Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / a3364dfd25cb42edf116903dce6890dd95ef36db^2..a3364dfd25cb42edf116903dce6890dd95ef36db / .
commita3364dfd25cb42edf116903dce6890dd95ef36db[log] [tgz]
authorNick Kralevich <nnk@google.com>Fri Feb 27 14:13:35 2015 +0000
committerGerrit Code Review <noreply-gerritcodereview@google.com>Fri Feb 27 14:13:36 2015 +0000
tree5f026c44c365a909e6a73ce447935bb402ba135f
parent9d87c647afdc478245579090eae1ca2d1ae8d341 [diff]
parent1025d1383ba49243c2cb53716e4dfc65de8cd613 [diff]
Merge "kernel.te: fix MTP sync"
diff --git a/domain.te b/domain.te
index bc55237..d835ee9 100644
--- a/domain.te
+++ b/domain.te

@@ -180,7 +180,7 @@
 neverallow { domain -debuggerd -vold -dumpstate -system_server } self:capability sys_ptrace;
 
 # Limit device node creation to these whitelisted domains.
-neverallow { domain -kernel -init -recovery -ueventd -watchdogd -healthd -vold -uncrypt } self:capability mknod;
+neverallow { domain -kernel -init -recovery -ueventd -watchdogd -healthd -vold -uncrypt -slideshow } self:capability mknod;
 
 # Limit raw I/O to these whitelisted domains.
 neverallow { domain -kernel -init -recovery -ueventd -watchdogd -healthd -vold -uncrypt -tee } self:capability sys_rawio;

diff --git a/init.te b/init.te
index 8b0ab42..14e9f80 100644
--- a/init.te
+++ b/init.te

@@ -140,6 +140,7 @@
 # Transitions to seclabel processes in init.rc
 domain_trans(init, rootfs, adbd)
 domain_trans(init, rootfs, healthd)
+domain_trans(init, rootfs, slideshow)
 recovery_only(`
   domain_trans(init, rootfs, recovery)
 ')

diff --git a/slideshow.te b/slideshow.te
new file mode 100644
index 0000000..1a22fb5
--- /dev/null
+++ b/slideshow.te

@@ -0,0 +1,13 @@
+# slideshow seclabel is specified in init.rc since
+# it lives in the rootfs and has no unique file type.
+type slideshow, domain;
+
+write_klog(slideshow)
+allow slideshow device:dir r_dir_perms;
+allow slideshow self:capability { mknod sys_tty_config };
+allow slideshow graphics_device:dir r_dir_perms;
+allow slideshow graphics_device:chr_file rw_file_perms;
+allow slideshow input_device:dir r_dir_perms;
+allow slideshow input_device:chr_file r_file_perms;
+allow slideshow tty_device:chr_file rw_file_perms;
+