rpcraig | 1555c27 | 2012-11-02 06:35:29 -0400 | [diff] [blame] | 1 | ########## |
| 2 | # sensors_config: load calibration files. |
| 3 | ########## |
| 4 | type sensors_config, domain; |
| 5 | type sensors_config_exec, exec_type, file_type; |
| 6 | type sensors_data_file, file_type, data_file_type; |
| 7 | init_daemon_domain(sensors_config) |
Robert Craig | b84df60 | 2013-03-27 06:12:51 -0400 | [diff] [blame] | 8 | file_type_auto_trans(sensors_config, system_data_file, sensors_data_file) |
Robert Craig | b5a701c | 2013-09-23 17:52:56 -0400 | [diff] [blame] | 9 | |
| 10 | # Execute toolbox commands |
| 11 | allow sensors_config shell_exec:file rx_file_perms; |
| 12 | allow sensors_config system_file:file execute_no_trans; |
| 13 | |
| 14 | # Mount /dev/block/platform/sdhci-tegra.3/by-name/PER |
| 15 | allow sensors_config sensors_data_file:dir mounton; |
| 16 | allow sensors_config sdcard_external:filesystem { mount unmount }; |
| 17 | allow sensors_config { sdcard_external block_device }:dir search; |
| 18 | |
| 19 | # Read from the mounted PER partition |
| 20 | allow sensors_config sdcard_external:file r_file_perms; |
| 21 | |
| 22 | # Need to chmod and chown files (/data/lightsensor, /data/sensors) |
| 23 | allow sensors_config self:capability { chown fowner }; |
| 24 | |
| 25 | # Checked as a side effect on the chmod (don't allow) |
| 26 | dontaudit sensors_config self:capability { fsetid }; |
| 27 | |
| 28 | # Needed for mount/umount |
| 29 | allow sensors_config self:capability sys_admin; |
| 30 | |
| 31 | # Tries to delete /data/calibration (don't allow) |
| 32 | dontaudit sensors_config system_data_file:dir remove_name; |
| 33 | dontaudit sensors_config self:capability dac_override; |