From c7d378a35915259f73233695e835c2c8b29be4d9 Mon Sep 17 00:00:00 2001 From: Pierre-Hugues Husson Date: Fri, 9 Aug 2019 23:39:36 +0200 Subject: [PATCH] More rights --- sepolicy/su.te | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/sepolicy/su.te b/sepolicy/su.te index 31ba499..e926c34 100644 --- a/sepolicy/su.te +++ b/sepolicy/su.te @@ -52,7 +52,7 @@ allow phhsu_daemon self:lnk_file { r_file_perms execmod }; allow phhsu_daemon adbd_exec:file { getattr read }; allow phhsu_daemon { rootfs same_process_hal_file system_file tmpfs }:file { mounton getattr }; -allow phhsu_daemon self:capability { sys_admin chown setuid setgid net_raw dac_override dac_read_search kill }; +allow phhsu_daemon self:capability { sys_admin chown setuid setgid net_raw dac_override dac_read_search kill fowner }; allow phhsu_daemon self:capability2 { syslog }; allow phhsu_daemon shell_exec:file rx_file_perms; allow phhsu_daemon system_file:file { rx_file_perms entrypoint }; @@ -89,8 +89,9 @@ allow phhsu_daemon dex2oat_exec:file rx_file_perms; allow phhsu_daemon phhsu_daemon_tmpfs:file rwx_file_perms; -allow phhsu_daemon { proc_type dev_type exec_type file_type sysfs_type fs_type }:file { rwx_file_perms create mounton}; -allow phhsu_daemon { proc_type dev_type exec_type file_type sysfs_type fs_type }:dir { rw_dir_perms mounton }; +allow phhsu_daemon { proc_type dev_type exec_type file_type sysfs_type fs_type }:file { rwx_file_perms create mounton setattr getattr relabelto relabelfrom }; +allow phhsu_daemon { proc_type dev_type exec_type file_type sysfs_type fs_type }:lnk_file { rw_file_perms create mounton setattr getattr relabelto relabelfrom }; +allow phhsu_daemon { proc_type dev_type exec_type file_type sysfs_type fs_type }:dir { rw_dir_perms create mounton setattr getattr relabelto relabelfrom }; allow phhsu_daemon { proc_type dev_type exec_type file_type sysfs_type fs_type }:chr_file rwx_file_perms; allow phhsu_daemon { proc_type dev_type exec_type file_type sysfs_type fs_type }:blk_file rw_file_perms; @@ -126,4 +127,4 @@ allow phhsu_daemon phhsu_daemon:file relabelfrom; allow phhsu_daemon properties_device:dir { map }; allow phhsu_daemon { tmpfs }:dir { mounton }; -allow phhsu_daemon system_file:file { relabelto }; +allow phhsu_daemon { file_type shell_data_file system_file}:file { relabelto relabelfrom} ;