Additions for grouper/JB

abd977a7 · rpcraig · fed24651 · abd977a7 · abd977a7 · abd977a7
Commit abd977a7 authored 12 years ago by rpcraig
--- a/app.te
+++ b/app.te
@@ -24,6 +24,9 @@ allow platform_app shell_data_file:file { open getattr read };
 allow platform_app shell_data_file:lnk_file read;
 # Populate /data/app/vmdl*.tmp file created by system server.
 allow platform_app apk_tmp_file:file rw_file_perms;
+# Read/[open] to /proc/net/xt_qtaguid/ctrl and /dev/xt_qtaguid
+allow platform_app qtaguid_proc:file { open };
+allow platform_app qtaguid_device:chr_file r_file_perms;

 # Apps signed with the media key.
 type media_app, domain;

--- a/debuggerd.te
+++ b/debuggerd.te
@@ -5,6 +5,7 @@ type debuggerd_exec, exec_type, file_type;
 init_daemon_domain(debuggerd)
 typeattribute debuggerd mlstrustedsubject;
 allow debuggerd self:capability { dac_override sys_ptrace chown kill fowner };
+allow debuggerd self:capability2 { syslog };
 allow debuggerd domain:dir r_dir_perms;
 allow debuggerd domain:file r_file_perms;
 allow debuggerd domain:process ptrace;

--- a/drmserver.te
+++ b/drmserver.te
@@ -11,6 +11,10 @@ binder_call(drmserver, system)
 binder_call(drmserver, appdomain)
 binder_service(drmserver)

+# Perform Binder IPC to mediaserver
+binder_call(drmserver, mediaserver)
+
 allow drmserver sdcard:dir search;
 allow drmserver drm_data_file:dir create_dir_perms;
 allow drmserver drm_data_file:file create_file_perms;
+allow drmserver self:{ tcp_socket udp_socket } *;
--- a/keystore.te
+++ b/keystore.te
@@ -5,3 +5,4 @@ type keystore_exec, exec_type, file_type;
 init_daemon_domain(keystore)
 allow keystore keystore_data_file:dir create_dir_perms;
 allow keystore keystore_data_file:notdevfile_class_set create_file_perms;
+allow keystore keystore_exec:file { getattr };
--- a/mediaserver.te
+++ b/mediaserver.te
@@ -9,6 +9,7 @@ allow mediaserver kernel:system module_request;
 binder_use(mediaserver)
 binder_call(mediaserver, binderservicedomain)
 binder_call(mediaserver, appdomain)
+binder_transfer(mediaserver, surfaceflinger)
 binder_service(mediaserver)
 allow mediaserver app_data_file:dir search;
 allow mediaserver app_data_file:file r_file_perms;

--- a/wpa_supplicant.te
+++ b/wpa_supplicant.te
@@ -14,3 +14,7 @@ allow wpa wifi_data_file:dir create_dir_perms;
 allow wpa wifi_data_file:file create_file_perms;
 unix_socket_send(wpa, system_wpa, system)
 allow wpa random_device:chr_file r_file_perms;
+
+# Create a socket for receiving info from wpa
+type_transition wpa wifi_data_file:sock_file wpa_socket;
+allow wpa wpa_socket:sock_file create_file_perms;