* Update patches for hci_attach service in SE Android
@ 2012-05-24 23:47 William Roberts
2012-05-29 19:13 ` William Roberts
2012-05-31 13:47 ` Stephen Smalley
0 siblings, 2 replies; 4+ messages in thread
From: William Roberts @ 2012-05-24 23:47 UTC (permalink / raw)
To: seandroid, selinux
[-- Attachment #1.1: Type: text/plain, Size: 455 bytes --]
The previous set up patches submitted yesterday got a reworking today with
the help of Stephen (Thanks).
Here are the most recent changes:
1. external/sepolicy/hci_attach.te is created. Since all Android devices
have a hci_attach service, the rules can be allowed in there.
2. device/samsung/tuna policy.fc Labels the files properly that represent
the hci_attach service. This varies per device.
3. General clean up
--
Respectfully,
William C Roberts
[-- Attachment #1.2: Type: text/html, Size: 566 bytes --]
[-- Attachment #2: device_samsung_tuna.patch --]
[-- Type: application/octet-stream, Size: 1025 bytes --]
diff --git a/init.tuna.rc b/init.tuna.rc
index 1355237..3e9e459 100755
--- a/init.tuna.rc
+++ b/init.tuna.rc
@@ -113,7 +113,8 @@ on fs
chmod 0660 /sys/class/rfkill/rfkill0/state
chown bluetooth bluetooth /sys/class/rfkill/rfkill0/state
chown bluetooth bluetooth /sys/class/rfkill/rfkill0/type
- restorecon /factory/bluetooth
+ restorecon /factory/bluetooth
+ restorecon /factory/bluetooth/bt_addr
# backlight
chown system system /sys/class/backlight/s6e8aa0/brightness
diff --git a/sepolicy.fc b/sepolicy.fc
index a4991a2..a95584e 100644
--- a/sepolicy.fc
+++ b/sepolicy.fc
@@ -4,3 +4,8 @@
/data/radio/nv_data.bin.* u:object_r:radio_data_file:s0
/factory(/.*)? u:object_r:efs_file:s0
/factory/nv_data.bin.* u:object_r:radio_data_file:s0
+/system/bin/brcm_patchram_plus u:object_r:hci_attach_exec:s0
+
+#The devices and files used by the hciattach service are device specific
+/dev/ttyO1 u:object_r:hci_attach_dev:s0
+/factory/bluetooth(/.*)? u:object_r:bluetooth_efs_file:s0
[-- Attachment #3: external_sepolicy.patch --]
[-- Type: application/octet-stream, Size: 1751 bytes --]
diff --git a/device.te b/device.te
index 6424db6..ac34d72 100644
--- a/device.te
+++ b/device.te
@@ -37,3 +37,9 @@ type urandom_device, dev_type;
type video_device, dev_type;
type vcs_device, dev_type;
type zero_device, dev_type;
+
+# All devices have a uart for the hci
+# attach service. The uart dev node
+# varies per device. This type
+# is used in per device policy
+type hci_attach_dev, dev_type;
diff --git a/file.te b/file.te
index b6e3a5d..4e3bd53 100644
--- a/file.te
+++ b/file.te
@@ -56,6 +56,11 @@ type efs_file, file_type;
# Type for wallpaper file.
type wallpaper_file, file_type;
+# All devices have bluetooth efs files. But they
+# vary per device, so this type is used in per
+# defice policy
+type bluetooth_efs_file, file_type;
+
# Socket types
type bluetooth_socket, file_type;
type dbus_socket, file_type;
diff --git a/hci_attach.te b/hci_attach.te
new file mode 100644
index 0000000..3e985ac
--- /dev/null
+++ b/hci_attach.te
@@ -0,0 +1,10 @@
+type hci_attach, domain;
+type hci_attach_exec, exec_type, file_type;
+
+init_daemon_domain(hci_attach)
+
+allow hci_attach kernel:system module_request;
+allow hci_attach hci_attach_dev:chr_file rw_file_perms;
+allow hci_attach bluetooth_efs_file:dir r_dir_perms;
+allow hci_attach bluetooth_efs_file:file r_file_perms;
+
diff --git a/rild.te b/rild.te
index a0a4a37..e65fc36 100644
--- a/rild.te
+++ b/rild.te
@@ -17,6 +17,7 @@ allow rild mtd_device:dir search;
allow rild efs_file:dir create_dir_perms;
allow rild efs_file:file create_file_perms;
allow rild shell_exec:file rx_file_perms;
+allow rild bluetooth_efs_file:file r_file_perms;
dontaudit rild self:capability sys_admin;
# XXX Label sysfs files with a specific type?
allow rild sysfs:file rw_file_perms;
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: Update patches for hci_attach service in SE Android
2012-05-24 23:47 Update patches for hci_attach service in SE Android William Roberts
@ 2012-05-29 19:13 ` William Roberts
2012-05-29 19:16 ` Stephen Smalley
2012-05-31 13:47 ` Stephen Smalley
1 sibling, 1 reply; 4+ messages in thread
From: William Roberts @ 2012-05-29 19:13 UTC (permalink / raw)
To: seandroid, selinux, Stephen Smalley
[-- Attachment #1: Type: text/plain, Size: 672 bytes --]
Is anyone reviewing these patches for submission into mainline?
On Thu, May 24, 2012 at 7:47 PM, William Roberts
<bill.c.roberts@gmail.com>wrote:
> The previous set up patches submitted yesterday got a reworking today with
> the help of Stephen (Thanks).
>
> Here are the most recent changes:
> 1. external/sepolicy/hci_attach.te is created. Since all Android devices
> have a hci_attach service, the rules can be allowed in there.
> 2. device/samsung/tuna policy.fc Labels the files properly that represent
> the hci_attach service. This varies per device.
> 3. General clean up
>
> --
> Respectfully,
>
> William C Roberts
>
>
>
--
Respectfully,
William C Roberts
[-- Attachment #2: Type: text/html, Size: 1118 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Update patches for hci_attach service in SE Android
2012-05-29 19:13 ` William Roberts
@ 2012-05-29 19:16 ` Stephen Smalley
0 siblings, 0 replies; 4+ messages in thread
From: Stephen Smalley @ 2012-05-29 19:16 UTC (permalink / raw)
To: William Roberts; +Cc: seandroid, selinux
Yes, still catching up...
On Tue, 2012-05-29 at 15:13 -0400, William Roberts wrote:
> Is anyone reviewing these patches for submission into mainline?
>
> On Thu, May 24, 2012 at 7:47 PM, William Roberts
> <bill.c.roberts@gmail.com> wrote:
> The previous set up patches submitted yesterday got a
> reworking today with the help of Stephen (Thanks).
>
>
> Here are the most recent changes:
> 1. external/sepolicy/hci_attach.te is created. Since all
> Android devices have a hci_attach service, the rules can be
> allowed in there.
> 2. device/samsung/tuna policy.fc Labels the files properly
> that represent the hci_attach service. This varies per device.
> 3. General clean up
>
>
> --
> Respectfully,
>
> William C Roberts
>
>
>
>
>
>
>
> --
> Respectfully,
>
> William C Roberts
>
>
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Update patches for hci_attach service in SE Android
2012-05-24 23:47 Update patches for hci_attach service in SE Android William Roberts
2012-05-29 19:13 ` William Roberts
@ 2012-05-31 13:47 ` Stephen Smalley
1 sibling, 0 replies; 4+ messages in thread
From: Stephen Smalley @ 2012-05-31 13:47 UTC (permalink / raw)
To: William Roberts; +Cc: seandroid, selinux
On Thu, 2012-05-24 at 16:47 -0700, William Roberts wrote:
> The previous set up patches submitted yesterday got a reworking today
> with the help of Stephen (Thanks).
>
>
> Here are the most recent changes:
> 1. external/sepolicy/hci_attach.te is created. Since all Android
> devices have a hci_attach service, the rules can be allowed in there.
> 2. device/samsung/tuna policy.fc Labels the files properly that
> represent the hci_attach service. This varies per device.
> 3. General clean up
Thanks, merged.
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2012-05-31 13:47 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-05-24 23:47 Update patches for hci_attach service in SE Android William Roberts
2012-05-29 19:13 ` William Roberts
2012-05-29 19:16 ` Stephen Smalley
2012-05-31 13:47 ` Stephen Smalley
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.