pixel-selinux: add SJTAG policies
These are the SELinux policies for the sysfs files of the SJTAG kernel interface. The files are in the following directories: /sys/devices/platform/sjtag_ap/interface/ /sys/devices/platform/sjtag_gsa/interface/ Bug: 207571417 Signed-off-by: Peter Csaszar <pcsaszar@google.com> Change-Id: I5ec50d9ff7cd0e08ade7acce21e73751e93a0aff
This commit is contained in:
Peter Csaszar
parent
c8c1f766d2
commit
4041f814be
4 changed files with 25 additions and 0 deletions
|
|
@ -91,3 +91,14 @@ type sysfs_st33spi, sysfs_type, fs_type;
|
||||||
|
|
||||||
# GPU
|
# GPU
|
||||||
type sysfs_gpu, sysfs_type, fs_type;
|
type sysfs_gpu, sysfs_type, fs_type;
|
||||||
|
|
||||||
|
# Vendor sched files
|
||||||
|
userdebug_or_eng(`
|
||||||
|
typeattribute sysfs_vendor_sched mlstrustedobject;
|
||||||
|
')
|
||||||
|
|
||||||
|
# SJTAG
|
||||||
|
type sysfs_sjtag, fs_type, sysfs_type;
|
||||||
|
userdebug_or_eng(`
|
||||||
|
typeattribute sysfs_sjtag mlstrustedobject;
|
||||||
|
')
|
||||||
|
|
|
||||||
|
|
@ -210,3 +210,7 @@ genfscon sysfs /devices/platform/100b0000.TPU u:obje
|
||||||
# Camera
|
# Camera
|
||||||
genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfreq_intcam/min_freq u:object_r:sysfs_camera:s0
|
genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfreq_intcam/min_freq u:object_r:sysfs_camera:s0
|
||||||
genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/min_freq u:object_r:sysfs_camera:s0
|
genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/min_freq u:object_r:sysfs_camera:s0
|
||||||
|
|
||||||
|
# SJTAG
|
||||||
|
genfscon sysfs /devices/platform/sjtag_ap/interface u:object_r:sysfs_sjtag:s0
|
||||||
|
genfscon sysfs /devices/platform/sjtag_gsa/interface u:object_r:sysfs_sjtag:s0
|
||||||
|
|
|
||||||
5
whitechapel_pro/shell.te
Normal file
5
whitechapel_pro/shell.te
Normal file
|
|
@ -0,0 +1,5 @@
|
||||||
|
# Allow access to the SJTAG kernel interface from the shell
|
||||||
|
userdebug_or_eng(`
|
||||||
|
allow shell sysfs_sjtag:dir r_dir_perms;
|
||||||
|
allow shell sysfs_sjtag:file rw_file_perms;
|
||||||
|
')
|
||||||
|
|
@ -12,6 +12,11 @@ userdebug_or_eng(`
|
||||||
allow ssr_detector_app sscoredump_vendor_data_coredump_file:dir r_dir_perms;
|
allow ssr_detector_app sscoredump_vendor_data_coredump_file:dir r_dir_perms;
|
||||||
allow ssr_detector_app sscoredump_vendor_data_coredump_file:file r_file_perms;
|
allow ssr_detector_app sscoredump_vendor_data_coredump_file:file r_file_perms;
|
||||||
get_prop(ssr_detector_app, vendor_aoc_prop)
|
get_prop(ssr_detector_app, vendor_aoc_prop)
|
||||||
|
allow ssr_detector_app sysfs_sjtag:dir r_dir_perms;
|
||||||
|
allow ssr_detector_app sysfs_sjtag:file rw_file_perms;
|
||||||
|
allow ssr_detector_app sysfs_vendor_sched:dir search;
|
||||||
|
allow ssr_detector_app sysfs_vendor_sched:file rw_file_perms;
|
||||||
|
allow ssr_detector_app cgroup:file write;
|
||||||
')
|
')
|
||||||
|
|
||||||
get_prop(ssr_detector_app, vendor_ssrdump_prop)
|
get_prop(ssr_detector_app, vendor_ssrdump_prop)
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue