diff options
author | Vishal Mahaveer | 2017-08-24 11:33:19 -0500 |
---|---|---|
committer | Vishal Mahaveer | 2017-08-24 11:35:02 -0500 |
commit | f810a40129c73f1a8499cbca967cfa1a77a219c3 (patch) | |
tree | 05e37314d222b58ebd1d704d0efd3e85bd377f28 | |
parent | 052966042a996b26c9fbdc7e9445e5533994719e (diff) | |
download | device-ti-jacinto6evm-f810a40129c73f1a8499cbca967cfa1a77a219c3.tar.gz device-ti-jacinto6evm-f810a40129c73f1a8499cbca967cfa1a77a219c3.tar.xz device-ti-jacinto6evm-f810a40129c73f1a8499cbca967cfa1a77a219c3.zip |
selinux: grant rx perms to toolbox_exec where needed
[ based on commit 630adcb0779926a0900b054ef4e2658d7a693c82
from device/lge/bullhead ]
AOSP commit a3c97a7660ba ("Only allow toolbox exec where /system
exec was already allowed.") removed domain's rx perms to
toolbox_exec. This breaks a number of domains on bullhead. Restore
rx perms for toolbox_exec where needed.
Change-Id: I68dcef5f15535414f7b9588aae1b63b38dd77d8d
Signed-off-by: Vishal Mahaveer <vishalm@ti.com>
-rw-r--r-- | sepolicy/init-cpuset-sh.te | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/sepolicy/init-cpuset-sh.te b/sepolicy/init-cpuset-sh.te index 2216660..a2ad622 100644 --- a/sepolicy/init-cpuset-sh.te +++ b/sepolicy/init-cpuset-sh.te | |||
@@ -5,3 +5,4 @@ init_daemon_domain(init-cpuset-sh) | |||
5 | 5 | ||
6 | allow init-cpuset-sh system_file:file execute_no_trans; | 6 | allow init-cpuset-sh system_file:file execute_no_trans; |
7 | allow init-cpuset-sh shell_exec:file { read getattr }; | 7 | allow init-cpuset-sh shell_exec:file { read getattr }; |
8 | allow init-cpuset-sh toolbox_exec:file rx_file_perms; | ||