Merge pull request #190 from AndyCGYan/sepolicy-phhsu

More rights
This commit is contained in:
Pierre-Hugues HUSSON 2020-06-11 15:39:09 +02:00 committed by GitHub
commit 2c023e8446
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -42,6 +42,7 @@ hwbinder_use(phhsu_daemon)
allow domain untrusted_app_all_devpts:chr_file { getattr read write };
allow phhsu_daemon untrusted_app_all_devpts:chr_file { getattr read write open ioctl };
allow phhsu_daemon untrusted_app_all:fifo_file { getattr read write open ioctl };
allow phhsu_daemon zygote_exec:file { execute read open execute_no_trans getattr };
allow appdomain phhsu_daemon:dir { search };
@ -105,7 +106,7 @@ allow phhsu_daemon selinuxfs:file rwx_file_perms;
allow domain phhsu_daemon:process { sigchld };
allow phhsu_daemon domain:binder { call transfer };
allow phhsu_daemon kernel:system { syslog_read syslog_mod };
allow phhsu_daemon kernel:security { setenforce };
allow phhsu_daemon kernel:security { setenforce compute_av };
allow phhsu_daemon domain:unix_stream_socket { getattr };
allow phhsu_daemon logdr_socket:sock_file write;
@ -135,6 +136,7 @@ allow phhsu_daemon domain:fd { use };
allow phhsu_daemon domain:unix_stream_socket { connectto ioctl getattr getopt read write shutdown };
allow phhsu_daemon self:netlink_kobject_uevent_socket create_socket_perms;
allow phhsu_daemon self:{ netlink_tcpdiag_socket } { create_socket_perms nlmsg_write nlmsg_read };
allow phhsu_daemon self:{ netlink_selinux_socket } { create_socket_perms nlmsg_write nlmsg_read };
allow phhsu_daemon file_type:file create_file_perms;
allow phhsu_daemon file_type:dir create_dir_perms;