From 61c7107df3c20a1298c8ad92f88f1e907e2242b2 Mon Sep 17 00:00:00 2001 From: Stephen Smalley Date: Tue, 24 Dec 2013 11:34:28 -0500 Subject: [PATCH] Allow execmem and ashmem_device execute as required. bootanim requires execmem. bootanim and surfaceflinger requires execute to ashmem_device. Change-Id: I3b4964c5acd31a44ce81672077c70353a375c072 Signed-off-by: Stephen Smalley --- target/board/generic/BoardConfig.mk | 5 ++++- target/board/generic/sepolicy/bootanim.te | 2 ++ target/board/generic/sepolicy/surfaceflinger.te | 1 + 3 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 target/board/generic/sepolicy/bootanim.te diff --git a/target/board/generic/BoardConfig.mk b/target/board/generic/BoardConfig.mk index 8f698ec39..e0ad23ad9 100644 --- a/target/board/generic/BoardConfig.mk +++ b/target/board/generic/BoardConfig.mk @@ -76,4 +76,7 @@ BOARD_FLASH_BLOCK_SIZE := 512 TARGET_USERIMAGES_SPARSE_EXT_DISABLED := true BOARD_SEPOLICY_DIRS += build/target/board/generic/sepolicy -BOARD_SEPOLICY_UNION += domain.te surfaceflinger.te +BOARD_SEPOLICY_UNION += \ + bootanim.te \ + domain.te \ + surfaceflinger.te diff --git a/target/board/generic/sepolicy/bootanim.te b/target/board/generic/sepolicy/bootanim.te new file mode 100644 index 000000000..d6506e11d --- /dev/null +++ b/target/board/generic/sepolicy/bootanim.te @@ -0,0 +1,2 @@ +allow bootanim self:process execmem; +allow bootanim ashmem_device:chr_file execute; diff --git a/target/board/generic/sepolicy/surfaceflinger.te b/target/board/generic/sepolicy/surfaceflinger.te index 952363051..4c354697a 100644 --- a/target/board/generic/sepolicy/surfaceflinger.te +++ b/target/board/generic/sepolicy/surfaceflinger.te @@ -1 +1,2 @@ allow surfaceflinger self:process execmem; +allow surfaceflinger ashmem_device:chr_file execute;