From 6443b911354cf60c0c3f099a879f1616a638187a Mon Sep 17 00:00:00 2001 From: harvey186 Date: Sat, 1 Jul 2023 08:58:28 +0200 Subject: [PATCH] eOS1 --- common/private/netd.te | 1 + common/private/platform_app.te | 11 ++++++ common/private/service.te | 1 + common/private/service_contexts | 1 + common/private/untrusted_app.te | 1 + common/private/updater_app.te | 1 + sepolicy-patch | 59 +++++++++++++++++++++++++++++++++ 7 files changed, 75 insertions(+) create mode 100644 common/private/netd.te diff --git a/common/private/netd.te b/common/private/netd.te new file mode 100644 index 0000000..bc71718 --- /dev/null +++ b/common/private/netd.te @@ -0,0 +1 @@ +allow netd platform_app:unix_stream_socket connectto; diff --git a/common/private/platform_app.te b/common/private/platform_app.te index 07183e7..acbc623 100644 --- a/common/private/platform_app.te +++ b/common/private/platform_app.te @@ -9,3 +9,14 @@ hal_client_domain(platform_app, hal_lineage_livedisplay) # Allow PowerShare HAL service to be found hal_client_domain(platform_app, hal_lineage_powershare) + +# allow platform_app to create named pipes (used for realm support) +allow platform_app fuse:fifo_file create; +allow platform_app app_data_file:fifo_file create_file_perms; +allow platform_app app_data_file:fifo_file open; +allow platform_app rs_exec:file rx_file_perms; + +# Allow platform apps to execute files in /data +allow platform_app app_data_file:file execute; + +allow platform_app app_data_file:{ lnk_file sock_file fifo_file } create_file_perms; diff --git a/common/private/service.te b/common/private/service.te index 86f6e4c..8f0e1e0 100644 --- a/common/private/service.te +++ b/common/private/service.te @@ -5,3 +5,4 @@ type lineage_globalactions_service, system_api_service, system_server_service, s type lineage_livedisplay_service, system_api_service, system_server_service, service_manager_type; type lineage_profile_service, system_api_service, system_server_service, service_manager_type; type lineage_trust_service, system_api_service, system_server_service, service_manager_type; +type lineage_weather_service, system_api_service, system_server_service, service_manager_type; diff --git a/common/private/service_contexts b/common/private/service_contexts index cd984cb..a93527d 100644 --- a/common/private/service_contexts +++ b/common/private/service_contexts @@ -3,6 +3,7 @@ lineagehardware u:object_r:lineage_hardware_service:s0 lineagehealth u:object_r:lineage_health_interface_service:s0 lineagelivedisplay u:object_r:lineage_livedisplay_service:s0 lineagetrust u:object_r:lineage_trust_service:s0 +lineageweather u:object_r:lineage_weather_service:s0 profile u:object_r:lineage_profile_service:s0 adbroot_service u:object_r:adbroot_service:s0 diff --git a/common/private/untrusted_app.te b/common/private/untrusted_app.te index 77959f6..39d2b4b 100644 --- a/common/private/untrusted_app.te +++ b/common/private/untrusted_app.te @@ -1 +1,2 @@ allow untrusted_app_all lineage_profile_service:service_manager find; +allow untrusted_app_all lineage_weather_service:service_manager find; diff --git a/common/private/updater_app.te b/common/private/updater_app.te index 91b63a0..373c97a 100644 --- a/common/private/updater_app.te +++ b/common/private/updater_app.te @@ -9,6 +9,7 @@ binder_call(updater_app, update_engine) allow updater_app app_api_service:service_manager find; allow updater_app recovery_service:service_manager find; allow updater_app system_api_service:service_manager find; +allow updater_app system_update_service:service_manager find; allow updater_app update_engine_service:service_manager find; allow updater_app app_data_file:dir create_dir_perms; -- 2.34.1