From baa9d4a4ead2173cf940eeb1d16e2ed783c36670 Mon Sep 17 00:00:00 2001 From: Vachounet Date: Sun, 21 Jan 2018 09:17:08 +0100 Subject: [PATCH] sanders: address some new denials --- sepolicy/hal_power_default.te | 3 ++- sepolicy/qti_init_shell.te | 2 ++ sepolicy/rild.te | 7 ++++--- sepolicy/system_server.te | 2 ++ 4 files changed, 10 insertions(+), 4 deletions(-) diff --git a/sepolicy/hal_power_default.te b/sepolicy/hal_power_default.te index 57c3941..536507c 100644 --- a/sepolicy/hal_power_default.te +++ b/sepolicy/hal_power_default.te @@ -1 +1,2 @@ -allow hal_power_default sysfs:file write; +allow hal_power_default sysfs:file rw_file_perms; + diff --git a/sepolicy/qti_init_shell.te b/sepolicy/qti_init_shell.te index de98e7e..330d499 100644 --- a/sepolicy/qti_init_shell.te +++ b/sepolicy/qti_init_shell.te @@ -4,3 +4,5 @@ allow qti_init_shell hci_attach_dev:chr_file { read write open ioctl }; allow qti_init_shell kmsg_device:chr_file write; allow qti_init_shell sysfs_wcnsscore:file write; + +allow qti_init_shell kmsg_device:chr_file open; diff --git a/sepolicy/rild.te b/sepolicy/rild.te index 9aa1e43..898c594 100644 --- a/sepolicy/rild.te +++ b/sepolicy/rild.te @@ -9,8 +9,9 @@ allow rild radio_data_file:dir rw_dir_perms; allow rild radio_data_file:file create_file_perms; allow rild fsg_file:file { getattr open read }; -allow rild cutback_data_file:dir { add_name remove_name write }; -allow rild cutback_data_file:sock_file { create unlink write }; +allow rild cutback_data_file:dir rw_dir_perms; +allow rild cutback_data_file:sock_file create_file_perms; allow rild rild_exec:file execute_no_trans; -allow rild cutback_data_file:dir search; + +allow rild fwk_sensor_hwservice:hwservice_manager find; diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te index 10ebbc7..67f01a9 100644 --- a/sepolicy/system_server.te +++ b/sepolicy/system_server.te @@ -11,4 +11,6 @@ allow system_server init:unix_stream_socket { read }; allow system_server qti_debugfs:file { getattr open read }; allow system_server init:unix_stream_socket write; +allow system_server sensors_device:chr_file { ioctl open read }; + get_prop(system_server, alarm_boot_prop)