summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVishal Mahaveer2017-08-24 11:33:19 -0500
committerVishal Mahaveer2017-08-24 11:35:02 -0500
commitf810a40129c73f1a8499cbca967cfa1a77a219c3 (patch)
tree05e37314d222b58ebd1d704d0efd3e85bd377f28
parent052966042a996b26c9fbdc7e9445e5533994719e (diff)
downloaddevice-ti-jacinto6evm-f810a40129c73f1a8499cbca967cfa1a77a219c3.tar.gz
device-ti-jacinto6evm-f810a40129c73f1a8499cbca967cfa1a77a219c3.tar.xz
device-ti-jacinto6evm-f810a40129c73f1a8499cbca967cfa1a77a219c3.zip
selinux: grant rx perms to toolbox_exec where needed
[ based on commit 630adcb0779926a0900b054ef4e2658d7a693c82 from device/lge/bullhead ] AOSP commit a3c97a7660ba ("Only allow toolbox exec where /system exec was already allowed.") removed domain's rx perms to toolbox_exec. This breaks a number of domains on bullhead. Restore rx perms for toolbox_exec where needed. Change-Id: I68dcef5f15535414f7b9588aae1b63b38dd77d8d Signed-off-by: Vishal Mahaveer <vishalm@ti.com>
-rw-r--r--sepolicy/init-cpuset-sh.te1
1 files changed, 1 insertions, 0 deletions
diff --git a/sepolicy/init-cpuset-sh.te b/sepolicy/init-cpuset-sh.te
index 2216660..a2ad622 100644
--- a/sepolicy/init-cpuset-sh.te
+++ b/sepolicy/init-cpuset-sh.te
@@ -5,3 +5,4 @@ init_daemon_domain(init-cpuset-sh)
5 5
6allow init-cpuset-sh system_file:file execute_no_trans; 6allow init-cpuset-sh system_file:file execute_no_trans;
7allow init-cpuset-sh shell_exec:file { read getattr }; 7allow init-cpuset-sh shell_exec:file { read getattr };
8allow init-cpuset-sh toolbox_exec:file rx_file_perms;