Home | History | Annotate | Download | only in sepolicy 
      1 ##########
      2 # sensors_config: load calibration files.
      3 ##########
      4 type sensors_config, domain;
      5 type sensors_config_exec, exec_type, file_type;
      6 type sensors_data_file, file_type, data_file_type;
      7 init_daemon_domain(sensors_config)
      8 file_type_auto_trans(sensors_config, system_data_file, sensors_data_file)
      9 
     10 # Execute toolbox commands
     11 allow sensors_config shell_exec:file rx_file_perms;
     12 allow sensors_config system_file:file execute_no_trans;
     13 
     14 # Mount /dev/block/platform/sdhci-tegra.3/by-name/PER
     15 allow sensors_config sensors_data_file:dir mounton;
     16 allow sensors_config sdcard_external:filesystem { mount unmount };
     17 allow sensors_config { sdcard_external block_device }:dir search;
     18 
     19 # Read from the mounted PER partition
     20 allow sensors_config sdcard_external:file r_file_perms;
     21 
     22 # Need to chmod and chown files (/data/lightsensor, /data/sensors)
     23 allow sensors_config self:capability { chown fowner };
     24 
     25 # Checked as a side effect on the chmod (don't allow)
     26 dontaudit sensors_config self:capability { fsetid };
     27 
     28 # Needed for mount/umount
     29 allow sensors_config self:capability sys_admin;
     30 
     31 # Tries to delete /data/calibration (don't allow)
     32 dontaudit sensors_config system_data_file:dir remove_name;
     33 dontaudit sensors_config self:capability dac_override;
     34