summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVishal Mahaveer2016-10-12 13:32:01 -0500
committerPraneeth Bajjuri2017-01-17 18:57:44 -0600
commite8dbef141fe94d12bab2079922f854ba4fe9eafd (patch)
treef14c8b1849bc9f3af0512f26c69d177e29c08313 /sepolicy
parent6917979466f66ba77798a012772774145c8dda0d (diff)
downloaddevice-ti-am57xevm-e8dbef141fe94d12bab2079922f854ba4fe9eafd.tar.gz
device-ti-am57xevm-e8dbef141fe94d12bab2079922f854ba4fe9eafd.tar.xz
device-ti-am57xevm-e8dbef141fe94d12bab2079922f854ba4fe9eafd.zip
jacinto6evm: sepolicy: initial sepolicy rules for lad daemon
Initial rules for lad_dra7xx daemon Change-Id: I4cff5b47bf978dc87c05bc43926b34899981eefb Signed-off-by: Vishal Mahaveer <vishalm@ti.com>
Diffstat (limited to 'sepolicy')
-rw-r--r--sepolicy/device.te2
-rw-r--r--sepolicy/file_contexts8
-rw-r--r--sepolicy/lad_dra7xx.te17
3 files changed, 27 insertions, 0 deletions
diff --git a/sepolicy/device.te b/sepolicy/device.te
index 1489b07..9af3309 100644
--- a/sepolicy/device.te
+++ b/sepolicy/device.te
@@ -1,2 +1,4 @@
1type bluetooth_control, dev_type; 1type bluetooth_control, dev_type;
2type rtc, dev_type; 2type rtc, dev_type;
3type hwspinlock_dev, dev_type;
4type uio_dev, dev_type;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 6ac1f73..68f966c 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -25,6 +25,14 @@
25#cpuset script 25#cpuset script
26/system/bin/init.jacinto6evmboard.cpuset.sh u:object_r:init-cpuset-sh_exec:s0 26/system/bin/init.jacinto6evmboard.cpuset.sh u:object_r:init-cpuset-sh_exec:s0
27 27
28#lad_dra7xx
29/system/bin/lad_dra7xx u:object_r:lad_dra7xx_exec:s0
30/data/lad(/.*)? u:object_r:lad_data_file:s0
31
32#hwspinlock and uio
33/dev/hwspinlock u:object_r:hwspinlock_dev:s0
34/dev/uio0 u:object_r:uio_dev:s0
35
28#Block devices 36#Block devices
29/dev/block/platform/44000000.ocp/480b4000.mmc/by-name/system u:object_r:system_block_device:s0 37/dev/block/platform/44000000.ocp/480b4000.mmc/by-name/system u:object_r:system_block_device:s0
30/dev/block/platform/44000000.ocp/480b4000.mmc/by-name/recovery u:object_r:recovery_block_device:s0 38/dev/block/platform/44000000.ocp/480b4000.mmc/by-name/recovery u:object_r:recovery_block_device:s0
diff --git a/sepolicy/lad_dra7xx.te b/sepolicy/lad_dra7xx.te
new file mode 100644
index 0000000..a5ea3a4
--- /dev/null
+++ b/sepolicy/lad_dra7xx.te
@@ -0,0 +1,17 @@
1type lad_dra7xx, domain;
2type lad_dra7xx_exec, exec_type, file_type;
3type lad_data_file, file_type, data_file_type;
4
5# Started by init
6init_daemon_domain(lad_dra7xx)
7
8# Allow access to /data/lad
9allow lad_dra7xx devpts:chr_file {read write ioctl getattr };
10allow lad_dra7xx lad_data_file:dir { create_dir_perms };
11allow lad_dra7xx lad_data_file:fifo_file { create_file_perms };
12allow lad_dra7xx self:socket { create_socket_perms };
13
14# Allow access to hwspinlock and uio device
15allow lad_dra7xx hwspinlock_dev:chr_file { rw_file_perms };
16allow lad_dra7xx uio_dev:chr_file { rw_file_perms };
17allow lad_dra7xx sysfs:file { r_file_perms };