psmattas/device_motorola_sanders
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sanders: update sepolicy

Browse Source 
* fix build with treble
This commit is contained in:
Vachounet
2018-06-05 10:25:12 +02:00
committed by therootlord
parent 82db051a4e
commit 10188cc108
20 changed files with 75 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
sepolicy/vendor/charge_only.te vendored
View File

@@ -1,17 +1,46 @@
type charge_only, domain;
type charge_only_exec, exec_type, file_type;
type charge_only_exec, exec_type, file_type, vendor_file_type;
init_daemon_domain(charge_only)
allow charge_only chargeonly_data_file:dir rw_dir_perms;
allow charge_only chargeonly_data_file:file rw_file_perms;
allow charge_only graphics_device:chr_file rw_file_perms;
allow charge_only graphics_device:dir search;
allow charge_only input_device:chr_file r_file_perms;
allow charge_only input_device:dir search;
# Write to /dev/kmsg
allow charge_only kmsg_device:chr_file rw_file_perms;
# Read access to pseudo filesystems.
r_dir_file(charge_only, sysfs_type)
r_dir_file(charge_only, rootfs)
r_dir_file(charge_only, cgroup)
allow charge_only self:capability { dac_override net_admin sys_tty_config sys_boot };
allow charge_only self:netlink_kobject_uevent_socket { bind read setopt create };
allow charge_only self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
wakelock_use(charge_only)
# Write to /sys/power/state
# TODO: Split into a separate type?
allow charge_only sysfs:dir { read open };
allow charge_only sysfs:file { read open write };
allow charge_only sysfs_wake_lock:file rw_file_perms;
allow charge_only system_data_file:dir { write add_name };
allow charge_only sysfs_batteryinfo:file r_file_perms;
# Read /sys/fs/pstore/console-ramoops
# Don't worry about overly broad permissions for now, as there's
# only one file in /sys/fs/pstore
allow charge_only pstorefs:dir r_dir_perms;
allow charge_only pstorefs:file r_file_perms;
allow charge_only graphics_device:dir r_dir_perms;
allow charge_only graphics_device:chr_file rw_file_perms;
allow charge_only input_device:dir r_dir_perms;
allow charge_only input_device:chr_file r_file_perms;
allow charge_only tty_device:chr_file rw_file_perms;
allow charge_only proc_sysrq:file rw_file_perms;
# charger needs to tell init to continue the boot
# process when running in charger mode.
set_prop(charge_only, system_prop)