sepolicy: address some nvram_daemon denials

author Stricted <info@stricted.net>

Tue, 1 May 2018 00:41:43 +0000 (02:41 +0200)

committer Stricted <info@stricted.net>

Tue, 1 May 2018 00:41:43 +0000 (02:41 +0200)
author Stricted <info@stricted.net>
Tue, 1 May 2018 00:41:43 +0000 (02:41 +0200)
committer Stricted <info@stricted.net>
Tue, 1 May 2018 00:41:43 +0000 (02:41 +0200)
diff --git a/sepolicy/nvram_daemon.te b/sepolicy/nvram_daemon.te

index dbc31e8e89bf65f001541de318efe1aa5c745753..32847988b1fefa408b5a0d1951e1d3a2e78b948c 100644 (file)
--- a/sepolicy/nvram_daemon.te
+++ b/sepolicy/nvram_daemon.te
@@ -28,3 +28,7 @@ unix_socket_connect(nvram_daemon, property, init)
  allow nvram_daemon sysfs_boot_mode:file { read open };
  allow nvram_daemon sysfs:file { write };
  allow nvram_daemon system_prop:property_service { set };
+
+allow nvram_daemon nvram_device:chr_file { read write open };
+allow nvram_daemon mmc_device:blk_file { read write open };
+allow nvram_daemon proinfo_device:chr_file { read write open ioctl };
author	Stricted <info@stricted.net>
	Tue, 1 May 2018 00:41:43 +0000 (02:41 +0200)
committer	Stricted <info@stricted.net>
	Tue, 1 May 2018 00:41:43 +0000 (02:41 +0200)