summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJorge Lucangeli Obes <jorgelo@google.com>2015-11-23 18:54:32 +0000
committerAndroid (Google) Code Review <android-gerrit@google.com>2015-11-23 18:54:32 +0000
commitfab620ac9a9596ad7c56d6070561cf061dd0f262 (patch)
treec47984c8c294d8b8afcd281f985923b6b14e4e94
parent45c982fb356e54c12c734c6c98a7b8dd750de29a (diff)
parent5ba51daa4b548ed5c1c51426fb623ca03a079808 (diff)
downloadmarvell-fab620ac9a9596ad7c56d6070561cf061dd0f262.tar.gz
Merge "Marvell: Fix SELinux policies for 'mwirelessd' domain." into mnc-brillo-dev
Diffstat
-rw-r--r--peripheral/libwireless/sepolicy/mwirelessd.te7
1 files changed, 5 insertions, 2 deletions
diff --git a/peripheral/libwireless/sepolicy/mwirelessd.te b/peripheral/libwireless/sepolicy/mwirelessd.te
index 1f3a42a..2049c9f 100644
--- a/peripheral/libwireless/sepolicy/mwirelessd.te
+++ b/peripheral/libwireless/sepolicy/mwirelessd.te
@@ -7,12 +7,13 @@ init_daemon_domain(mwirelessd)
allow mwirelessd init:unix_stream_socket { connectto newconn acceptfrom };
-allow mwirelessd shell_exec:file { read execute open execute_no_trans };
+allow mwirelessd shell_exec:file rx_file_perms;
allow mwirelessd sysfs:file rw_file_perms;
allow mwirelessd sysfs:dir r_dir_perms;
allow mwirelessd sysfs:lnk_file read;
-allow mwirelessd proc:dir search;
+
+allow mwirelessd proc:file r_file_perms;
allow mwirelessd system_data_file:dir create_dir_perms;
allow mwirelessd system_data_file:sock_file create_file_perms;
@@ -26,3 +27,5 @@ allow mwirelessd self:capability { setuid setgid sys_module };
allow mwirelessd mwirelessd_socket:sock_file unlink;
dontaudit mwirelessd property_socket:sock_file create_file_perms;
+dontaudit mwirelessd sysfs_devices_system_cpu:dir r_dir_perms;
+dontaudit mwirelessd sysfs_devices_system_cpu:file r_file_perms;
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-07 22:29:37 +0000