ADHOC/replicant-vendor_replicant
3
0
Fork 0
Code Issues 6 Pull Requests Releases Activity

sepolicy: Add policies for the new superuser sockets.

Browse Source 
Change-Id: Ia3e1044616bee95eb4774254fb098487d983b5db
This commit is contained in:
Ricardo Cerqueira 2014-12-16 19:27:32 +00:00 committed by Ricardo Cerqueira
parent 24a971ad42
commit a7dfa18fd5
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
sepolicy/file_contexts
View File

@ -22,8 +22,7 @@
#############
# Superuser's control sockets
/dev/com.android.settings.daemon(/.*)? u:object_r:superuser_device:s0
/dev/com.android.settings(/.*)? u:object_r:superuser_device:s0
/dev/socket/su-daemon(/.*)? u:object_r:superuser_device:s0
# Expansion of these hooks is a bit unconventional
/cache/com.cyanogenmod.keyhandler.dex u:object_r:dalvikcache_data_file:s0

2
sepolicy/su.te
View File

@ -6,6 +6,8 @@ type sudaemon, domain;
userdebug_or_eng(`
domain_trans(init, su_exec, sudaemon)
type_transition sudaemon socket_device:sock_file superuser_device;
# The userspace app uses /dev sockets to control per-app access
allow sudaemon superuser_device:dir { create rw_dir_perms setattr unlink };
allow sudaemon superuser_device:sock_file { create setattr unlink write };