diff options
-rw-r--r-- | BoardConfig.mk | 1 | ||||
-rw-r--r-- | device.mk | 2 | ||||
-rw-r--r-- | init.shamu.rc | 2 | ||||
-rw-r--r-- | sepolicy/adspd.te | 2 | ||||
-rw-r--r-- | sepolicy/file.te | 1 | ||||
-rw-r--r-- | sepolicy/file_contexts | 4 | ||||
-rw-r--r-- | sepolicy/mmi_touch_sh.te | 16 | ||||
-rw-r--r-- | sepolicy/ueventd.te | 2 |
8 files changed, 28 insertions, 2 deletions
diff --git a/BoardConfig.mk b/BoardConfig.mk index 4cc1b3e0..0d2e5085 100644 --- a/BoardConfig.mk +++ b/BoardConfig.mk @@ -130,6 +130,7 @@ BOARD_SEPOLICY_UNION += \ irsc_util.te \ mdm_helper.te \ mediaserver.te \ + mmi_touch_sh.te \ mpdecision.te \ netd.te \ netmgrd.te \ @@ -92,7 +92,7 @@ PRODUCT_COPY_FILES += \ # Touch firmware updater PRODUCT_COPY_FILES += \ - $(LOCAL_PATH)/init.mmi.touch.sh:root/init.mmi.touch.sh + $(LOCAL_PATH)/init.mmi.touch.sh:system/bin/init.mmi.touch.sh # Add WiFi Firmware $(call inherit-product-if-exists, hardware/broadcom/wlan/bcmdhd/firmware/bcm4356/device-bcm.mk) diff --git a/init.shamu.rc b/init.shamu.rc index 80748f13..4219acee 100644 --- a/init.shamu.rc +++ b/init.shamu.rc @@ -570,7 +570,7 @@ on property:persist.qca1530=no on property:init.svc.surfaceflinger=stopped stop ppd -service mmi-touch-sh /system/bin/sh /init.mmi.touch.sh atmel +service mmi-touch-sh /system/bin/init.mmi.touch.sh atmel class main user root oneshot diff --git a/sepolicy/adspd.te b/sepolicy/adspd.te index bc955c78..f09dd666 100644 --- a/sepolicy/adspd.te +++ b/sepolicy/adspd.te @@ -17,3 +17,5 @@ allow adspd adspd_data_file:dir rw_dir_perms; # For now, allow writes to all of /sys. # TODO: scope down this access. allow adspd sysfs:file write; + +allow adspd sysfs_mmi_touch:dir search; diff --git a/sepolicy/file.te b/sepolicy/file.te index 197e9b5e..c97e7488 100644 --- a/sepolicy/file.te +++ b/sepolicy/file.te @@ -24,6 +24,7 @@ type sysfs_rmnet, fs_type, sysfs_type; type sysfs_smdcntl_open_timeout, fs_type, sysfs_type; type sysfs_xhci_msm_hsic, fs_type, sysfs_type; type sysfs_msm_hsic_host, fs_type, sysfs_type; +type sysfs_mmi_touch, fs_type, sysfs_type; type persist_file, file_type; type persist_data_file, file_type; diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index efa6c37e..68eafdcb 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -127,6 +127,7 @@ /system/bin/bdAddrLoader u:object_r:bluetooth_loader_exec:s0 /system/bin/bridgemgrd u:object_r:bridge_exec:s0 /system/vendor/bin/gsiff_daemon u:object_r:gsiffd_exec:s0 +/system/bin/init\.mmi\.touch\.sh u:object_r:mmi_touch_sh_exec:s0 /system/bin/irsc_util u:object_r:irsc_util_exec:s0 /system/bin/ks u:object_r:mdm_helper_exec:s0 /system/bin/mdm_helper u:object_r:mdm_helper_exec:s0 @@ -153,6 +154,9 @@ # Sysfs files used by qmuxd /sys/devices/virtual/smdpkt/smdcntl([0-9])+/open_timeout u:object_r:sysfs_smdcntl_open_timeout:s0 +# mmi_touch related /sys files +/sys/devices/f9966000\.i2c/i2c-1/1-004a(/.*)? u:object_r:sysfs_mmi_touch:s0 + # Context for mpdecision /sys/module/msm_thermal/core_control/cpus_offlined u:object_r:sysfs_mpdecision:s0 /sys/devices/system/cpu/cpu0/rq-stats(/.*)? u:object_r:sysfs_rqstats:s0 diff --git a/sepolicy/mmi_touch_sh.te b/sepolicy/mmi_touch_sh.te new file mode 100644 index 00000000..d6bd05bc --- /dev/null +++ b/sepolicy/mmi_touch_sh.te @@ -0,0 +1,16 @@ +type mmi_touch_sh, domain; +type mmi_touch_sh_exec, exec_type, file_type; + +# Started by init +init_daemon_domain(mmi_touch_sh) + +# shell scripts need to execute /system/bin/sh +allow mmi_touch_sh shell_exec:file rx_file_perms; + +# Logs to /dev/kmsg +allow mmi_touch_sh kmsg_device:chr_file w_file_perms; + +# Write to /sys/path/to/firmware/forcereflash +# Read from /sys/path/to/firmware/poweron (and others) +allow mmi_touch_sh sysfs_mmi_touch:file rw_file_perms; +allow mmi_touch_sh sysfs_mmi_touch:dir search; diff --git a/sepolicy/ueventd.te b/sepolicy/ueventd.te index 156e0351..f58b0511 100644 --- a/sepolicy/ueventd.te +++ b/sepolicy/ueventd.te @@ -1,2 +1,4 @@ allow ueventd { firmware_file }:dir r_dir_perms; allow ueventd { firmware_file }:file r_file_perms; +allow ueventd sysfs_mmi_touch:file w_file_perms; +allow ueventd sysfs_mmi_touch:dir search; |