Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
A
AndroidSystemSEPolicy
Manage
Activity
Members
Code
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Deploy
Releases
Container registry
Model registry
Analyze
Contributor analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Terms and privacy
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Werner Sembach
AndroidSystemSEPolicy
Commits
6a1ae20c
Commit
6a1ae20c
authored
11 years ago
by
Greg Hackmann
Committed by
Android Git Automerger
11 years ago
Browse files
Options
Downloads
Plain Diff
am
4b683d24
: am
7004789d
: Add policies for Atomic Display Framework
* commit '
4b683d24
': Add policies for Atomic Display Framework
parents
650ae437
4b683d24
No related branches found
No related tags found
No related merge requests found
Changes
5
Show whitespace changes
Inline
Side-by-side
Showing
5 changed files
app.te
+4
-2
4 additions, 2 deletions
app.te
device.te
+1
-0
1 addition, 0 deletions
device.te
file_contexts
+3
-0
3 additions, 0 deletions
file_contexts
healthd.te
+1
-0
1 addition, 0 deletions
healthd.te
surfaceflinger.te
+3
-0
3 additions, 0 deletions
surfaceflinger.te
with
12 additions
and
2 deletions
app.te
+
4
−
2
View file @
6a1ae20c
...
...
@@ -191,8 +191,10 @@ neverallow { appdomain -unconfineddomain } {
}:chr_file { read write };
# Note: Try expanding list of app domains in the future.
neverallow { untrusted_app isolated_app shell -unconfineddomain }
graphics_device:chr_file { read write };
neverallow { untrusted_app isolated_app shell -unconfineddomain } {
adf_device
graphics_device
}:chr_file { read write };
neverallow { appdomain -nfc -unconfineddomain } nfc_device:chr_file
{ read write };
...
...
This diff is collapsed.
Click to expand it.
device.te
+
1
−
0
View file @
6a1ae20c
...
...
@@ -2,6 +2,7 @@
type device, dev_type, fs_type;
type alarm_device, dev_type, mlstrustedobject;
type adb_device, dev_type;
type adf_device, dev_type;
type ashmem_device, dev_type, mlstrustedobject;
type audio_device, dev_type;
type binder_device, dev_type, mlstrustedobject;
...
...
This diff is collapsed.
Click to expand it.
file_contexts
+
3
−
0
View file @
6a1ae20c
...
...
@@ -31,6 +31,9 @@
/dev(/.*)? u:object_r:device:s0
/dev/akm8973.* u:object_r:sensors_device:s0
/dev/accelerometer u:object_r:sensors_device:s0
/dev/adf[0-9]* u:object_r:adf_device:s0
/dev/adf-interface[0-9]*\.[0-9]* u:object_r:adf_device:s0
/dev/adf-overlay-engine[0-9]*\.[0-9]* u:object_r:adf_device:s0
/dev/alarm u:object_r:alarm_device:s0
/dev/android_adb.* u:object_r:adb_device:s0
/dev/ashmem u:object_r:ashmem_device:s0
...
...
This diff is collapsed.
Click to expand it.
healthd.te
+
1
−
0
View file @
6a1ae20c
...
...
@@ -23,6 +23,7 @@ allow healthd sysfs:file write;
### healthd: charger mode
###
allow healthd adf_device:chr_file rw_file_perms;
allow healthd graphics_device:dir r_dir_perms;
allow healthd graphics_device:chr_file rw_file_perms;
allow healthd input_device:dir r_dir_perms;
...
...
This diff is collapsed.
Click to expand it.
surfaceflinger.te
+
3
−
0
View file @
6a1ae20c
...
...
@@ -30,6 +30,9 @@ allow surfaceflinger gpu_device:chr_file rw_file_perms;
allow surfaceflinger graphics_device:dir search;
allow surfaceflinger graphics_device:chr_file rw_file_perms;
# Access ADF device nodes.
allow surfaceflinger adf_device:chr_file rw_file_perms;
# Access /dev/video1.
allow surfaceflinger video_device:dir r_dir_perms;
allow surfaceflinger video_device:chr_file rw_file_perms;
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
