diff options
-rw-r--r-- | sepolicy/bluetooth_loader.te | 1 | ||||
-rw-r--r-- | sepolicy/conn_init.te | 1 | ||||
-rw-r--r-- | sepolicy/kickstart.te | 1 | ||||
-rw-r--r-- | sepolicy/netmgrd.te | 4 |
4 files changed, 7 insertions, 0 deletions
diff --git a/sepolicy/bluetooth_loader.te b/sepolicy/bluetooth_loader.te index e831432..36243af 100644 --- a/sepolicy/bluetooth_loader.te +++ b/sepolicy/bluetooth_loader.te @@ -25,3 +25,4 @@ set_prop(bluetooth_loader, bluetooth_prop) # Allow getprop/setprop for init.mako.bt.sh allow bluetooth_loader system_file:file execute_no_trans; +allow bluetooth_loader toolbox_exec:file rx_file_perms; diff --git a/sepolicy/conn_init.te b/sepolicy/conn_init.te index 6491888..d5ff650 100644 --- a/sepolicy/conn_init.te +++ b/sepolicy/conn_init.te @@ -20,3 +20,4 @@ allow conn_init wlan_device:chr_file rw_file_perms; # init.mako.wifi.sh runs toolbox allow conn_init system_file:file execute_no_trans; +allow conn_init toolbox_exec:file rx_file_perms; diff --git a/sepolicy/kickstart.te b/sepolicy/kickstart.te index 93091cb..05be3d5 100644 --- a/sepolicy/kickstart.te +++ b/sepolicy/kickstart.te @@ -28,6 +28,7 @@ allow kickstart radio_efs_file:file r_file_perms; # Run dd from toolbox on firmware files allow kickstart shell_exec:file rx_file_perms; allow kickstart system_file:file execute_no_trans; +allow kickstart toolbox_exec:file rx_file_perms; # Wake lock access wakelock_use(kickstart) diff --git a/sepolicy/netmgrd.te b/sepolicy/netmgrd.te index 37f85f6..c9b512e 100644 --- a/sepolicy/netmgrd.te +++ b/sepolicy/netmgrd.te @@ -31,5 +31,9 @@ allow netmgrd shell_exec:file rx_file_perms; # Runs /system/bin/ip addr flush dev <device> commands. allow netmgrd system_file:file rx_file_perms; +# XXX Run toolbox. Might not be needed. +allow netmgrd toolbox_exec:file rx_file_perms; +auditallow netmgrd toolbox_exec:file rx_file_perms; + allow netmgrd proc_net:file r_file_perms; allow netmgrd proc_net:dir r_dir_perms; |