sepolicy: Remove some denials
* Allow apps to run the "df" command to look at disk usage. * Allow thermal engine to check/set battery limits. Change-Id: I67c863a82a94007e7a5e8ccfde9c095b7277ab84
This commit is contained in:
parent
816dec8fe9
commit
2c3b5d353e
5
sepolicy/domain.te
Normal file
5
sepolicy/domain.te
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
allow domain block_device:dir { search getattr };
|
||||||
|
allow domain block_device:blk_file getattr;
|
||||||
|
allow domain cache_block_device:blk_file getattr;
|
||||||
|
allow domain userdata_block_device:blk_file getattr;
|
||||||
|
allow domain fuse_device:chr_file getattr;
|
2
sepolicy/qcom/domain.te
Normal file
2
sepolicy/qcom/domain.te
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
allow domain persist_file:dir getattr;
|
||||||
|
allow domain persist_block_device:blk_file getattr;
|
@ -1,4 +1,7 @@
|
|||||||
allow thermal-engine self:netlink_kobject_uevent_socket create_socket_perms;
|
allow thermal-engine self:netlink_kobject_uevent_socket create_socket_perms;
|
||||||
r_dir_file(thermal-engine, sysfs_rqstats);
|
r_dir_file(thermal-engine, sysfs_rqstats);
|
||||||
|
|
||||||
|
allow thermal-engine sysfs_battery_supply:file rw_file_perms;
|
||||||
|
allow thermal-engine sysfs_battery_supply:dir r_dir_perms;
|
||||||
|
|
||||||
allow thermal-engine self:capability { net_admin } ;
|
allow thermal-engine self:capability { net_admin } ;
|
||||||
|
Loading…
Reference in New Issue
Block a user