More rights

"Here's Sammy!"
This commit is contained in:
Andy CrossGate Yan 2020-06-11 21:34:36 +08:00
parent 434e42303e
commit 44fe1f36aa

View File

@ -42,6 +42,7 @@ hwbinder_use(phhsu_daemon)
allow domain untrusted_app_all_devpts:chr_file { getattr read write }; allow domain untrusted_app_all_devpts:chr_file { getattr read write };
allow phhsu_daemon untrusted_app_all_devpts:chr_file { getattr read write open ioctl }; allow phhsu_daemon untrusted_app_all_devpts:chr_file { getattr read write open ioctl };
allow phhsu_daemon untrusted_app_all:fifo_file { getattr read write open ioctl };
allow phhsu_daemon zygote_exec:file { execute read open execute_no_trans getattr }; allow phhsu_daemon zygote_exec:file { execute read open execute_no_trans getattr };
allow appdomain phhsu_daemon:dir { search }; allow appdomain phhsu_daemon:dir { search };
@ -105,7 +106,7 @@ allow phhsu_daemon selinuxfs:file rwx_file_perms;
allow domain phhsu_daemon:process { sigchld }; allow domain phhsu_daemon:process { sigchld };
allow phhsu_daemon domain:binder { call transfer }; allow phhsu_daemon domain:binder { call transfer };
allow phhsu_daemon kernel:system { syslog_read syslog_mod }; allow phhsu_daemon kernel:system { syslog_read syslog_mod };
allow phhsu_daemon kernel:security { setenforce }; allow phhsu_daemon kernel:security { setenforce compute_av };
allow phhsu_daemon domain:unix_stream_socket { getattr }; allow phhsu_daemon domain:unix_stream_socket { getattr };
allow phhsu_daemon logdr_socket:sock_file write; allow phhsu_daemon logdr_socket:sock_file write;
@ -135,6 +136,7 @@ allow phhsu_daemon domain:fd { use };
allow phhsu_daemon domain:unix_stream_socket { connectto ioctl getattr getopt read write shutdown }; allow phhsu_daemon domain:unix_stream_socket { connectto ioctl getattr getopt read write shutdown };
allow phhsu_daemon self:netlink_kobject_uevent_socket create_socket_perms; allow phhsu_daemon self:netlink_kobject_uevent_socket create_socket_perms;
allow phhsu_daemon self:{ netlink_tcpdiag_socket } { create_socket_perms nlmsg_write nlmsg_read }; allow phhsu_daemon self:{ netlink_tcpdiag_socket } { create_socket_perms nlmsg_write nlmsg_read };
allow phhsu_daemon self:{ netlink_selinux_socket } { create_socket_perms nlmsg_write nlmsg_read };
allow phhsu_daemon file_type:file create_file_perms; allow phhsu_daemon file_type:file create_file_perms;
allow phhsu_daemon file_type:dir create_dir_perms; allow phhsu_daemon file_type:dir create_dir_perms;