86 lines
3.9 KiB
Diff
86 lines
3.9 KiB
Diff
|
From 6443b911354cf60c0c3f099a879f1616a638187a Mon Sep 17 00:00:00 2001
|
||
|
From: harvey186 <harvey186@hotmail.com>
|
||
|
Date: Sat, 1 Jul 2023 08:58:28 +0200
|
||
|
Subject: [PATCH] eOS1
|
||
|
|
||
|
---
|
||
|
common/private/netd.te | 1 +
|
||
|
common/private/platform_app.te | 11 ++++++
|
||
|
common/private/service.te | 1 +
|
||
|
common/private/service_contexts | 1 +
|
||
|
common/private/untrusted_app.te | 1 +
|
||
|
common/private/updater_app.te | 1 +
|
||
|
sepolicy-patch | 59 +++++++++++++++++++++++++++++++++
|
||
|
7 files changed, 75 insertions(+)
|
||
|
create mode 100644 common/private/netd.te
|
||
|
|
||
|
diff --git a/common/private/netd.te b/common/private/netd.te
|
||
|
new file mode 100644
|
||
|
index 0000000..bc71718
|
||
|
--- /dev/null
|
||
|
+++ b/common/private/netd.te
|
||
|
@@ -0,0 +1 @@
|
||
|
+allow netd platform_app:unix_stream_socket connectto;
|
||
|
diff --git a/common/private/platform_app.te b/common/private/platform_app.te
|
||
|
index 07183e7..acbc623 100644
|
||
|
--- a/common/private/platform_app.te
|
||
|
+++ b/common/private/platform_app.te
|
||
|
@@ -9,3 +9,14 @@ hal_client_domain(platform_app, hal_lineage_livedisplay)
|
||
|
|
||
|
# Allow PowerShare HAL service to be found
|
||
|
hal_client_domain(platform_app, hal_lineage_powershare)
|
||
|
+
|
||
|
+# allow platform_app to create named pipes (used for realm support)
|
||
|
+allow platform_app fuse:fifo_file create;
|
||
|
+allow platform_app app_data_file:fifo_file create_file_perms;
|
||
|
+allow platform_app app_data_file:fifo_file open;
|
||
|
+allow platform_app rs_exec:file rx_file_perms;
|
||
|
+
|
||
|
+# Allow platform apps to execute files in /data
|
||
|
+allow platform_app app_data_file:file execute;
|
||
|
+
|
||
|
+allow platform_app app_data_file:{ lnk_file sock_file fifo_file } create_file_perms;
|
||
|
diff --git a/common/private/service.te b/common/private/service.te
|
||
|
index 86f6e4c..8f0e1e0 100644
|
||
|
--- a/common/private/service.te
|
||
|
+++ b/common/private/service.te
|
||
|
@@ -5,3 +5,4 @@ type lineage_globalactions_service, system_api_service, system_server_service, s
|
||
|
type lineage_livedisplay_service, system_api_service, system_server_service, service_manager_type;
|
||
|
type lineage_profile_service, system_api_service, system_server_service, service_manager_type;
|
||
|
type lineage_trust_service, system_api_service, system_server_service, service_manager_type;
|
||
|
+type lineage_weather_service, system_api_service, system_server_service, service_manager_type;
|
||
|
diff --git a/common/private/service_contexts b/common/private/service_contexts
|
||
|
index cd984cb..a93527d 100644
|
||
|
--- a/common/private/service_contexts
|
||
|
+++ b/common/private/service_contexts
|
||
|
@@ -3,6 +3,7 @@ lineagehardware u:object_r:lineage_hardware_service:s0
|
||
|
lineagehealth u:object_r:lineage_health_interface_service:s0
|
||
|
lineagelivedisplay u:object_r:lineage_livedisplay_service:s0
|
||
|
lineagetrust u:object_r:lineage_trust_service:s0
|
||
|
+lineageweather u:object_r:lineage_weather_service:s0
|
||
|
profile u:object_r:lineage_profile_service:s0
|
||
|
|
||
|
adbroot_service u:object_r:adbroot_service:s0
|
||
|
diff --git a/common/private/untrusted_app.te b/common/private/untrusted_app.te
|
||
|
index 77959f6..39d2b4b 100644
|
||
|
--- a/common/private/untrusted_app.te
|
||
|
+++ b/common/private/untrusted_app.te
|
||
|
@@ -1 +1,2 @@
|
||
|
allow untrusted_app_all lineage_profile_service:service_manager find;
|
||
|
+allow untrusted_app_all lineage_weather_service:service_manager find;
|
||
|
diff --git a/common/private/updater_app.te b/common/private/updater_app.te
|
||
|
index 91b63a0..373c97a 100644
|
||
|
--- a/common/private/updater_app.te
|
||
|
+++ b/common/private/updater_app.te
|
||
|
@@ -9,6 +9,7 @@ binder_call(updater_app, update_engine)
|
||
|
allow updater_app app_api_service:service_manager find;
|
||
|
allow updater_app recovery_service:service_manager find;
|
||
|
allow updater_app system_api_service:service_manager find;
|
||
|
+allow updater_app system_update_service:service_manager find;
|
||
|
allow updater_app update_engine_service:service_manager find;
|
||
|
|
||
|
allow updater_app app_data_file:dir create_dir_perms;
|
||
|
--
|
||
|
2.34.1
|
||
|
|