Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
A
AndroidSystemSEPolicy
Manage
Activity
Members
Code
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Deploy
Releases
Container Registry
Model registry
Analyze
Contributor analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Terms and privacy
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Werner Sembach
AndroidSystemSEPolicy
Commits
c3e27bda
Commit
c3e27bda
authored
10 years ago
by
Nick Kralevich
Committed by
Android Git Automerger
10 years ago
Browse files
Options
Downloads
Plain Diff
am
8599e34b
: Introduce wakelock_use()
* commit '
8599e34b
': Introduce wakelock_use()
parents
befe0652
8599e34b
No related branches found
No related tags found
No related merge requests found
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
healthd.te
+1
-1
1 addition, 1 deletion
healthd.te
rild.te
+1
-1
1 addition, 1 deletion
rild.te
system_server.te
+1
-4
1 addition, 4 deletions
system_server.te
te_macros
+10
-0
10 additions, 0 deletions
te_macros
vold.te
+1
-2
1 addition, 2 deletions
vold.te
with
14 additions
and
8 deletions
healthd.te
+
1
−
1
View file @
c3e27bda
...
@@ -9,7 +9,7 @@ write_klog(healthd)
...
@@ -9,7 +9,7 @@ write_klog(healthd)
allow healthd tmpfs:chr_file { read write };
allow healthd tmpfs:chr_file { read write };
allow healthd self:capability { net_admin mknod sys_tty_config };
allow healthd self:capability { net_admin mknod sys_tty_config };
allow healthd self:capability2 b
lock_
s
us
pend;
wake
lock_us
e(healthd)
allow healthd self:netlink_kobject_uevent_socket create_socket_perms;
allow healthd self:netlink_kobject_uevent_socket create_socket_perms;
binder_use(healthd)
binder_use(healthd)
binder_service(healthd)
binder_service(healthd)
...
...
This diff is collapsed.
Click to expand it.
rild.te
+
1
−
1
View file @
c3e27bda
...
@@ -39,6 +39,6 @@ allow rild self:netlink_socket create_socket_perms;
...
@@ -39,6 +39,6 @@ allow rild self:netlink_socket create_socket_perms;
allow rild self:netlink_kobject_uevent_socket create_socket_perms;
allow rild self:netlink_kobject_uevent_socket create_socket_perms;
# Access to wake locks
# Access to wake locks
allow rild sysfs_
wake
_
lock
:file rw_file_perms;
wakelock
_use(rild)
allow rild self:socket create_socket_perms;
allow rild self:socket create_socket_perms;
This diff is collapsed.
Click to expand it.
system_server.te
+
1
−
4
View file @
c3e27bda
...
@@ -53,7 +53,7 @@ allow system_server self:capability {
...
@@ -53,7 +53,7 @@ allow system_server self:capability {
sys_tty_config
sys_tty_config
};
};
allow system_server self:capability2 block_suspend;
wakelock_use(system_server)
# Triggered by /proc/pid accesses, not allowed.
# Triggered by /proc/pid accesses, not allowed.
dontaudit system_server self:capability sys_ptrace;
dontaudit system_server self:capability sys_ptrace;
...
@@ -316,9 +316,6 @@ allow system_server sensors_device:chr_file rw_file_perms;
...
@@ -316,9 +316,6 @@ allow system_server sensors_device:chr_file rw_file_perms;
# Read from HW RNG (needed by EntropyMixer).
# Read from HW RNG (needed by EntropyMixer).
allow system_server hw_random_device:chr_file r_file_perms;
allow system_server hw_random_device:chr_file r_file_perms;
# Access to wake locks
allow system_server sysfs_wake_lock:file rw_file_perms;
# Read and delete files under /dev/fscklogs.
# Read and delete files under /dev/fscklogs.
r_dir_file(system_server, fscklogs)
r_dir_file(system_server, fscklogs)
allow system_server fscklogs:dir { write remove_name };
allow system_server fscklogs:dir { write remove_name };
...
...
This diff is collapsed.
Click to expand it.
te_macros
+
10
−
0
View file @
c3e27bda
...
@@ -173,6 +173,16 @@ define(`binder_service', `
...
@@ -173,6 +173,16 @@ define(`binder_service', `
typeattribute $1 binderservicedomain;
typeattribute $1 binderservicedomain;
')
')
#####################################
# wakelock_use(domain)
# Allow domain to manage wake locks
define(`wakelock_use', `
# Access /sys/power/wake_lock and /sys/power/wake_unlock
allow $1 sysfs_wake_lock:file rw_file_perms;
# Accessing these files requires CAP_BLOCK_SUSPEND
allow $1 self:capability2 block_suspend;
')
#####################################
#####################################
# selinux_check_access(domain)
# selinux_check_access(domain)
# Allow domain to check SELinux permissions via selinuxfs.
# Allow domain to check SELinux permissions via selinuxfs.
...
...
This diff is collapsed.
Click to expand it.
vold.te
+
1
−
2
View file @
c3e27bda
...
@@ -77,8 +77,7 @@ allow vold asec_apk_file:file { r_file_perms setattr relabelfrom };
...
@@ -77,8 +77,7 @@ allow vold asec_apk_file:file { r_file_perms setattr relabelfrom };
allow vold asec_public_file:file { relabelto setattr };
allow vold asec_public_file:file { relabelto setattr };
# Handle wake locks (used for device encryption)
# Handle wake locks (used for device encryption)
allow vold sysfs_wake_lock:file rw_file_perms;
wakelock_use(vold)
allow vold self:capability2 block_suspend;
# talk to batteryservice
# talk to batteryservice
binder_use(vold)
binder_use(vold)
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment