MiPad4/android_device_xiaomi_sdm660-common
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sdm660-common: sepolicy: Adress system_server denials

Browse source 
Change-Id: I7ec0ccc4004a7cf74988e7994ec981e064ba0412
This commit is contained in:
Jeferson 2021-02-17 15:29:49 +01:00 committed by OdSazib
parent b6d0521107
commit 2632c4a4b8
No known key found for this signature in database
GPG key ID: B678DBD07079B021
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
sepolicy/vendor/system_server.te vendored
View file

@ -3,7 +3,9 @@ allow system_server blkio_dev:dir search;
allow system_server default_android_service:service_manager add; allow system_server default_android_service:service_manager add;
allow system_server exported_camera_prop:file read; allow system_server exported_camera_prop:file read;
allow system_server kernel:system syslog_read; allow system_server kernel:system syslog_read;
allow system_server media_rw_data_file:dir { setattr };
allow system_server sysfs_battery_supply:file rw_file_perms; allow system_server sysfs_battery_supply:file rw_file_perms;
allow system_server sysfs_kgsl:lnk_file { read };
allow system_server sysfs_vibrator:file rw_file_perms; allow system_server sysfs_vibrator:file rw_file_perms;
allow system_server thermal_service:service_manager find; allow system_server thermal_service:service_manager find;
allow system_server userspace_reboot_exported_prop:file read; allow system_server userspace_reboot_exported_prop:file read;
@ -11,3 +13,8 @@ allow system_server vendor_camera_prop:file { getattr open read };
allow system_server vendor_default_prop:file { getattr open read }; allow system_server vendor_default_prop:file { getattr open read };
allow system_server vendor_keylayout_file:dir search; allow system_server vendor_keylayout_file:dir search;
allow system_server vendor_keylayout_file:file r_file_perms; allow system_server vendor_keylayout_file:file r_file_perms;
allow system_server zygote:process { getpgid };
get_prop(system_server, exported_camera_prop)
get_prop(system_server, userspace_reboot_config_prop)
get_prop(system_server, userspace_reboot_exported_prop)