sepolicy: policy for bootup denials on 64 bit targets
Add policy for bootup issues and other domains
Change-Id: I48dc57dcdc0c631e682072f93e2f8fd2751c7a43
diff --git a/common/domain.te b/common/domain.te
index e5fc562..acadbb9 100644
--- a/common/domain.te
+++ b/common/domain.te
@@ -4,3 +4,4 @@
r_dir_file(domain, sysfs_socinfo);
r_dir_file(domain, sysfs_esoc);
+r_dir_file(domain, sysfs_ssr);
diff --git a/common/mm-pp-daemon.te b/common/mm-pp-daemon.te
index b515c47..6c40e45 100755
--- a/common/mm-pp-daemon.te
+++ b/common/mm-pp-daemon.te
@@ -39,4 +39,5 @@
# Allow mm-pp-daemon to change the brightness of the target during display
# calibration
allow mm-pp-daemon sysfs:file rw_file_perms;
+ unix_socket_connect(mm-pp-daemon, property, init)
')
diff --git a/common/msm_irqbalanced.te b/common/msm_irqbalanced.te
index 6041b19..dc8429c 100644
--- a/common/msm_irqbalanced.te
+++ b/common/msm_irqbalanced.te
@@ -5,3 +5,4 @@
allow msm_irqbalanced proc:file write;
allow msm_irqbalanced sysfs_devices_system_cpu:file write;
allow msm_irqbalanced self:capability { setuid setgid dac_override };
+r_dir_file(msm_irqbalanced, sysfs_rqstats);
diff --git a/common/netmgrd.te b/common/netmgrd.te
index 95226c9..2d6bd05 100644
--- a/common/netmgrd.te
+++ b/common/netmgrd.te
@@ -44,7 +44,7 @@
#Allow execution of commands in shell
allow netmgrd system_file:file { execute_no_trans };
-allow netmgrd self:socket read;
+allow netmgrd self:socket create_socket_perms;
allow netmgrd sysfs_esoc:dir r_dir_perms;
#Allow communication with netd
diff --git a/common/rmt_storage.te b/common/rmt_storage.te
index ad70463..04a96ef 100644
--- a/common/rmt_storage.te
+++ b/common/rmt_storage.te
@@ -12,5 +12,5 @@
allow rmt_storage self:socket { create_socket_perms };
allow rmt_storage sysfs_wake_lock:file { open write append };
allow rmt_storage uio_device:chr_file { read write open };
-allow rmt_storage mmc_block_device:blk_file read;
+allow rmt_storage mmc_block_device:blk_file r_file_perms;
allow rmt_storage self:capability { net_raw setpcap };
diff --git a/common/system_server.te b/common/system_server.te
index a6f00df..4989730 100644
--- a/common/system_server.te
+++ b/common/system_server.te
@@ -35,3 +35,6 @@
allow system_server location_data_file:fifo_file create_file_perms;
allow system_server location_socket:sock_file rw_file_perms;
allow system_server location_app_data_file:dir r_dir_perms;
+
+#For wifistatemachine
+allow system_server kernel:key search;
diff --git a/common/wpa.te b/common/wpa.te
index 1917ef7..3ae28b1 100644
--- a/common/wpa.te
+++ b/common/wpa.te
@@ -1,2 +1,6 @@
allow wpa persist_file:dir search;
qmux_socket(wpa);
+
+allow wpa self:socket create_socket_perms;
+allow wpa smem_log_device:chr_file rw_file_perms;
+allow wpa proc_net:file write;