Allow execmem and ashmem_device execute as required.

author Stephen Smalley <sds@tycho.nsa.gov>

Tue, 24 Dec 2013 16:34:28 +0000 (11:34 -0500)

committer Stephen Smalley <sds@tycho.nsa.gov>

Tue, 24 Dec 2013 16:43:25 +0000 (11:43 -0500)
author Stephen Smalley <sds@tycho.nsa.gov>
Tue, 24 Dec 2013 16:34:28 +0000 (11:34 -0500)
committer Stephen Smalley <sds@tycho.nsa.gov>
Tue, 24 Dec 2013 16:43:25 +0000 (11:43 -0500)
diff --git a/target/board/generic/BoardConfig.mk b/target/board/generic/BoardConfig.mk

index 8f698ec..e0ad23a 100644 (file)
--- a/target/board/generic/BoardConfig.mk
+++ b/target/board/generic/BoardConfig.mk
@@ -76,4 +76,7 @@ BOARD_FLASH_BLOCK_SIZE := 512
  TARGET_USERIMAGES_SPARSE_EXT_DISABLED := true
  
  BOARD_SEPOLICY_DIRS += build/target/board/generic/sepolicy
-BOARD_SEPOLICY_UNION += domain.te surfaceflinger.te
+BOARD_SEPOLICY_UNION += \
+        bootanim.te \
+        domain.te \
+        surfaceflinger.te
diff --git a/target/board/generic/sepolicy/bootanim.te b/target/board/generic/sepolicy/bootanim.te

new file mode 100644 (file)

index 0000000..d6506e1
--- /dev/null
+++ b/target/board/generic/sepolicy/bootanim.te
@@ -0,0 +1,2 @@
+allow bootanim self:process execmem;
+allow bootanim ashmem_device:chr_file execute;
diff --git a/target/board/generic/sepolicy/surfaceflinger.te b/target/board/generic/sepolicy/surfaceflinger.te

index 9523630..4c35469 100644 (file)
--- a/target/board/generic/sepolicy/surfaceflinger.te
+++ b/target/board/generic/sepolicy/surfaceflinger.te
@@ -1 +1,2 @@
  allow surfaceflinger self:process execmem;
+allow surfaceflinger ashmem_device:chr_file execute;
author	Stephen Smalley <sds@tycho.nsa.gov>
	Tue, 24 Dec 2013 16:34:28 +0000 (11:34 -0500)
committer	Stephen Smalley <sds@tycho.nsa.gov>
	Tue, 24 Dec 2013 16:43:25 +0000 (11:43 -0500)
target/board/generic/BoardConfig.mk		patch \| blob \| history
target/board/generic/sepolicy/bootanim.te	[new file with mode: 0644]	patch \| blob
target/board/generic/sepolicy/surfaceflinger.te		patch \| blob \| history