jacinto6evm: sepolicy: update rules failing build

Change-Id: I9d43bbab7fad82815fcb6d4dbb3cf0547ef37121 Signed-off-by: Vishal Mahaveer <vishalm@ti.com>
author: Vishal Mahaveer 2017-08-22 22:16:23 -0500
committer: Vishal Mahaveer 2017-08-22 22:17:50 -0500
commit: e3d327b96202111f3031a82eab57e77108b1c026 (patch)
tree: f650c34279f144af87ff6a42d18ccf5b4f0b834b
parent: 8bd75893ebf010815645fa5b6ebb18148c7e3dca (diff)
download: device-ti-jacinto6evm-e3d327b96202111f3031a82eab57e77108b1c026.tar.gz
device-ti-jacinto6evm-e3d327b96202111f3031a82eab57e77108b1c026.tar.xz
device-ti-jacinto6evm-e3d327b96202111f3031a82eab57e77108b1c026.zip
5 files changed, 6 insertions, 6 deletions
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 8988df2..2a77ada 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -1,7 +1,7 @@
 #Bluettoth tty device
 /dev/hci_tty                    u:object_r:bluetooth_control:s0
-/dev/ttyS2                      u:object_r:hci_attach_dev:s0
+#/dev/ttyS2                     u:object_r:hci_attach_dev:s0
-/system/bin/uim-sysfs           u:object_r:hci_attach_exec:s0
+#/system/bin/uim-sysfs          u:object_r:hci_attach_exec:s0
 #Console
 /dev/ttyS0                      u:object_r:console_device:s0
diff --git a/sepolicy/lad_dra7xx.te b/sepolicy/lad_dra7xx.te
index ff95009..3b31bf2 100644
--- a/sepolicy/lad_dra7xx.te
+++ b/sepolicy/lad_dra7xx.te
@@ -9,7 +9,7 @@ init_daemon_domain(lad_dra7xx)
 allow lad_dra7xx devpts:chr_file {read write ioctl getattr };
 allow lad_dra7xx lad_data_file:dir { create_dir_perms };
 allow lad_dra7xx lad_data_file:fifo_file { create_file_perms };
-allow lad_dra7xx self:socket { create_socket_perms };
+allow lad_dra7xx self:socket { create_socket_perms_no_ioctl };
 # Allow access to hwspinlock and uio device
 allow lad_dra7xx hwspinlock_dev:chr_file { rw_file_perms };
diff --git a/sepolicy/mediaserver.te b/sepolicy/mediaserver.te
index 9e69353..c8e811e 100644
--- a/sepolicy/mediaserver.te
+++ b/sepolicy/mediaserver.te
@@ -7,6 +7,6 @@ allow mediaserver device:dir { read open };
 allow mediaserver lad_data_file:fifo_file { create_file_perms };
 allow mediaserver hwspinlock_dev:chr_file { rw_file_perms };
 allow mediaserver cmem_dev:chr_file { rw_file_perms };
-allow mediaserver self:socket { create_socket_perms };
+allow mediaserver self:socket { create_socket_perms_no_ioctl };
 allow mediaserver self:tcp_socket { create_stream_socket_perms };
 allow mediaserver ctl_default_prop:property_service set;
diff --git a/sepolicy/ueventd.te b/sepolicy/ueventd.te
index 690cf1e..2f54d8e 100644
--- a/sepolicy/ueventd.te
+++ b/sepolicy/ueventd.te
@@ -1,3 +1,3 @@
 #Rules for crda operations
-allow ueventd self:netlink_generic_socket { create_socket_perms };
+allow ueventd self:netlink_generic_socket { create_socket_perms_no_ioctl };
 allow ueventd system_file:file { execute_no_trans };
diff --git a/sepolicy/vis.te b/sepolicy/vis.te
index 7f1356c..101cf39 100644
--- a/sepolicy/vis.te
+++ b/sepolicy/vis.te
@@ -7,7 +7,7 @@ init_daemon_domain(vis)
 # Allow access to IPC related resources
 allow vis devpts:chr_file { read write ioctl getattr };
 allow vis fwmarkd_socket:sock_file write;
-allow vis self:socket { create_socket_perms };
+allow vis self:socket { create_socket_perms_no_ioctl };
 allow vis self:tcp_socket { create_stream_socket_perms };
 allow vis netd:unix_stream_socket connectto;
 allow vis node:tcp_socket node_bind;
author	Vishal Mahaveer	2017-08-22 22:16:23 -0500
committer	Vishal Mahaveer	2017-08-22 22:17:50 -0500
commit	e3d327b96202111f3031a82eab57e77108b1c026 (patch)
tree	f650c34279f144af87ff6a42d18ccf5b4f0b834b
parent	8bd75893ebf010815645fa5b6ebb18148c7e3dca (diff)
download	device-ti-jacinto6evm-e3d327b96202111f3031a82eab57e77108b1c026.tar.gz device-ti-jacinto6evm-e3d327b96202111f3031a82eab57e77108b1c026.tar.xz device-ti-jacinto6evm-e3d327b96202111f3031a82eab57e77108b1c026.zip

diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index 8988df2..2a77ada 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts
@@ -1,7 +1,7 @@
1	#Bluettoth tty device	1	#Bluettoth tty device
2	/dev/hci_tty u:object_r:bluetooth_control:s0	2	/dev/hci_tty u:object_r:bluetooth_control:s0
3	/dev/ttyS2 u:object_r:hci_attach_dev:s0	3	#/dev/ttyS2 u:object_r:hci_attach_dev:s0
4	/system/bin/uim-sysfs u:object_r:hci_attach_exec:s0	4	#/system/bin/uim-sysfs u:object_r:hci_attach_exec:s0
5		5
6	#Console	6	#Console
7	/dev/ttyS0 u:object_r:console_device:s0	7	/dev/ttyS0 u:object_r:console_device:s0


diff --git a/sepolicy/lad_dra7xx.te b/sepolicy/lad_dra7xx.te index ff95009..3b31bf2 100644 --- a/sepolicy/lad_dra7xx.te +++ b/sepolicy/lad_dra7xx.te
@@ -9,7 +9,7 @@ init_daemon_domain(lad_dra7xx)
9	allow lad_dra7xx devpts:chr_file {read write ioctl getattr };	9	allow lad_dra7xx devpts:chr_file {read write ioctl getattr };
10	allow lad_dra7xx lad_data_file:dir { create_dir_perms };	10	allow lad_dra7xx lad_data_file:dir { create_dir_perms };
11	allow lad_dra7xx lad_data_file:fifo_file { create_file_perms };	11	allow lad_dra7xx lad_data_file:fifo_file { create_file_perms };
12	allow lad_dra7xx self:socket { create_socket_perms };	12	allow lad_dra7xx self:socket { create_socket_perms_no_ioctl };
13		13
14	# Allow access to hwspinlock and uio device	14	# Allow access to hwspinlock and uio device
15	allow lad_dra7xx hwspinlock_dev:chr_file { rw_file_perms };	15	allow lad_dra7xx hwspinlock_dev:chr_file { rw_file_perms };


diff --git a/sepolicy/mediaserver.te b/sepolicy/mediaserver.te index 9e69353..c8e811e 100644 --- a/sepolicy/mediaserver.te +++ b/sepolicy/mediaserver.te
@@ -7,6 +7,6 @@ allow mediaserver device:dir { read open };
7	allow mediaserver lad_data_file:fifo_file { create_file_perms };	7	allow mediaserver lad_data_file:fifo_file { create_file_perms };
8	allow mediaserver hwspinlock_dev:chr_file { rw_file_perms };	8	allow mediaserver hwspinlock_dev:chr_file { rw_file_perms };
9	allow mediaserver cmem_dev:chr_file { rw_file_perms };	9	allow mediaserver cmem_dev:chr_file { rw_file_perms };
10	allow mediaserver self:socket { create_socket_perms };	10	allow mediaserver self:socket { create_socket_perms_no_ioctl };
11	allow mediaserver self:tcp_socket { create_stream_socket_perms };	11	allow mediaserver self:tcp_socket { create_stream_socket_perms };
12	allow mediaserver ctl_default_prop:property_service set;	12	allow mediaserver ctl_default_prop:property_service set;


diff --git a/sepolicy/ueventd.te b/sepolicy/ueventd.te index 690cf1e..2f54d8e 100644 --- a/sepolicy/ueventd.te +++ b/sepolicy/ueventd.te
@@ -1,3 +1,3 @@
1	#Rules for crda operations	1	#Rules for crda operations
2	allow ueventd self:netlink_generic_socket { create_socket_perms };	2	allow ueventd self:netlink_generic_socket { create_socket_perms_no_ioctl };
3	allow ueventd system_file:file { execute_no_trans };	3	allow ueventd system_file:file { execute_no_trans };


diff --git a/sepolicy/vis.te b/sepolicy/vis.te index 7f1356c..101cf39 100644 --- a/sepolicy/vis.te +++ b/sepolicy/vis.te
@@ -7,7 +7,7 @@ init_daemon_domain(vis)
7	# Allow access to IPC related resources	7	# Allow access to IPC related resources
8	allow vis devpts:chr_file { read write ioctl getattr };	8	allow vis devpts:chr_file { read write ioctl getattr };
9	allow vis fwmarkd_socket:sock_file write;	9	allow vis fwmarkd_socket:sock_file write;
10	allow vis self:socket { create_socket_perms };	10	allow vis self:socket { create_socket_perms_no_ioctl };
11	allow vis self:tcp_socket { create_stream_socket_perms };	11	allow vis self:tcp_socket { create_stream_socket_perms };
12	allow vis netd:unix_stream_socket connectto;	12	allow vis netd:unix_stream_socket connectto;
13	allow vis node:tcp_socket node_bind;	13	allow vis node:tcp_socket node_bind;