selinux: resync to internal master
Some changes got lost in the AOSP push. Restore those changes.
Bug: 15428519
Change-Id: I0c13c1b99a41270b4a70081ad5480b3b5a7eee1f
Conflicts:
BoardConfigCommon.mk
init.grouper.rc
sepolicy/device.te
sepolicy/rild.te
diff --git a/BoardConfigCommon.mk b/BoardConfigCommon.mk
index 1d04242..27924d0 100644
--- a/BoardConfigCommon.mk
+++ b/BoardConfigCommon.mk
@@ -79,3 +79,27 @@
BOARD_USES_GROUPER_MODULES := true
TARGET_RUNNING_WITHOUT_SYNC_FRAMEWORK := true
+
+BOARD_SEPOLICY_DIRS += \
+ device/asus/grouper/sepolicy
+
+BOARD_SEPOLICY_UNION += \
+ file_contexts \
+ genfs_contexts \
+ bluetooth.te \
+ device.te \
+ domain.te \
+ drmserver.te \
+ init_shell.te \
+ file.te \
+ gpsd.te \
+ keystore.te \
+ lmkd.te \
+ mediaserver.te \
+ rild.te \
+ sensors_config.te \
+ surfaceflinger.te \
+ system_app.te \
+ system_server.te \
+ ueventd.te \
+ vold.te
diff --git a/init.grouper.rc b/init.grouper.rc
index ee94ed9..08620a2 100644
--- a/init.grouper.rc
+++ b/init.grouper.rc
@@ -43,22 +43,22 @@
on fs
setprop ro.crypto.umount_sd false
mount_all /fstab.grouper
- restorecon /dev/block/platform/sdhci-tegra.3/by-name/PER
on post-fs-data
- mkdir /data/misc/wifi 0770 wifi wifi
- mkdir /data/misc/wifi/sockets 0770 wifi wifi
- mkdir /data/misc/dhcp 0770 dhcp dhcp
- chown dhcp dhcp /data/misc/dhcp
-
mkdir /data/media 0770 media_rw media_rw
# change back to bluetooth from system
chown bluetooth net_bt_stack /data/misc/bluetooth
# sensors-config
- mkdir /data/sensors 751 system system
- mkdir /data/lightsensor 751 system system
+ mkdir /data/sensors 751
+ # /data/sensors was owned by system/system earlier.
+ # Force it to root/root if it already exists.
+ chown root root /data/sensors
+ mkdir /data/lightsensor 751
+ # /data/lightsensor was owned by system/system earlier.
+ # Force it to root/root if it already exists.
+ chown root root /data/lightsensor
mkdir /data/calibration
mkdir /data/amit
@@ -424,10 +424,6 @@
on property:init.svc.tf_daemon=restarting
mkdir /data/tf
-#Raydium touch setting
-service rm_ts_service /system/bin/rm_ts_server
- class main
-
# create filesystems if necessary
service setup_fs /system/bin/setup_fs \
/dev/block/platform/sdhci-tegra.3/by-name/UDA \
diff --git a/sepolicy/device.te b/sepolicy/device.te
index b997573..85f92b3 100644
--- a/sepolicy/device.te
+++ b/sepolicy/device.te
@@ -1,5 +1,3 @@
type knv_device, dev_type;
type elan_ip_device, dev_type;
-type sensors_block_device, dev_type;
-type sysfs_devices_tegradc, dev_type;
type diag_device, dev_type;
diff --git a/sepolicy/domain.te b/sepolicy/domain.te
new file mode 100644
index 0000000..07223d1
--- /dev/null
+++ b/sepolicy/domain.te
@@ -0,0 +1,3 @@
+userdebug_or_eng(`
+ allow domain diag_device:chr_file rw_file_perms;
+')
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 772943d..7aace5f 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -1,4 +1,3 @@
-/dev/block/platform/sdhci-tegra.3/by-name/PER u:object_r:sensors_block_device:s0
/dev/diag u:object_r:diag_device:s0
/dev/elan-iap u:object_r:elan_ip_device:s0
/dev/knvmap u:object_r:knv_device:s0
diff --git a/sepolicy/lmkd.te b/sepolicy/lmkd.te
new file mode 100644
index 0000000..cddec31
--- /dev/null
+++ b/sepolicy/lmkd.te
@@ -0,0 +1,3 @@
+# Kernel bug for Linux < 3.3: sysfs inodes can lose their security context
+# and revert to the base sysfs type.
+allow lmkd sysfs:file write;
diff --git a/sepolicy/rild.te b/sepolicy/rild.te
index 4ba75e9..8654560 100644
--- a/sepolicy/rild.te
+++ b/sepolicy/rild.te
@@ -1 +1,3 @@
-allow rild diag_device:chr_file rw_file_perms;
+# Kernel bug for Linux < 3.3: sysfs inodes can lose their security context
+# and revert to the base sysfs type.
+allow rild sysfs:file write;
