diff options
author | jaejyn.shin <jaejyn.shin@lge.com> | 2015-05-27 09:55:30 +0900 |
---|---|---|
committer | Thierry Strudel <tstrudel@google.com> | 2015-06-05 09:42:19 -0700 |
commit | aab4942455f41f20b11aba67daa02c640c62cdc4 (patch) | |
tree | 5741b316fd6a1713c8df129dbb0e655bf3b2a107 /sepolicy/sensortool.te | |
parent | 876dc49f74969ed57f60bc65e6da799aacce383d (diff) | |
download | bullhead-aab4942455f41f20b11aba67daa02c640c62cdc4.tar.gz |
bullhead/sepolicy: create sensortool domains and policy
init: Warning! Service flash-sh-fw needs a SELinux domain defined; please fix!
avc: denied { dac_override } for pid=332 comm="sensortool.bull" capability=1 scontext=u:r:sensortool:s0 tcontext=u:r:sensortool:s0 tclass=capability permissive=1
avc: denied { read write } for pid=332 comm="sensortool.bull" name="spich" dev="tmpfs" ino=1314 scontext=u:r:sensortool:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1
avc: denied { open } for pid=332 comm="sensortool.bull" path="/dev/spich" dev="tmpfs" ino=1314 scontext=u:r:sensortool:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1
avc: denied { ioctl } for pid=332 comm="sensortool.bull" path="/dev/spich" dev="tmpfs" ino=1314 ioctlcmd=6b01 scontext=u:r:sensortool:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1
avc: denied { sys_nice } for pid=338 comm="Binder_1" capability=23 scontext=u:r:sensortool:s0 tcontext=u:r:sensortool:s0 tclass=capability permissive=1
avc: denied { write } for pid=1 comm="init" name="security" dev="mmcblk0p41" ino=98113 scontext=u:r:init:s0 tcontext=u:object_r:security_file:s0 tclass=dir permissive=1
avc: denied { read } for pid=1 comm="init" name="subsys0" dev="sysfs" ino=14803 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_ssr:s0 tclass=lnk_file permissive=1
avc: denied { ioctl } for pid=332 comm="sensortool.bull" path="/dev/spich" dev="tmpfs" ino=1314 ioctlcmd=6b07 scontext=u:r:sensortool:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1
avc: denied { read write } for pid=817 comm="system_server" name="spich" dev="tmpfs" ino=1314 scontext=u:r:system_server:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1
avc: denied { open } for pid=817 comm="system_server" path="/dev/spich" dev="tmpfs" ino=1314 scontext=u:r:system_server:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1
avc: denied { ioctl } for pid=817 comm="system_server" path="/dev/spich" dev="tmpfs" ino=1314 ioctlcmd=6b01 scontext=u:r:system_server:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1
avc: denied { ioctl } for pid=2047 comm="HubConnection" path="/dev/spich" dev="tmpfs" ino=1314 ioctlcmd=6b07 scontext=u:r:system_server:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1
Change-Id: I418e0eb226f9636589fe290c6d8dcc83b19b9aba
Diffstat (limited to 'sepolicy/sensortool.te')
-rw-r--r-- | sepolicy/sensortool.te | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/sepolicy/sensortool.te b/sepolicy/sensortool.te new file mode 100644 index 0000000..ab382a2 --- /dev/null +++ b/sepolicy/sensortool.te @@ -0,0 +1,7 @@ +type sensortool, domain; +type sensortool_exec, exec_type, file_type; + +init_daemon_domain(sensortool) + +allow sensortool sensors_device:chr_file rw_file_perms; +allow sensortool self:capability { dac_override sys_nice }; |