diff --git a/target/board/generic/BoardConfig.mk b/target/board/generic/BoardConfig.mk index c30cc75862..6d58b1c86b 100644 --- a/target/board/generic/BoardConfig.mk +++ b/target/board/generic/BoardConfig.mk @@ -78,6 +78,7 @@ TARGET_USERIMAGES_SPARSE_EXT_DISABLED := true BOARD_SEPOLICY_DIRS += build/target/board/generic/sepolicy BOARD_SEPOLICY_UNION += \ adbd.te \ + app.te \ bootanim.te \ device.te \ domain.te \ @@ -88,4 +89,5 @@ BOARD_SEPOLICY_UNION += \ rild.te \ shell.te \ surfaceflinger.te \ - system_server.te + system_server.te \ + zygote.te diff --git a/target/board/generic/sepolicy/app.te b/target/board/generic/sepolicy/app.te new file mode 100644 index 0000000000..fd33453e6c --- /dev/null +++ b/target/board/generic/sepolicy/app.te @@ -0,0 +1 @@ +allow appdomain qemu_device:chr_file rw_file_perms; diff --git a/target/board/generic/sepolicy/bootanim.te b/target/board/generic/sepolicy/bootanim.te index d6506e11dd..a5a84f9fbb 100644 --- a/target/board/generic/sepolicy/bootanim.te +++ b/target/board/generic/sepolicy/bootanim.te @@ -1,2 +1,3 @@ allow bootanim self:process execmem; allow bootanim ashmem_device:chr_file execute; +allow bootanim qemu_device:chr_file rw_file_perms; diff --git a/target/board/generic/sepolicy/surfaceflinger.te b/target/board/generic/sepolicy/surfaceflinger.te index 4c354697ab..671278919d 100644 --- a/target/board/generic/sepolicy/surfaceflinger.te +++ b/target/board/generic/sepolicy/surfaceflinger.te @@ -1,2 +1,3 @@ allow surfaceflinger self:process execmem; allow surfaceflinger ashmem_device:chr_file execute; +allow surfaceflinger qemu_device:chr_file rw_file_perms; diff --git a/target/board/generic/sepolicy/zygote.te b/target/board/generic/sepolicy/zygote.te new file mode 100644 index 0000000000..a5da574060 --- /dev/null +++ b/target/board/generic/sepolicy/zygote.te @@ -0,0 +1 @@ +allow zygote qemu_device:chr_file rw_file_perms; diff --git a/target/board/generic_x86/BoardConfig.mk b/target/board/generic_x86/BoardConfig.mk index faf8600c9b..727d3db734 100644 --- a/target/board/generic_x86/BoardConfig.mk +++ b/target/board/generic_x86/BoardConfig.mk @@ -44,7 +44,9 @@ TARGET_USERIMAGES_SPARSE_EXT_DISABLED := true BOARD_SEPOLICY_DIRS += build/target/board/generic_x86/sepolicy BOARD_SEPOLICY_UNION += \ + app.te \ adbd.te \ + bootanim.te \ device.te \ domain.te \ file.te \ @@ -55,5 +57,6 @@ BOARD_SEPOLICY_UNION += \ qemud.te \ rild.te \ shell.te \ + surfaceflinger.te \ system_server.te \ zygote.te diff --git a/target/board/generic_x86/sepolicy/app.te b/target/board/generic_x86/sepolicy/app.te new file mode 100644 index 0000000000..fd33453e6c --- /dev/null +++ b/target/board/generic_x86/sepolicy/app.te @@ -0,0 +1 @@ +allow appdomain qemu_device:chr_file rw_file_perms; diff --git a/target/board/generic_x86/sepolicy/bootanim.te b/target/board/generic_x86/sepolicy/bootanim.te new file mode 100644 index 0000000000..762a57387f --- /dev/null +++ b/target/board/generic_x86/sepolicy/bootanim.te @@ -0,0 +1 @@ +allow bootanim qemu_device:chr_file rw_file_perms; diff --git a/target/board/generic_x86/sepolicy/surfaceflinger.te b/target/board/generic_x86/sepolicy/surfaceflinger.te new file mode 100644 index 0000000000..865405ce55 --- /dev/null +++ b/target/board/generic_x86/sepolicy/surfaceflinger.te @@ -0,0 +1 @@ +allow surfaceflinger qemu_device:chr_file rw_file_perms; diff --git a/target/board/generic_x86/sepolicy/zygote.te b/target/board/generic_x86/sepolicy/zygote.te index 93993a47f1..d34c4a1f9c 100644 --- a/target/board/generic_x86/sepolicy/zygote.te +++ b/target/board/generic_x86/sepolicy/zygote.te @@ -1,2 +1,3 @@ allow zygote self:process execmem; allow zygote self:capability sys_nice; +allow zygote qemu_device:chr_file rw_file_perms;