summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPraneeth Bajjuri2016-04-27 00:14:05 -0500
committerPraneeth Bajjuri2016-04-27 00:14:05 -0500
commitea94a53a31427ada1f8b6219b4cb0fc6398e5f52 (patch)
treef3141ed65262469d48dbcee65e79b3fb8178ffcb /sepolicy
parente47dcceeac4e601f3203c61f5230c91fdb69e72d (diff)
downloaddevice-ti-am57xevm-ea94a53a31427ada1f8b6219b4cb0fc6398e5f52.tar.gz
device-ti-am57xevm-ea94a53a31427ada1f8b6219b4cb0fc6398e5f52.tar.xz
device-ti-am57xevm-ea94a53a31427ada1f8b6219b4cb0fc6398e5f52.zip
AM57xevm: Initial Device project baseline
Initial commit based on jacinto6evm board Signed-off-by: Praneeth Bajjuri <praneeth@ti.com>
Diffstat (limited to 'sepolicy')
-rw-r--r--sepolicy/bluetooth.te1
-rw-r--r--sepolicy/device.te2
-rw-r--r--sepolicy/file_contexts29
-rw-r--r--sepolicy/init.te4
-rw-r--r--sepolicy/kernel.te5
-rw-r--r--sepolicy/mediaserver.te4
-rw-r--r--sepolicy/netd.te4
-rw-r--r--sepolicy/pvr.te11
-rw-r--r--sepolicy/system_server.te2
-rw-r--r--sepolicy/ueventd.te3
10 files changed, 65 insertions, 0 deletions
diff --git a/sepolicy/bluetooth.te b/sepolicy/bluetooth.te
new file mode 100644
index 0000000..97f1465
--- /dev/null
+++ b/sepolicy/bluetooth.te
@@ -0,0 +1 @@
allow bluetooth bluetooth_control:chr_file { rw_file_perms };
diff --git a/sepolicy/device.te b/sepolicy/device.te
new file mode 100644
index 0000000..1489b07
--- /dev/null
+++ b/sepolicy/device.te
@@ -0,0 +1,2 @@
1type bluetooth_control, dev_type;
2type rtc, dev_type;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
new file mode 100644
index 0000000..bcab2d3
--- /dev/null
+++ b/sepolicy/file_contexts
@@ -0,0 +1,29 @@
1#Bluettoth tty device
2/dev/hci_tty u:object_r:bluetooth_control:s0
3/dev/ttyS2 u:object_r:hci_attach_dev:s0
4/system/bin/uim-sysfs u:object_r:hci_attach_exec:s0
5
6#Console
7/dev/ttyS0 u:object_r:console_device:s0
8
9#Graphics
10/dev/dri/card0 u:object_r:gpu_device:s0
11/dev/dri/controlD64 u:object_r:gpu_device:s0
12/dev/dri/renderD128 u:object_r:gpu_device:s0
13/dev/pvr_sync u:object_r:gpu_device:s0
14/dev/sw_sync u:object_r:gpu_device:s0
15
16/system/vendor/bin/pvrsrvctl u:object_r:pvr_exec:s0
17/system/vendor/bin/pvrsrvinit u:object_r:pvr_exec:s0
18
19#rpmsg
20/dev/rpmsg-dce u:object_r:rpmsg_device:s0
21
22#Real Time Clock
23/dev/rtc0 u:object_r:rtc:s0
24
25#Block devices
26/dev/block/mmcblk0p9 u:object_r:system_block_device:s0
27/dev/block/mmcblk0p7 u:object_r:recovery_block_device:s0
28/dev/block/mmcblk0p10 u:object_r:cache_block_device:s0
29/dev/block/mmcblk0p13 u:object_r:userdata_block_device:s0
diff --git a/sepolicy/init.te b/sepolicy/init.te
new file mode 100644
index 0000000..1c88dbc
--- /dev/null
+++ b/sepolicy/init.te
@@ -0,0 +1,4 @@
1#For loading modules via init.rc (wifi,cmem)
2allow init self:capability sys_module;
3#Create symlinks for storage
4allow init tmpfs:lnk_file create_file_perms;
diff --git a/sepolicy/kernel.te b/sepolicy/kernel.te
new file mode 100644
index 0000000..eb2fb51
--- /dev/null
+++ b/sepolicy/kernel.te
@@ -0,0 +1,5 @@
1# This is for suppressing logs generated due to kdevtmpfs being
2# enabled in kernel for non Android reasons. For Android these
3# denials do not matter as it does not rely on kdevtmpfs.
4# So putting it in dontaudit list
5dontaudit kernel self:capability mknod;
diff --git a/sepolicy/mediaserver.te b/sepolicy/mediaserver.te
new file mode 100644
index 0000000..2e9e366
--- /dev/null
+++ b/sepolicy/mediaserver.te
@@ -0,0 +1,4 @@
1allow mediaserver system_server:unix_stream_socket { read write };
2
3#Camera
4allow mediaserver device:dir { read open };
diff --git a/sepolicy/netd.te b/sepolicy/netd.te
new file mode 100644
index 0000000..6c8303c
--- /dev/null
+++ b/sepolicy/netd.te
@@ -0,0 +1,4 @@
1# These denials are seen with WLAN, but are not harmful.
2# Ignore them
3dontaudit netd self:capability sys_module;
4dontaudit netd kernel:system module_request;
diff --git a/sepolicy/pvr.te b/sepolicy/pvr.te
new file mode 100644
index 0000000..fe4bf37
--- /dev/null
+++ b/sepolicy/pvr.te
@@ -0,0 +1,11 @@
1type pvr, domain;
2type pvr_exec, exec_type, file_type;
3
4# Started by init
5init_daemon_domain(pvr)
6
7# allow access to /dev/dri/
8allow pvr gpu_device:chr_file rw_file_perms;
9
10# allow graphics driver initialization
11allow pvr self:capability sys_module;
diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
new file mode 100644
index 0000000..f1b4200
--- /dev/null
+++ b/sepolicy/system_server.te
@@ -0,0 +1,2 @@
1allow system_server rtc:chr_file rw_file_perms;
2allow system_server rpmsg_device:chr_file rw_file_perms;
diff --git a/sepolicy/ueventd.te b/sepolicy/ueventd.te
new file mode 100644
index 0000000..d31dc0e
--- /dev/null
+++ b/sepolicy/ueventd.te
@@ -0,0 +1,3 @@
1#Rules for crda operations
2allow ueventd self:netlink_socket { create_socket_perms };
3allow ueventd system_file:file { execute_no_trans };