add sepolicy for set_usb_irq.sh
Bug: 185092876 Test: TreeHugger, booted on oriole, enabled/disabled tethering Signed-off-by: Maciej Żenczykowski <maze@google.com> Change-Id: I7361a4390197e04b27eaf153a696e3f800f79b55
This commit is contained in:
Maciej Żenczykowski
Maciej Zenczykowski
parent
a21c6081c9
commit
714075eba7
2 changed files with 16 additions and 0 deletions
3
whitechapel/vendor/google/file_contexts
vendored
3
whitechapel/vendor/google/file_contexts
vendored
|
|
@ -270,6 +270,9 @@
|
|||
# Kernel modules related
|
||||
/vendor/bin/init\.insmod\.sh u:object_r:init-insmod-sh_exec:s0
|
||||
|
||||
# USB
|
||||
/vendor/bin/hw/set_usb_irq\.sh u:object_r:set-usb-irq-sh_exec:s0
|
||||
|
||||
# NFC
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.nfc@1\.2-service\.st u:object_r:hal_nfc_default_exec:s0
|
||||
/dev/st21nfc u:object_r:nfc_device:s0
|
||||
|
|
|
|||
13
whitechapel/vendor/google/set-usb-irq-sh.te
vendored
Normal file
13
whitechapel/vendor/google/set-usb-irq-sh.te
vendored
Normal file
|
|
@ -0,0 +1,13 @@
|
|||
type set-usb-irq-sh, domain;
|
||||
type set-usb-irq-sh_exec, vendor_file_type, exec_type, file_type;
|
||||
init_daemon_domain(set-usb-irq-sh)
|
||||
|
||||
allow set-usb-irq-sh vendor_toolbox_exec:file execute_no_trans;
|
||||
|
||||
allow set-usb-irq-sh proc_irq:dir r_dir_perms;
|
||||
allow set-usb-irq-sh proc_irq:file w_file_perms;
|
||||
|
||||
# AFAICT this happens if /proc/irq updates as we're running
|
||||
# and we end up trying to write into non-existing file,
|
||||
# which implies creation...
|
||||
dontaudit set-usb-irq-sh self:capability dac_override;
|
||||
Loading…
Add table
Add a link
Reference in a new issue