Merge "Make wpa_supplicant enforcing."
diff --git a/device.te b/device.te
index 5d3ba9c..bbbec28 100644
--- a/device.te
+++ b/device.te
@@ -1,7 +1,5 @@
# Device types
type device, dev_type, fs_type;
-type akm_device, dev_type;
-type accelerometer_device, dev_type;
type alarm_device, dev_type, mlstrustedobject;
type adb_device, dev_type;
type ashmem_device, dev_type, mlstrustedobject;
@@ -27,7 +25,6 @@
type mtd_device, dev_type;
type mtp_device, dev_type, mlstrustedobject;
type nfc_device, dev_type;
-type powervr_device, dev_type, mlstrustedobject;
type ptmx_device, dev_type, mlstrustedobject;
type qemu_device, dev_type;
type kmsg_device, dev_type;
diff --git a/domain.te b/domain.te
index 75dbe7c..c8063f7 100644
--- a/domain.te
+++ b/domain.te
@@ -51,7 +51,6 @@
allow domain ashmem_device:chr_file rw_file_perms;
allow domain binder_device:chr_file rw_file_perms;
allow domain ptmx_device:chr_file rw_file_perms;
-allow domain powervr_device:chr_file rw_file_perms;
allow domain log_device:dir search;
allow domain log_device:chr_file rw_file_perms;
allow domain alarm_device:chr_file r_file_perms;
diff --git a/file_contexts b/file_contexts
index 42b783f..d2d9949 100644
--- a/file_contexts
+++ b/file_contexts
@@ -29,8 +29,8 @@
# Devices
#
/dev(/.*)? u:object_r:device:s0
-/dev/akm8973.* u:object_r:akm_device:s0
-/dev/accelerometer u:object_r:accelerometer_device:s0
+/dev/akm8973.* u:object_r:sensors_device:s0
+/dev/accelerometer u:object_r:sensors_device:s0
/dev/alarm u:object_r:alarm_device:s0
/dev/android_adb.* u:object_r:adb_device:s0
/dev/ashmem u:object_r:ashmem_device:s0
@@ -64,7 +64,7 @@
/dev/pn544 u:object_r:nfc_device:s0
/dev/ppp u:object_r:ppp_device:s0
/dev/ptmx u:object_r:ptmx_device:s0
-/dev/pvrsrvkm u:object_r:powervr_device:s0
+/dev/pvrsrvkm u:object_r:gpu_device:s0
/dev/qemu_.* u:object_r:qemu_device:s0
/dev/kmsg u:object_r:kmsg_device:s0
/dev/null u:object_r:null_device:s0
diff --git a/gpsd.te b/gpsd.te
index 403a6b7..c628631 100644
--- a/gpsd.te
+++ b/gpsd.te
@@ -1,11 +1,21 @@
# gpsd - GPS daemon
type gpsd, domain;
+permissive_or_unconfined(gpsd)
type gpsd_exec, exec_type, file_type;
init_daemon_domain(gpsd)
net_domain(gpsd)
-unconfined_domain(gpsd)
+allow gpsd gps_data_file:dir rw_dir_perms;
+allow gpsd gps_data_file:notdevfile_class_set create_file_perms;
# Socket is created by the daemon, not by init, and under /data/gps,
# not under /dev/socket.
type_transition gpsd gps_data_file:sock_file gps_socket;
+allow gpsd gps_socket:sock_file create_file_perms;
+# XXX Label sysfs files with a specific type?
+allow gpsd sysfs:file rw_file_perms;
+allow gpsd gps_device:chr_file rw_file_perms;
+
+# Execute the shell or system commands.
+allow gpsd shell_exec:file rx_file_perms;
+allow gpsd system_file:file rx_file_perms;
diff --git a/hci_attach.te b/hci_attach.te
index 5115292..3cb0953 100644
--- a/hci_attach.te
+++ b/hci_attach.te
@@ -1,5 +1,4 @@
type hci_attach, domain;
-permissive_or_unconfined(hci_attach)
type hci_attach_exec, exec_type, file_type;
init_daemon_domain(hci_attach)