Google Git
Sign in
android / device / lge / mako / 591967c^! / .
commit591967cf1e699277ad362664e8d2fbbf366a3c26[log] [tgz]
authorrepo sync <gcondra@google.com>Fri May 03 13:09:46 2013 -0700
committerrepo sync <gcondra@google.com>Sun May 05 14:15:10 2013 -0700
tree440dcbfa25e8c72b366d08260ee48758ea7e212f
parent58565f26f89c2ba0c09c024a0bd3e1c61b1ae615 [diff]
Add policy for kickstart.

Change-Id: If5712bd8665cccf76d8ca3555ca2906f6ead2d32

diff --git a/BoardConfig.mk b/BoardConfig.mk
index 4dfd1cb..0514d6b 100644
--- a/BoardConfig.mk
+++ b/BoardConfig.mk

@@ -103,6 +103,7 @@
        file_contexts \
        keystore.te \
        mediaserver.te \
+       kickstart.te \
        nfc.te \
        rild.te \
        surfaceflinger.te \

diff --git a/sepolicy/device.te b/sepolicy/device.te
index 4ff1c88..f4798d2 100644
--- a/sepolicy/device.te
+++ b/sepolicy/device.te

@@ -9,3 +9,6 @@
 
 # Qualcomm MSM Audio ACDB device
 type msm_acdb_device, dev_type;
+
+# Kickstart device used by QC qcks
+type kickstart_device, dev_type;

diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 5524e47..3c79106 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts

@@ -20,3 +20,10 @@
 
 # Qualcomm audio firmware files
 /data/misc/audio/*                 u:object_r:audio_firmware_file:s0
+
+/dev/ks_hsic_bridge                u:object_r:kickstart_device:s0
+/dev/efs_hsic_bridge               u:object_r:kickstart_device:s0
+
+/system/bin/qcks                   u:object_r:kickstart_exec:s0
+/system/bin/efsks                  u:object_r:kickstart_exec:s0
+/system/bin/ks                     u:object_r:kickstart_exec:s0

diff --git a/sepolicy/kickstart.te b/sepolicy/kickstart.te
new file mode 100644
index 0000000..ffbf123
--- /dev/null
+++ b/sepolicy/kickstart.te

@@ -0,0 +1,18 @@
+type kickstart, domain;
+type kickstart_exec, file_type, exec_type;
+domain_auto_trans(init, kickstart_exec, kickstart)
+
+# XXX Everything bad happens here.
+allow kickstart kickstart_exec:file rx_file_perms;
+allow kickstart sdcard_external:file r_file_perms;
+allow kickstart shell_exec:file rx_file_perms;
+allow kickstart system_file:file x_file_perms;
+allow kickstart system_data_file:file { create_file_perms rwx_file_perms };
+allow kickstart system_data_file:dir { write  add_name };
+
+allow kickstart block_device:blk_file rw_file_perms;
+allow kickstart kickstart_device:chr_file rw_file_perms;
+allow kickstart block_device:dir rw_dir_perms;
+
+allow kickstart radio_device:chr_file rw_file_perms;
+allow kickstart sysfs:file append;