
+++ b/sepolicy/netd.te
@@ -0,0 +1,2 @@
+allow netd untrusted_app_25:unix_stream_socket { read write };
+
--- a/sepolicy/untrusted_app.te
+++ b/sepolicy/untrusted_app.te
@@ -2,3 +2,12 @@ get_prop(untrusted_app, camera_prop);
 get_prop(untrusted_app_25, camera_prop);
 allow untrusted_app sysfs_zram:dir { search read };
 allow untrusted_app sysfs_zram:file { open read getattr };
+
+get_prop(untrusted_app, net_dns_prop);
+
+allow untrusted_app firmware_file:dir read;
+allow untrusted_app fsg_file:dir read;
+allow untrusted_app net_dns_prop:file read;
+allow untrusted_app persist_file:dir getattr;
+allow untrusted_app persist_file:filesystem getattr;
+allow untrusted_app rootfs:dir read;
--- a/sepolicy/untrusted_app_25.te
+++ b/sepolicy/untrusted_app_25.te
@@ -4,3 +4,7 @@

 allow untrusted_app_25 init:unix_stream_socket { read write };

+allow untrusted_app_25 proc_stat:file read;
+allow untrusted_app_25 qemu_hw_mainkeys_prop:file read;
+allow untrusted_app_25 self:udp_socket ioctl;
+allow untrusted_app_25 vold_exec:file read;
				`@@ -0,0 +1,2 @@`
				`allow netd untrusted_app_25:unix_stream_socket { read write };`