sepolicy: set sepolicy rules for setcpuset.sh

so that it can be run successfy from init with exec command Change-Id: I46af12e6c1c793ab92c834e1ab2677b6075a8c97 Signed-off-by: Yongqin Liu <yongqin.liu@linaro.org>
author: Yongqin Liu <yongqin.liu@linaro.org> 2016-02-05 01:10:00 +0800
committer: Yongqin Liu <yongqin.liu@linaro.org> 2016-02-04 17:11:46 +0000
commit: 9fd35a63738ea5eb68ea1ed246d2dbea7cc8c36b (patch)
tree: a23b15ef5350c58b2468f937567628f68169f47c
parent: 4b777991c57e3074f993c4f1de1eae2fbc9af28f (diff)
download: juno-9fd35a63738ea5eb68ea1ed246d2dbea7cc8c36b.tar.gz
3 files changed, 11 insertions, 0 deletions
diff --git a/BoardConfig.mk b/BoardConfig.mk
index 36c48f9..11d2fd8 100644
--- a/BoardConfig.mk
+++ b/BoardConfig.mk
@@ -85,6 +85,7 @@ BOARD_SEPOLICY_UNION += \
 
 BOARD_SEPOLICY_DIRS += device/linaro/juno/sepolicy
 BOARD_SEPOLICY_UNION += \
+        setcpuset-sh.te \
         file_contexts \
         init.te
 
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 1393bc1..3f7644c 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -1,2 +1,5 @@
 /dev/mali0              u:object_r:gpu_device:s0
 /dev/ump              u:object_r:gpu_device:s0
+
+# System files
+/system/bin/setcpuset\.sh      u:object_r:setcpuset-sh_exec:s0
diff --git a/sepolicy/setcpuset-sh.te b/sepolicy/setcpuset-sh.te
new file mode 100644
index 0000000..8eec096
--- /dev/null
+++ b/sepolicy/setcpuset-sh.te
@@ -0,0 +1,7 @@
+type setcpuset-sh, domain;
+type setcpuset-sh_exec, exec_type, file_type;
+
+init_daemon_domain(setcpuset-sh)
+
+allow setcpuset-sh shell_exec:file r_file_perms;
+allow setcpuset-sh system_file:file x_file_perms;
author	Yongqin Liu <yongqin.liu@linaro.org>	2016-02-05 01:10:00 +0800
committer	Yongqin Liu <yongqin.liu@linaro.org>	2016-02-04 17:11:46 +0000
commit	9fd35a63738ea5eb68ea1ed246d2dbea7cc8c36b (patch)
tree	a23b15ef5350c58b2468f937567628f68169f47c
parent	4b777991c57e3074f993c4f1de1eae2fbc9af28f (diff)
download	juno-9fd35a63738ea5eb68ea1ed246d2dbea7cc8c36b.tar.gz