projects / GitHub / LineageOS / android_device_samsung_universal7580-common.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
universal7580: sepolicy: address init denials
[GitHub/LineageOS/android_device_samsung_universal7580-common.git] / sepolicy / init.te
CommitLineData
c1a50488
DW		 1# Mount debugfs on /sys/kernel/debug.
2allow init debugfs:dir mounton;
3
4# Mount EFS on /efs
5allow init efs_file:dir mounton;
6
4dffde8c
DW		 7# Mount CPEFS on /cpefs
8allow init sec_efs_file:dir mounton;
9
c1a50488
DW		 10# /dev/block/mmcblk0p[0-9]
11allow init emmcblk_device:blk_file rw_file_perms;
12
ee133eb7 13allow init block_device:lnk_file setattr;
c1a50488
DW		 14allow init tmpfs:lnk_file create_file_perms;
15
16# /sys/class/power_supply/battery and /sys/class/android_usb/android0
c63278d0 17allow init sysfs_usb_supply:file { rw_file_perms setattr };
c1a50488 18
c1a50488
DW		 19# /data
20allow init sdcardd_exec:file r_file_perms;
21
22# sysfs iio:device[0-9]
23allow init sysfs:lnk_file setattr;
24
c63278d0
DW		 25# sysfs ion device
26allow init sysfs_ion:file setattr;
27
28# sysfs usb device
29allow init sysfs_android_usb:file setattr;
30
c1a50488 31# read/chown mDNIE symlinks
ee133eb7
JA		 32allow init sysfs_mdnie:lnk_file { r_file_perms setattr };
33allow init sysfs_mdnie:file rw_file_perms;
c1a50488
DW		 34
35# read/chown camera firmware
c63278d0
DW		 36allow init sysfs_camera:file { relabelto setattr };
37allow init sysfs_camera:filesystem associate;
38
39# WiFi firmware permissions
40allow init sysfs_wifi:file setattr;
41
42# Input devices
43allow init sysfs_input:file { rw_file_perms setattr };
44
45# BT permissions
46allow init sysfs_bluetooth_writable:file setattr;
47
48# GPS permissions
49allow init sysfs_gps:lnk_file read;
1d6bb0a1
DW		 50allow init sysfs_gps:file { rw_file_perms setattr };
51allow init gps_data_file:fifo_file write;
52allow init gps_data_file:file lock;
53allow init gps_device:chr_file { open read write };
c63278d0
DW		 54
55# CPU permissions
56allow init sysfs_devices_system_cpu:file rw_file_perms;
57
4dffde8c
DW		 58# umts permissions
59allow init mif_device:chr_file rw_file_perms;
60
0df5b0cd
DW		 61# sswap permissions
62allow init sswap_device:blk_file write;
63allow init sysfs_sswap:file { open write };
64
c63278d0
DW		 65# Block device sysfs
66allow init sysfs_block:file rw_file_perms;
67
68# Audio Jack
69allow init sysfs_jack:file setattr;
c1a50488
DW		 70
71unix_socket_connect(init, property, rild)
93f72ed5
EC		 72
73allow init { domain -lmkd -crash_dump }:process noatsecure;
c63278d0
DW		 74
75# Allow access to /proc/device-tree nodes
76r_dir_file(init, proc_dt_firmware)
77
78allow init sysfs_mmc:file { w_file_perms setattr };
79allow init sysfs_net:file rw_file_perms;
80allow init sysfs_graphics:file { rw_file_perms setattr };
81allow init sysfs_light:file { rw_file_perms setattr };
62865c85 82allow init sysfs_light:lnk_file { rw_file_perms setattr };
ee133eb7 83allow init sysfs_mdnie:file setattr;
c63278d0
DW		 84allow init sysfs_sec:file { rw_file_perms setattr };
85allow init sysfs_sec:lnk_file read;
86allow init sysfs_sensors:file { rw_file_perms setattr };
87allow init sysfs_sensors:lnk_file read;
88allow init sysfs_multipdp:file setattr;
89
90# Proc files
4dffde8c 91allow init proc_reset_reason:file { rw_file_perms setattr };
b1e82b80 92allow init proc_vm:file rw_file_perms;
c63278d0 93allow init proc_simslot_count:file rw_file_perms;
4dffde8c 94allow init proc_sec:file { rw_file_perms setattr };
c63278d0
DW		 95
96# Sockets
b1e82b80 97allow init socket_device:sock_file { read write getattr setattr create unlink };