diff options
Diffstat (limited to 'sepolicy/private')
-rw-r--r-- | sepolicy/private/devicesettings_app.te | 28 | ||||
-rw-r--r-- | sepolicy/private/seapp_contexts | 1 |
2 files changed, 29 insertions, 0 deletions
diff --git a/sepolicy/private/devicesettings_app.te b/sepolicy/private/devicesettings_app.te new file mode 100644 index 0000000..6e6a44b --- /dev/null +++ b/sepolicy/private/devicesettings_app.te @@ -0,0 +1,28 @@ +app_domain(devicesettings_app) + +# Allow devicesettings_app to find *_service +allow devicesettings_app { + app_api_service + audioserver_service + cameraserver_service + drmserver_service + mediaextractor_service + mediametrics_service + mediaserver_service +}:service_manager find; + +# Allow devicesettings_app read and write /data/data subdirectory +allow devicesettings_app system_app_data_file:dir create_dir_perms; +allow devicesettings_app system_app_data_file:{ file lnk_file } create_file_perms; + +# Allow binder communication with gpuservice +binder_call(devicesettings_app, gpuservice) + +# Allow devicesettings_app to read and write to cgroup/sysfs_leds/sysfs_thermal +allow devicesettings_app sysfs_leds:dir search; +#allow devicesettings_app vendor_sysfs_graphics:dir search; +allow devicesettings_app { + cgroup + sysfs_leds + sysfs_thermal +}:{ file lnk_file } rw_file_perms;
\ No newline at end of file diff --git a/sepolicy/private/seapp_contexts b/sepolicy/private/seapp_contexts new file mode 100644 index 0000000..0b3253a --- /dev/null +++ b/sepolicy/private/seapp_contexts @@ -0,0 +1 @@ +user=system seinfo=platform name=org.lineageos.settings domain=devicesettings_app type=system_app_data_file
\ No newline at end of file |