Further policy for Motorola Xoom.

c94e2392 · Stephen Smalley · 2dd4e51d · c94e2392 · c94e2392 · c94e2392
Commit c94e2392 authored 13 years ago by Stephen Smalley
--- a/app.te
+++ b/app.te
@@ -14,6 +14,9 @@ net_domain(trusted_app)
 bluetooth_domain(trusted_app)
 # Read logs.
 allow trusted_app log_device:chr_file read;
+# Access /dev/mtp_usb.
+# XXX Split android.process.media into a separate domain?
+allow trusted_app mtp_device:chr_file rw_file_perms;
 # Write to /cache.
 allow trusted_app cache_file:dir rw_dir_perms;
 allow trusted_app cache_file:file create_file_perms;

--- a/device.te
+++ b/device.te
@@ -21,6 +21,7 @@ type input_device, dev_type;
 type kmem_device, dev_type;
 type log_device, dev_type, mlstrustedobject;
 type mtd_device, dev_type;
+type mtp_device, dev_type, mlstrustedobject;
 type nfc_device, dev_type;
 type nv_device, dev_type, mlstrustedobject;
 type powervr_device, dev_type, mlstrustedobject;

--- a/file_contexts
+++ b/file_contexts
@@ -33,6 +33,7 @@
 /dev/mtd(/.*)?		u:object_r:mtd_device:s0
 /dev/mtd/mtd5		u:object_r:radio_device:s0
 /dev/mtd/mtd5ro		u:object_r:radio_device:s0
+/dev/mtp_usb		u:object_r:mtp_device:s0
 /dev/pn544		u:object_r:nfc_device:s0
 /dev/ptmx		u:object_r:ptmx_device:s0
 /dev/pvrsrvkm		u:object_r:powervr_device:s0

--- a/netd.te
+++ b/netd.te
@@ -21,10 +21,10 @@ allow netd devpts:chr_file rw_file_perms;
 # XXX Split /proc/sys/net into its own type.
 allow netd proc:file write;

-# For firmware_path
+# For /sys/modules/bcmdhd/parameters/firmware_path
 # XXX Split into its own type.
 allow netd sysfs:file write;

-# Load network drivers.
+# Network driver loading.
 allow netd kernel:system module_request;

--- a/system.te
+++ b/system.te
@@ -100,6 +100,7 @@ selinux_check_access(system)
 allow system sysfs:file rw_file_perms;

 # Access devices.
+allow system device:dir r_dir_perms;
 allow system device:chr_file rw_file_perms;
 allow system akm_device:chr_file rw_file_perms;
 allow system accelerometer_device:chr_file rw_file_perms;