device_google_walleye/sepolicy/init.te at b48a769451e4f01e8d340df57dbf17ffdc5b6675 - device_google_walleye - EvolutionX mirror

Evolution-x-devices/device_google_walleye

mirror of https://github.com/Evolution-X-Devices/device_google_walleye synced 2026-02-01 07:33:36 +00:00

Files

Max Bires 566afc1cac Adding init allows and supporting file_context.

Adding allows to address following boot denials:
denied { open } for pid=1 comm="init" path="/dev/ttyMSM0" dev="tmpfs"
ino=20828 scontext=u:r:init:s0 tcontext=u:object_r:device:s0
tclass=chr_file

denied { read write } for pid=1 comm="init" name="ttyMSM0" dev="tmpfs"
ino=20828 scontext=u:r:init:s0 tcontext=u:object_r:device:s0
tclass=chr_file

denied { write } for pid=1 comm="init" name="b_vendor_code"
dev="configfs" ino=21093 scontext=u:r:init:s0
tcontext=u:object_r:configfs:s0 tclass=file

Bug: 34784662
Test: The above denials are not present during boot
Change-Id: I5cc2daecf5b2a54d21ae17f6d88ffc174b5b8a12

2017-02-15 08:53:37 -08:00

8 lines

206 B

Plaintext

Raw Blame History

 allow init self:capability sys_module;
 allow init system_file:system module_load;
 allow init configfs:file w_file_perms;
 allow init tty_device:chr_file rw_file_perms;
 allow init persist_file:dir mounton;