summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMykhailo Sopiha2018-10-26 19:12:52 -0500
committerPraneeth Bajjuri2018-10-30 22:12:04 -0500
commit88a08af230b5808a1934f075d3a8e98862fc1d6e (patch)
tree3227b2dc6c7b4267a30d44a8f8a1d6a4d32b7c64
parent46c39721d1dbc1d8ec4890acaccdf2d3aef752b8 (diff)
downloaddevice-ti-am65xevm-88a08af230b5808a1934f075d3a8e98862fc1d6e.tar.gz
device-ti-am65xevm-88a08af230b5808a1934f075d3a8e98862fc1d6e.tar.xz
device-ti-am65xevm-88a08af230b5808a1934f075d3a8e98862fc1d6e.zip
am65xevm: Pulling sepolicies from am57xevm
This patch includes minimal sepolicies for enabling boot up in enforcing mode for trebleized device. Signed-off-by: Mykhailo Sopiha <mykhailo.sopiha@linaro.org> Acked-by: Ruslan Trofymenko <ruslan.trofymenko@linaro.org>
-rw-r--r--sepolicy/file_contexts24
-rw-r--r--sepolicy/hal_camera_default.te3
-rw-r--r--sepolicy/hal_cas_default.te1
-rw-r--r--sepolicy/hal_drm_default.te1
-rw-r--r--sepolicy/hal_graphics_composer_default.te2
-rw-r--r--sepolicy/hal_memtrack_default.te1
-rw-r--r--sepolicy/init.te2
-rw-r--r--sepolicy/installd.te1
8 files changed, 35 insertions, 0 deletions
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 7090099..699c477 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -10,3 +10,27 @@
10 10
11# Sysfs 11# Sysfs
12/sys/devices/soc0(/.*)? u:object_r:sysfs_socinfo:s0 12/sys/devices/soc0(/.*)? u:object_r:sysfs_socinfo:s0
13
14/vendor/lib64/libIMGegl.so u:object_r:same_process_hal_file:s0
15/vendor/lib64/libsrv_um.so u:object_r:same_process_hal_file:s0
16/vendor/lib64/libusc.so u:object_r:same_process_hal_file:s0
17/vendor/lib64/libpvrANDROID_WSEGL.so u:object_r:same_process_hal_file:s0
18/vendor/lib64/hw/gralloc.am65x.so u:object_r:same_process_hal_file:s0
19/vendor/lib64/libpvr2d.so u:object_r:same_process_hal_file:s0
20/vendor/lib64/libdbm.so u:object_r:same_process_hal_file:s0
21/vendor/lib64/libgbm.so u:object_r:same_process_hal_file:s0
22/vendor/lib64/gbm_pvr.so u:object_r:same_process_hal_file:s0
23/vendor/lib64/libdrm.so u:object_r:same_process_hal_file:s0
24/vendor/lib64/libglslcompiler.so u:object_r:same_process_hal_file:s0
25
26/vendor/lib/libIMGegl.so u:object_r:same_process_hal_file:s0
27/vendor/lib/libsrv_um.so u:object_r:same_process_hal_file:s0
28/vendor/lib/libusc.so u:object_r:same_process_hal_file:s0
29/vendor/lib/libpvrANDROID_WSEGL.so u:object_r:same_process_hal_file:s0
30/vendor/lib/hw/gralloc.am65x.so u:object_r:same_process_hal_file:s0
31/vendor/lib/libpvr2d.so u:object_r:same_process_hal_file:s0
32/vendor/lib/libdbm.so u:object_r:same_process_hal_file:s0
33/vendor/lib/libgbm.so u:object_r:same_process_hal_file:s0
34/vendor/lib/gbm_pvr.so u:object_r:same_process_hal_file:s0
35/vendor/lib/libdrm.so u:object_r:same_process_hal_file:s0
36/vendor/lib/libglslcompiler.so u:object_r:same_process_hal_file:s0
diff --git a/sepolicy/hal_camera_default.te b/sepolicy/hal_camera_default.te
new file mode 100644
index 0000000..300b156
--- /dev/null
+++ b/sepolicy/hal_camera_default.te
@@ -0,0 +1,3 @@
1vndbinder_use(hal_camera_default);
2allow hal_camera_default device:dir { read open };
3allow hal_camera_default gpu_device:chr_file rw_file_perms;
diff --git a/sepolicy/hal_cas_default.te b/sepolicy/hal_cas_default.te
new file mode 100644
index 0000000..3ed3bee
--- /dev/null
+++ b/sepolicy/hal_cas_default.te
@@ -0,0 +1 @@
vndbinder_use(hal_cas_default);
diff --git a/sepolicy/hal_drm_default.te b/sepolicy/hal_drm_default.te
new file mode 100644
index 0000000..0acbc0d
--- /dev/null
+++ b/sepolicy/hal_drm_default.te
@@ -0,0 +1 @@
vndbinder_use(hal_drm_default)
diff --git a/sepolicy/hal_graphics_composer_default.te b/sepolicy/hal_graphics_composer_default.te
new file mode 100644
index 0000000..457f945
--- /dev/null
+++ b/sepolicy/hal_graphics_composer_default.te
@@ -0,0 +1,2 @@
1vndbinder_use(hal_graphics_composer_default);
2allow hal_graphics_composer_default self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
diff --git a/sepolicy/hal_memtrack_default.te b/sepolicy/hal_memtrack_default.te
new file mode 100644
index 0000000..142af21
--- /dev/null
+++ b/sepolicy/hal_memtrack_default.te
@@ -0,0 +1 @@
allow hal_memtrack_default gpu_device:chr_file { ioctl map open read write };
diff --git a/sepolicy/init.te b/sepolicy/init.te
index 983596e..8a1581e 100644
--- a/sepolicy/init.te
+++ b/sepolicy/init.te
@@ -24,3 +24,5 @@ allow init proc:file create;
24# Access to /sys 24# Access to /sys
25allow init sysfs:file create; 25allow init sysfs:file create;
26allow init sysfs:dir add_name; 26allow init sysfs:dir add_name;
27
28dontaudit init self:capability dac_read_search;
diff --git a/sepolicy/installd.te b/sepolicy/installd.te
new file mode 100644
index 0000000..e0495b8
--- /dev/null
+++ b/sepolicy/installd.te
@@ -0,0 +1 @@
dontaudit installd self:capability dac_read_search;