psmattas/device_motorola_sanders-lineage
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sanders: Fix moar denials

Browse Source
This commit is contained in:
jhenrique09
2018-01-23 12:42:46 -02:00
committed by therootlord
parent 2081af0064
commit 46660b7702
8 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
sepolicy/cnd.te
View File

@@ -1 +1,2 @@
allow cnd system_wpa_socket:sock_file { unlink }; allow cnd system_wpa_socket:sock_file { unlink };
allow cnd diag_device:chr_file { read write };

4
sepolicy/ims.te Normal file
View File

@@ -0,0 +1,4 @@
allow ims debug_prop:property_service set;
get_prop(ims, debug_prop);
allow ims self:capability net_raw;
allow ims diag_device:chr_file { read write };

2
sepolicy/init.te
View File

@@ -33,7 +33,7 @@ allow init netd:unix_stream_socket connectto;
allow init self:netlink_socket { read write getattr connect }; allow init self:netlink_socket { read write getattr connect };
allow init debugfs:file write; allow init debugfs:file write;
allow init persist_file:filesystem { getattr mount relabelfrom relabelto }; allow init persist_file:filesystem { getattr mount relabelfrom relabelto unmount };
allow init self:capability sys_nice; allow init self:capability sys_nice;

2
sepolicy/kernel.te
View File

@@ -1 +1,3 @@
allow kernel hw_block_device:blk_file rw_file_perms; allow kernel hw_block_device:blk_file rw_file_perms;
allow kernel vfat:file open;
allow kernel self:socket create;

1
sepolicy/mm-qcamerad.te
View File

@@ -3,6 +3,7 @@ binder_use(mm-qcamerad);
binder_call(mm-qcamerad, binderservicedomain); binder_call(mm-qcamerad, binderservicedomain);
binder_call(mm-qcamerad, appdomain); binder_call(mm-qcamerad, appdomain);
binder_call(mm-qcamerad, hal_sensors_default); binder_call(mm-qcamerad, hal_sensors_default);
set_prop(mm-qcamerad, camera_prop);
allow servicemanager mm-qcamerad:dir { search }; allow servicemanager mm-qcamerad:dir { search };
allow servicemanager mm-qcamerad:file { read open }; allow servicemanager mm-qcamerad:file { read open };

1
sepolicy/qti.te
View File

@@ -1 +1,2 @@
get_prop(qti, diag_prop) get_prop(qti, diag_prop)
allow qti diag_device:chr_file { read write };

1
sepolicy/rfs_access.te
View File

@@ -1,3 +1,4 @@
allow rfs_access self:capability net_raw; allow rfs_access self:capability net_raw;
allow rfs_access persist_file:file { getattr open read rename setattr unlink write }; allow rfs_access persist_file:file { getattr open read rename setattr unlink write };
allow rfs_access vendor_tombstone_data_file:dir search;

1
sepolicy/surfaceflinger.te
View File

@@ -2,6 +2,7 @@ get_prop(surfaceflinger, diag_prop);
allow surfaceflinger perfd_data_file:sock_file write; allow surfaceflinger perfd_data_file:sock_file write;
allow surfaceflinger perfd_data_file:dir search; allow surfaceflinger perfd_data_file:dir search;
allow surfaceflinger perfd:unix_stream_socket connectto; allow surfaceflinger perfd:unix_stream_socket connectto;
allow surfaceflinger diag_device:chr_file { read write };
binder_call(surfaceflinger, hwservicemanager) binder_call(surfaceflinger, hwservicemanager)