Home | History | Annotate | Download | only in sepolicy 
      1 # init runs /system/bin/touchfwup.sh which runs rmi4update
      2 type rmi4update, domain, domain_deprecated;
      3 type rmi4update_exec, exec_type, file_type;
      4 
      5 init_daemon_domain(rmi4update)
      6 
      7 # access to /dev/hidraw0
      8 allow rmi4update hidraw_device:chr_file rw_file_perms;
      9 
     10 # TODO give the files being access a more specific label.
     11 allow rmi4update sysfs:dir search;
     12 allow rmi4update sysfs:file rw_file_perms;
     13 
     14 # Allow rmi4update to use file descriptor passed from touchfwup.sh
     15 allow rmi4update touch_fw_update:fd use;
     16 
     17 # Allow rmi4update to getattr and append to log file.
     18 allow rmi4update touch_fw_update_log_file:file { getattr append };
     19