ADHOC
/
replicant-vendor_replicant
3
0
Fork 0
Code Issues 6 Pull Requests Releases Activity

sepolicy: Remove some denials 

* Allow apps to run the "df" command to look at disk usage.
 * Allow thermal engine to check/set battery limits.

Change-Id: I67c863a82a94007e7a5e8ccfde9c095b7277ab84
This commit is contained in:
Steve Kondik 2015-11-16 19:11:50 -08:00
parent 816dec8fe9
commit 2c3b5d353e
3 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
sepolicy/domain.te Normal file
View File

@ -0,0 +1,5 @@
allow domain block_device:dir { search getattr };
allow domain block_device:blk_file getattr;
allow domain cache_block_device:blk_file getattr;
allow domain userdata_block_device:blk_file getattr;
allow domain fuse_device:chr_file getattr;

2
sepolicy/qcom/domain.te Normal file
View File

@ -0,0 +1,2 @@
allow domain persist_file:dir getattr;
allow domain persist_block_device:blk_file getattr;

3
sepolicy/qcom/thermal-engine.te
View File

@ -1,4 +1,7 @@
allow thermal-engine self:netlink_kobject_uevent_socket create_socket_perms;
r_dir_file(thermal-engine, sysfs_rqstats);
allow thermal-engine sysfs_battery_supply:file rw_file_perms;
allow thermal-engine sysfs_battery_supply:dir r_dir_perms;
allow thermal-engine self:capability { net_admin } ;