diff options
author | Nick Kralevich <nnk@google.com> | 2015-08-25 22:45:05 +0000 |
---|---|---|
committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2015-08-25 22:45:05 +0000 |
commit | 33f0114334f9304dd69a8dfac24bc7f3d195d3be (patch) | |
tree | 906c7f4975475ac8ddf9c8c4c1f96db514ef8b12 | |
parent | 543f02ae4a032a4c794617b93c796f4c7b2310d4 (diff) | |
parent | e4e8abd3d506957521d09d57021b59d9ae48f1a5 (diff) | |
download | mako-33f0114334f9304dd69a8dfac24bc7f3d195d3be.tar.gz |
-rw-r--r-- | sepolicy/bluetooth_loader.te | 1 | ||||
-rw-r--r-- | sepolicy/conn_init.te | 1 | ||||
-rw-r--r-- | sepolicy/kickstart.te | 1 | ||||
-rw-r--r-- | sepolicy/netmgrd.te | 4 |
4 files changed, 7 insertions, 0 deletions
diff --git a/sepolicy/bluetooth_loader.te b/sepolicy/bluetooth_loader.te index e831432..36243af 100644 --- a/sepolicy/bluetooth_loader.te +++ b/sepolicy/bluetooth_loader.te @@ -25,3 +25,4 @@ set_prop(bluetooth_loader, bluetooth_prop) # Allow getprop/setprop for init.mako.bt.sh allow bluetooth_loader system_file:file execute_no_trans; +allow bluetooth_loader toolbox_exec:file rx_file_perms; diff --git a/sepolicy/conn_init.te b/sepolicy/conn_init.te index 6491888..d5ff650 100644 --- a/sepolicy/conn_init.te +++ b/sepolicy/conn_init.te @@ -20,3 +20,4 @@ allow conn_init wlan_device:chr_file rw_file_perms; # init.mako.wifi.sh runs toolbox allow conn_init system_file:file execute_no_trans; +allow conn_init toolbox_exec:file rx_file_perms; diff --git a/sepolicy/kickstart.te b/sepolicy/kickstart.te index 93091cb..05be3d5 100644 --- a/sepolicy/kickstart.te +++ b/sepolicy/kickstart.te @@ -28,6 +28,7 @@ allow kickstart radio_efs_file:file r_file_perms; # Run dd from toolbox on firmware files allow kickstart shell_exec:file rx_file_perms; allow kickstart system_file:file execute_no_trans; +allow kickstart toolbox_exec:file rx_file_perms; # Wake lock access wakelock_use(kickstart) diff --git a/sepolicy/netmgrd.te b/sepolicy/netmgrd.te index 37f85f6..c9b512e 100644 --- a/sepolicy/netmgrd.te +++ b/sepolicy/netmgrd.te @@ -31,5 +31,9 @@ allow netmgrd shell_exec:file rx_file_perms; # Runs /system/bin/ip addr flush dev <device> commands. allow netmgrd system_file:file rx_file_perms; +# XXX Run toolbox. Might not be needed. +allow netmgrd toolbox_exec:file rx_file_perms; +auditallow netmgrd toolbox_exec:file rx_file_perms; + allow netmgrd proc_net:file r_file_perms; allow netmgrd proc_net:dir r_dir_perms; |