From f82d177d9e5435338ad2efc4e79051e159f4f638 Mon Sep 17 00:00:00 2001 From: Tri Vo Date: Tue, 16 Jan 2018 16:34:31 -0800 Subject: Mark /vendor files as vendor_file_type. The following files and correspoding selinux types need vendor_file_type attribute: /vendor/bin/mm-qcamera-daemon u:object_r:camera_exec:s0 /vendor/bin/hw/android.hardware.dumpstate@1.0-service.bullhead u:object_r:hal_dumpstate_impl_exec:s0 /vendor/bin/slim_daemon u:object_r:location_exec:s0 /vendor/bin/nanoapp_cmd u:object_r:nanoapp_cmd_exec:s0 /vendor/bin/qti u:object_r:qti_exec:s0 /vendor/bin/sensortool.bullhead u:object_r:sensortool_exec:s0 /vendor/bin/wcnss_filter u:object_r:start_hci_filter_exec:s0 Test: build bullhead sepolicy Change-Id: I98a0eb0199a02ca8422b8e1fb2e00f89e0098966 --- sepolicy/camera.te | 2 +- sepolicy/hal_dumpstate_impl.te | 2 +- sepolicy/location.te | 2 +- sepolicy/nanoapp_cmd.te | 2 +- sepolicy/qti.te | 2 +- sepolicy/sensortool.te | 2 +- sepolicy/start_hci_filter.te | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/sepolicy/camera.te b/sepolicy/camera.te index 29d99dc..d1ecd39 100644 --- a/sepolicy/camera.te +++ b/sepolicy/camera.te @@ -1,6 +1,6 @@ # Qualcomm MSM camera type camera, domain, device_domain_deprecated; -type camera_exec, exec_type, file_type; +type camera_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(camera) diff --git a/sepolicy/hal_dumpstate_impl.te b/sepolicy/hal_dumpstate_impl.te index ae30c7b..9d80587 100644 --- a/sepolicy/hal_dumpstate_impl.te +++ b/sepolicy/hal_dumpstate_impl.te @@ -1,7 +1,7 @@ type hal_dumpstate_impl, domain; hal_server_domain(hal_dumpstate_impl, hal_dumpstate) -type hal_dumpstate_impl_exec, exec_type, file_type; +type hal_dumpstate_impl_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(hal_dumpstate_impl) # Execute dump scripts diff --git a/sepolicy/location.te b/sepolicy/location.te index 210a03c..76a95a1 100644 --- a/sepolicy/location.te +++ b/sepolicy/location.te @@ -1,6 +1,6 @@ # loc_launcher service type location, domain, device_domain_deprecated; -type location_exec, exec_type, file_type; +type location_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(location) diff --git a/sepolicy/nanoapp_cmd.te b/sepolicy/nanoapp_cmd.te index 9bb2b12..c4f5b3e 100644 --- a/sepolicy/nanoapp_cmd.te +++ b/sepolicy/nanoapp_cmd.te @@ -1,5 +1,5 @@ type nanoapp_cmd, domain; -type nanoapp_cmd_exec, exec_type, file_type; +type nanoapp_cmd_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(nanoapp_cmd) diff --git a/sepolicy/qti.te b/sepolicy/qti.te index 123d504..9296612 100644 --- a/sepolicy/qti.te +++ b/sepolicy/qti.te @@ -1,6 +1,6 @@ # Policy for qti type qti, domain, device_domain_deprecated; -type qti_exec, exec_type, file_type; +type qti_exec, exec_type, vendor_file_type, file_type; # Started by init init_daemon_domain(qti) diff --git a/sepolicy/sensortool.te b/sepolicy/sensortool.te index 4bdb9e2..f78af45 100644 --- a/sepolicy/sensortool.te +++ b/sepolicy/sensortool.te @@ -1,5 +1,5 @@ type sensortool, domain, device_domain_deprecated; -type sensortool_exec, exec_type, file_type; +type sensortool_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(sensortool) diff --git a/sepolicy/start_hci_filter.te b/sepolicy/start_hci_filter.te index c2d7355..0579b3f 100644 --- a/sepolicy/start_hci_filter.te +++ b/sepolicy/start_hci_filter.te @@ -1,6 +1,6 @@ #Policy for start_hci_filter type start_hci_filter, domain, device_domain_deprecated; -type start_hci_filter_exec, exec_type, file_type; +type start_hci_filter_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(start_hci_filter); -- cgit v1.2.3