From f62af81817b1e8c4be5e71cbcef7b91e1b7b2bbf Mon Sep 17 00:00:00 2001 From: Robert Craig Date: Wed, 30 Jan 2013 13:17:14 -0500 Subject: [PATCH] Introduce security labels for 2 new device nodes. iio: Industrial I/O subsystem usb_accessory: accessory protocol for usb Allow system access in both cases. Change-Id: I02db9775ec2ddaaeda40fae6d5e56e320957b09c Signed-off-by: Robert Craig --- device.te | 2 ++ file_contexts | 2 ++ system.te | 2 ++ 3 files changed, 6 insertions(+) diff --git a/device.te b/device.te index cdfc0d9b9..628d803cc 100644 --- a/device.te +++ b/device.te @@ -38,12 +38,14 @@ type video_device, dev_type; type vcs_device, dev_type; type zero_device, dev_type; type fuse_device, dev_type; +type iio_device, dev_type; type ion_device, dev_type, mlstrustedobject; type gps_device, dev_type; type qtaguid_device, dev_type; type watchdog_device, dev_type; type uhid_device, dev_type; type tun_device, dev_type, mlstrustedobject; +type usbaccessory_device, dev_type; # All devices have a uart for the hci # attach service. The uart dev node diff --git a/file_contexts b/file_contexts index 4e6db1603..6501dfd83 100644 --- a/file_contexts +++ b/file_contexts @@ -50,6 +50,7 @@ /dev/fuse u:object_r:fuse_device:s0 /dev/graphics(/.*)? u:object_r:graphics_device:s0 /dev/input(/.*) u:object_r:input_device:s0 +/dev/iio:device[0-9]+ u:object_r:iio_device:s0 /dev/ion u:object_r:ion_device:s0 /dev/kmem u:object_r:kmem_device:s0 /dev/log(/.*)? u:object_r:log_device:s0 @@ -105,6 +106,7 @@ /dev/uhid u:object_r:uhid_device:s0 /dev/uinput u:object_r:input_device:s0 /dev/urandom u:object_r:urandom_device:s0 +/dev/usb_accessory u:object_r:usbaccessory_device:s0 /dev/vcs[0-9a-z]* u:object_r:vcs_device:s0 /dev/video[0-9]* u:object_r:video_device:s0 /dev/watchdog u:object_r:watchdog_device:s0 diff --git a/system.te b/system.te index c907a796c..eacd5fb55 100644 --- a/system.te +++ b/system.te @@ -144,10 +144,12 @@ allow system accelerometer_device:chr_file rw_file_perms; allow system alarm_device:chr_file rw_file_perms; allow system graphics_device:dir search; allow system graphics_device:chr_file rw_file_perms; +allow system iio_device:chr_file rw_file_perms; allow system input_device:dir r_dir_perms; allow system input_device:chr_file rw_file_perms; allow system tty_device:chr_file rw_file_perms; allow system urandom_device:chr_file rw_file_perms; +allow system usbaccessory_device:chr_file rw_file_perms; allow system video_device:chr_file rw_file_perms; allow system qemu_device:chr_file rw_file_perms;