diff options
| author | android-build-prod (mdb) <android-build-team-robot@google.com> | 2017-11-11 01:36:43 +0000 |
|---|---|---|
| committer | android-build-prod (mdb) <android-build-team-robot@google.com> | 2017-11-11 01:36:43 +0000 |
| commit | 90b401a40b3e66780d5551cbf9a7eb1e2074a59b (patch) | |
| tree | 77e9c979c856ffe6b3d53fcdb01c4591b62e8b54 | |
| parent | f728bf6b3e5b090b9089d0491d2947615f4154cf (diff) | |
| parent | e90a5e2713629717522a99de9a83c98e2c05f306 (diff) | |
| download | bullhead-90b401a40b3e66780d5551cbf9a7eb1e2074a59b.tar.gz | |
Snap for 4446728 from e90a5e2713629717522a99de9a83c98e2c05f306 to sdk-release
Change-Id: I4b9e66b41dcede273e6c1675f04b12bb3ddf28c5
| -rw-r--r-- | BoardConfig.mk | 2 | ||||
| -rw-r--r-- | sepolicy/hal_drm.te | 3 | ||||
| -rw-r--r-- | sepolicy/hal_fingerprint.te | 4 | ||||
| -rw-r--r-- | sepolicy/hal_nfc.te | 3 | ||||
| -rw-r--r-- | sepolicy/hal_wifi_supplicant.te | 6 | ||||
| -rw-r--r-- | sepolicy/hostapd.te | 9 |
6 files changed, 26 insertions, 1 deletions
diff --git a/BoardConfig.mk b/BoardConfig.mk index 5aa9f3b..b256fa0 100644 --- a/BoardConfig.mk +++ b/BoardConfig.mk @@ -21,7 +21,7 @@ TARGET_CPU_ABI2 := TARGET_CPU_VARIANT := cortex-a53 TARGET_2ND_ARCH := arm -TARGET_2ND_ARCH_VARIANT := armv7-a-neon +TARGET_2ND_ARCH_VARIANT := armv8-a TARGET_2ND_CPU_ABI := armeabi-v7a TARGET_2ND_CPU_ABI2 := armeabi TARGET_2ND_CPU_VARIANT := cortex-a53.a57 diff --git a/sepolicy/hal_drm.te b/sepolicy/hal_drm.te new file mode 100644 index 0000000..1bbb734 --- /dev/null +++ b/sepolicy/hal_drm.te @@ -0,0 +1,3 @@ +# Allow access to app_data and media_data_files +allow hal_drm media_data_file:dir create_dir_perms; +allow hal_drm media_data_file:file create_file_perms; diff --git a/sepolicy/hal_fingerprint.te b/sepolicy/hal_fingerprint.te index a339bc7..dfb641e 100644 --- a/sepolicy/hal_fingerprint.te +++ b/sepolicy/hal_fingerprint.te @@ -17,3 +17,7 @@ allow hal_fingerprint persist_file:dir search; # allow access to sysfs files r_dir_file(hal_fingerprint, sysfs_type) + +# allow HAL module to read/write dir contents and read/write/unlink files +allow hal_fingerprint fingerprintd_data_file:file create_file_perms; +allow hal_fingerprint fingerprintd_data_file:dir rw_dir_perms; diff --git a/sepolicy/hal_nfc.te b/sepolicy/hal_nfc.te new file mode 100644 index 0000000..664eaa9 --- /dev/null +++ b/sepolicy/hal_nfc.te @@ -0,0 +1,3 @@ +# Data file accesses. +allow hal_nfc nfc_data_file:dir create_dir_perms; +allow hal_nfc nfc_data_file:{ file lnk_file fifo_file } create_file_perms; diff --git a/sepolicy/hal_wifi_supplicant.te b/sepolicy/hal_wifi_supplicant.te new file mode 100644 index 0000000..b1f24d8 --- /dev/null +++ b/sepolicy/hal_wifi_supplicant.te @@ -0,0 +1,6 @@ +allow hal_wifi_supplicant wifi_data_file:dir create_dir_perms; +allow hal_wifi_supplicant wifi_data_file:file create_file_perms; + +# Create a socket for receiving info from wpa +allow hal_wifi_supplicant wpa_socket:dir create_dir_perms; +allow hal_wifi_supplicant wpa_socket:sock_file create_file_perms; diff --git a/sepolicy/hostapd.te b/sepolicy/hostapd.te new file mode 100644 index 0000000..15064a0 --- /dev/null +++ b/sepolicy/hostapd.te @@ -0,0 +1,9 @@ +# hostapd can read and write WiFi related data and configuration. +# For example, the entropy file is periodically updated. +allow hostapd wifi_data_file:file rw_file_perms; +r_dir_file(hostapd, wifi_data_file) + +# hostapd wants to create the directory holding its control socket. +allow hostapd hostapd_socket:dir create_dir_perms; +# hostapd needs to create, bind to, read, and write its control socket. +allow hostapd hostapd_socket:sock_file create_file_perms; |