summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPraneeth Bajjuri2017-04-19 18:04:10 -0500
committerPraneeth Bajjuri2017-04-19 18:04:10 -0500
commite1a1c8a7e6d17b5e69e0ab62fb795eb045ae3fea (patch)
treefa16e2d4fab3e2997ac58a9d8f84ed0168e57622
parent8b2ce8c00c636f95c37a96eb0ee989e181bf7613 (diff)
downloaddevice-ti-am57xevm-d-nougat-mr2-release.tar.gz
device-ti-am57xevm-d-nougat-mr2-release.tar.xz
device-ti-am57xevm-d-nougat-mr2-release.zip
am57xevm: sepolicy: temp: remove unapplicable selinux changesd-nougat-mr2-release
temp fix: need to be investigate and apply correct policy changes later. Signed-off-by: Praneeth Bajjuri <praneeth@ti.com>
-rw-r--r--sepolicy/device.te2
-rw-r--r--sepolicy/file_contexts10
-rw-r--r--sepolicy/init.te1
-rw-r--r--sepolicy/lad_dra7xx.te4
-rw-r--r--sepolicy/mediaserver.te8
-rw-r--r--sepolicy/netd.te4
6 files changed, 1 insertions, 28 deletions
diff --git a/sepolicy/device.te b/sepolicy/device.te
index db470f0..9af3309 100644
--- a/sepolicy/device.te
+++ b/sepolicy/device.te
@@ -2,5 +2,3 @@ type bluetooth_control, dev_type;
2type rtc, dev_type; 2type rtc, dev_type;
3type hwspinlock_dev, dev_type; 3type hwspinlock_dev, dev_type;
4type uio_dev, dev_type; 4type uio_dev, dev_type;
5type cmem_dev, dev_type;
6type i2c_dev, dev_type;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 8dc4639..5326cef 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -25,20 +25,10 @@
25#cpuset script 25#cpuset script
26/system/bin/init.am57xevmboard.cpuset.sh u:object_r:init-cpuset-sh_exec:s0 26/system/bin/init.am57xevmboard.cpuset.sh u:object_r:init-cpuset-sh_exec:s0
27 27
28#lad_dra7xx
29/system/bin/lad_dra7xx u:object_r:lad_dra7xx_exec:s0
30/data/lad(/.*)? u:object_r:lad_data_file:s0
31
32#hwspinlock and uio 28#hwspinlock and uio
33/dev/hwspinlock u:object_r:hwspinlock_dev:s0 29/dev/hwspinlock u:object_r:hwspinlock_dev:s0
34/dev/uio0 u:object_r:uio_dev:s0 30/dev/uio0 u:object_r:uio_dev:s0
35 31
36#I2C
37/dev/i2c-[0-9]+ u:object_r:i2c_dev:s0
38
39#CMEM
40/dev/cmem u:object_r:cmem_dev:s0
41
42#Block devices 32#Block devices
43/dev/block/platform/44000000.ocp/480b4000.mmc/by-name/system u:object_r:system_block_device:s0 33/dev/block/platform/44000000.ocp/480b4000.mmc/by-name/system u:object_r:system_block_device:s0
44/dev/block/platform/44000000.ocp/480b4000.mmc/by-name/recovery u:object_r:recovery_block_device:s0 34/dev/block/platform/44000000.ocp/480b4000.mmc/by-name/recovery u:object_r:recovery_block_device:s0
diff --git a/sepolicy/init.te b/sepolicy/init.te
index abe3314..2005668 100644
--- a/sepolicy/init.te
+++ b/sepolicy/init.te
@@ -5,3 +5,4 @@ allow init tmpfs:lnk_file create_file_perms;
5 5
6# Allow module insertion 6# Allow module insertion
7allow init system_file:system module_load; 7allow init system_file:system module_load;
8
diff --git a/sepolicy/lad_dra7xx.te b/sepolicy/lad_dra7xx.te
index ff95009..a5ea3a4 100644
--- a/sepolicy/lad_dra7xx.te
+++ b/sepolicy/lad_dra7xx.te
@@ -15,7 +15,3 @@ allow lad_dra7xx self:socket { create_socket_perms };
15allow lad_dra7xx hwspinlock_dev:chr_file { rw_file_perms }; 15allow lad_dra7xx hwspinlock_dev:chr_file { rw_file_perms };
16allow lad_dra7xx uio_dev:chr_file { rw_file_perms }; 16allow lad_dra7xx uio_dev:chr_file { rw_file_perms };
17allow lad_dra7xx sysfs:file { r_file_perms }; 17allow lad_dra7xx sysfs:file { r_file_perms };
18
19# Allow signull operation from known client processes
20allow lad_dra7xx mediaserver:process signull;
21allow lad_dra7xx vis:process signull;
diff --git a/sepolicy/mediaserver.te b/sepolicy/mediaserver.te
index 9e69353..2e9e366 100644
--- a/sepolicy/mediaserver.te
+++ b/sepolicy/mediaserver.te
@@ -2,11 +2,3 @@ allow mediaserver system_server:unix_stream_socket { read write };
2 2
3#Camera 3#Camera
4allow mediaserver device:dir { read open }; 4allow mediaserver device:dir { read open };
5
6#APPE
7allow mediaserver lad_data_file:fifo_file { create_file_perms };
8allow mediaserver hwspinlock_dev:chr_file { rw_file_perms };
9allow mediaserver cmem_dev:chr_file { rw_file_perms };
10allow mediaserver self:socket { create_socket_perms };
11allow mediaserver self:tcp_socket { create_stream_socket_perms };
12allow mediaserver ctl_default_prop:property_service set;
diff --git a/sepolicy/netd.te b/sepolicy/netd.te
index 143cc61..6c8303c 100644
--- a/sepolicy/netd.te
+++ b/sepolicy/netd.te
@@ -2,7 +2,3 @@
2# Ignore them 2# Ignore them
3dontaudit netd self:capability sys_module; 3dontaudit netd self:capability sys_module;
4dontaudit netd kernel:system module_request; 4dontaudit netd kernel:system module_request;
5
6# VIS
7allow netd vis:fd use;
8allow netd vis:tcp_socket { rw_socket_perms };