From 5760c77daa3fadf557b3cdf101efed804fc740a9 Mon Sep 17 00:00:00 2001 From: Yongqin Liu Date: Thu, 22 Oct 2015 14:42:58 +0100 Subject: sepolicy related updates 1. remove CONFIG_MODULES=y to remove the personality-8 related avc denials 2. add linaro domain for scripts started in init as service Change-Id: I11015bccc0eda33644ed6bf5f34087775d90a145 Signed-off-by: Yongqin Liu --- BoardConfig.mk | 1 + android-quirks.conf | 2 -- init.arm-versatileexpress.rc | 3 +++ 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/BoardConfig.mk b/BoardConfig.mk index b13d1a3..39bfa8c 100644 --- a/BoardConfig.mk +++ b/BoardConfig.mk @@ -51,6 +51,7 @@ BOARD_SEPOLICY_DIRS += device/linaro/build/sepolicy BOARD_SEPOLICY_UNION += \ file_contexts \ gatord.te \ + linaro.te \ init.te \ kernel.te \ logd.te \ diff --git a/android-quirks.conf b/android-quirks.conf index 2ee6ecd..d12877a 100644 --- a/android-quirks.conf +++ b/android-quirks.conf @@ -1,5 +1,3 @@ CONFIG_SECURITY_SELINUX_BOOTPARAM=y CONFIG_USB_G_ANDROID is not set -CONFIG_MODULES=y -CONFIG_MODULE_UNLOAD=y CONFIG_IPV6=y diff --git a/init.arm-versatileexpress.rc b/init.arm-versatileexpress.rc index 702e5d2..ccadb34 100755 --- a/init.arm-versatileexpress.rc +++ b/init.arm-versatileexpress.rc @@ -50,18 +50,21 @@ service boardtweaks /sbin/tweaks.arm-versatileexpress.sh class main user root oneshot + seclabel u:r:linaro:s0 # setup IRQ affinity to the A7s service setirqaffinity /sbin/set_irq_affinity.sh 0xc07 class main user root oneshot + seclabel u:r:linaro:s0 service faketsd /system/bin/faketsd class main user bluetooth group bluetooth oneshot + seclabel u:r:linaro:s0 service dhcpcd_eth0 /system/bin/dhcpcd -aABDKL class main -- cgit v1.2.3