Merge "Revert "Allow all domains access to /dev/qemu_trace.""
This commit is contained in:
dcashman
Gerrit Code Review
@@ -77,13 +77,17 @@ TARGET_USERIMAGES_SPARSE_EXT_DISABLED := true
|
|||||||
|
|
||||||
BOARD_SEPOLICY_DIRS += build/target/board/generic/sepolicy
|
BOARD_SEPOLICY_DIRS += build/target/board/generic/sepolicy
|
||||||
BOARD_SEPOLICY_UNION += \
|
BOARD_SEPOLICY_UNION += \
|
||||||
|
adbd.te \
|
||||||
|
app.te \
|
||||||
bootanim.te \
|
bootanim.te \
|
||||||
device.te \
|
device.te \
|
||||||
domain.te \
|
domain.te \
|
||||||
file.te \
|
file.te \
|
||||||
file_contexts \
|
file_contexts \
|
||||||
|
mediaserver.te \
|
||||||
qemud.te \
|
qemud.te \
|
||||||
rild.te \
|
rild.te \
|
||||||
shell.te \
|
shell.te \
|
||||||
surfaceflinger.te \
|
surfaceflinger.te \
|
||||||
system_server.te
|
system_server.te \
|
||||||
|
zygote.te
|
||||||
|
|||||||
1
target/board/generic/sepolicy/adbd.te
Normal file
1
target/board/generic/sepolicy/adbd.te
Normal file
@@ -0,0 +1 @@
|
|||||||
|
allow adbd qemu_device:chr_file rw_file_perms;
|
||||||
1
target/board/generic/sepolicy/app.te
Normal file
1
target/board/generic/sepolicy/app.te
Normal file
@@ -0,0 +1 @@
|
|||||||
|
allow appdomain qemu_device:chr_file rw_file_perms;
|
||||||
@@ -1,2 +1,3 @@
|
|||||||
allow bootanim self:process execmem;
|
allow bootanim self:process execmem;
|
||||||
allow bootanim ashmem_device:chr_file execute;
|
allow bootanim ashmem_device:chr_file execute;
|
||||||
|
allow bootanim qemu_device:chr_file rw_file_perms;
|
||||||
|
|||||||
@@ -1,3 +1,2 @@
|
|||||||
# For /sys/qemu_trace files in the emulator.
|
# For /sys/qemu_trace files in the emulator.
|
||||||
allow domain sysfs_writable:file rw_file_perms;
|
allow domain sysfs_writable:file rw_file_perms;
|
||||||
allow domain qemu_device:chr_file rw_file_perms;
|
|
||||||
|
|||||||
1
target/board/generic/sepolicy/mediaserver.te
Normal file
1
target/board/generic/sepolicy/mediaserver.te
Normal file
@@ -0,0 +1 @@
|
|||||||
|
allow mediaserver qemu_device:chr_file rw_file_perms;
|
||||||
@@ -1 +1,2 @@
|
|||||||
|
allow rild qemu_device:chr_file rw_file_perms;
|
||||||
unix_socket_connect(rild, qemud, qemud)
|
unix_socket_connect(rild, qemud, qemud)
|
||||||
|
|||||||
@@ -1,2 +1,3 @@
|
|||||||
allow surfaceflinger self:process execmem;
|
allow surfaceflinger self:process execmem;
|
||||||
allow surfaceflinger ashmem_device:chr_file execute;
|
allow surfaceflinger ashmem_device:chr_file execute;
|
||||||
|
allow surfaceflinger qemu_device:chr_file rw_file_perms;
|
||||||
|
|||||||
@@ -1 +1,2 @@
|
|||||||
unix_socket_connect(system_server, qemud, qemud)
|
unix_socket_connect(system_server, qemud, qemud)
|
||||||
|
allow system_server qemu_device:chr_file rw_file_perms;
|
||||||
|
|||||||
1
target/board/generic/sepolicy/zygote.te
Normal file
1
target/board/generic/sepolicy/zygote.te
Normal file
@@ -0,0 +1 @@
|
|||||||
|
allow zygote qemu_device:chr_file rw_file_perms;
|
||||||
@@ -59,11 +59,13 @@ TARGET_USERIMAGES_SPARSE_EXT_DISABLED := true
|
|||||||
|
|
||||||
BOARD_SEPOLICY_DIRS += build/target/board/generic/sepolicy
|
BOARD_SEPOLICY_DIRS += build/target/board/generic/sepolicy
|
||||||
BOARD_SEPOLICY_UNION += \
|
BOARD_SEPOLICY_UNION += \
|
||||||
|
adbd.te \
|
||||||
bootanim.te \
|
bootanim.te \
|
||||||
device.te \
|
device.te \
|
||||||
domain.te \
|
domain.te \
|
||||||
file.te \
|
file.te \
|
||||||
file_contexts \
|
file_contexts \
|
||||||
|
mediaserver.te \
|
||||||
qemud.te \
|
qemud.te \
|
||||||
rild.te \
|
rild.te \
|
||||||
shell.te \
|
shell.te \
|
||||||
|
|||||||
@@ -44,6 +44,8 @@ TARGET_USERIMAGES_SPARSE_EXT_DISABLED := true
|
|||||||
|
|
||||||
BOARD_SEPOLICY_DIRS += build/target/board/generic_x86/sepolicy
|
BOARD_SEPOLICY_DIRS += build/target/board/generic_x86/sepolicy
|
||||||
BOARD_SEPOLICY_UNION += \
|
BOARD_SEPOLICY_UNION += \
|
||||||
|
app.te \
|
||||||
|
adbd.te \
|
||||||
bootanim.te \
|
bootanim.te \
|
||||||
device.te \
|
device.te \
|
||||||
domain.te \
|
domain.te \
|
||||||
@@ -51,8 +53,10 @@ BOARD_SEPOLICY_UNION += \
|
|||||||
file_contexts \
|
file_contexts \
|
||||||
healthd.te \
|
healthd.te \
|
||||||
installd.te \
|
installd.te \
|
||||||
|
mediaserver.te \
|
||||||
qemud.te \
|
qemud.te \
|
||||||
rild.te \
|
rild.te \
|
||||||
shell.te \
|
shell.te \
|
||||||
surfaceflinger.te \
|
surfaceflinger.te \
|
||||||
system_server.te
|
system_server.te \
|
||||||
|
zygote.te
|
||||||
|
|||||||
1
target/board/generic_x86/sepolicy/adbd.te
Normal file
1
target/board/generic_x86/sepolicy/adbd.te
Normal file
@@ -0,0 +1 @@
|
|||||||
|
allow adbd qemu_device:chr_file rw_file_perms;
|
||||||
1
target/board/generic_x86/sepolicy/app.te
Normal file
1
target/board/generic_x86/sepolicy/app.te
Normal file
@@ -0,0 +1 @@
|
|||||||
|
allow appdomain qemu_device:chr_file rw_file_perms;
|
||||||
1
target/board/generic_x86/sepolicy/bootanim.te
Normal file
1
target/board/generic_x86/sepolicy/bootanim.te
Normal file
@@ -0,0 +1 @@
|
|||||||
|
allow bootanim qemu_device:chr_file rw_file_perms;
|
||||||
@@ -1,4 +1,3 @@
|
|||||||
# For /sys/qemu_trace files in the emulator.
|
# For /sys/qemu_trace files in the emulator.
|
||||||
allow domain sysfs_writable:file rw_file_perms;
|
allow domain sysfs_writable:file rw_file_perms;
|
||||||
allow domain cpuctl_device:dir search;
|
allow domain cpuctl_device:dir search;
|
||||||
allow domain qemu_device:chr_file rw_file_perms;
|
|
||||||
|
|||||||
1
target/board/generic_x86/sepolicy/mediaserver.te
Normal file
1
target/board/generic_x86/sepolicy/mediaserver.te
Normal file
@@ -0,0 +1 @@
|
|||||||
|
allow mediaserver qemu_device:chr_file rw_file_perms;
|
||||||
@@ -1 +1,2 @@
|
|||||||
|
allow rild qemu_device:chr_file rw_file_perms;
|
||||||
unix_socket_connect(rild, qemud, qemud)
|
unix_socket_connect(rild, qemud, qemud)
|
||||||
|
|||||||
1
target/board/generic_x86/sepolicy/surfaceflinger.te
Normal file
1
target/board/generic_x86/sepolicy/surfaceflinger.te
Normal file
@@ -0,0 +1 @@
|
|||||||
|
allow surfaceflinger qemu_device:chr_file rw_file_perms;
|
||||||
@@ -1,2 +1,3 @@
|
|||||||
allow system_server self:process execmem;
|
allow system_server self:process execmem;
|
||||||
unix_socket_connect(system_server, qemud, qemud)
|
unix_socket_connect(system_server, qemud, qemud)
|
||||||
|
allow system_server qemu_device:chr_file rw_file_perms;
|
||||||
|
|||||||
@@ -1,2 +1,3 @@
|
|||||||
allow zygote self:process execmem;
|
allow zygote self:process execmem;
|
||||||
allow zygote self:capability sys_nice;
|
allow zygote self:capability sys_nice;
|
||||||
|
allow zygote qemu_device:chr_file rw_file_perms;
|
||||||
|
|||||||
Reference in New Issue
Block a user