[PATCH] correct denies of inter system processes communication over named pipe

[PATCH] correct denies of inter system processes communication over named pipe

[hqjiang]

---
 mediaserver.te |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/mediaserver.te b/mediaserver.te
index 97f8e5d..c6af603 100644
--- a/mediaserver.te
+++ b/mediaserver.te
@@ -28,3 +28,6 @@ allow mediaserver ion_device:chr_file rw_file_perms;
 
 # To use remote processor
 allow mediaserver rpmsg_device:chr_file rw_file_perms;
+
+# Inter System processes communicate over named pipe (FIFO)
+allow mediaserver system:fifo_file r_file_perms;
-- 
1.7.0.4


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

[PATCH] Correct denies of rpmsg device when accessing to remote processors.

[hqjiang]

---
 device.te      |    4 ++++
 file_contexts  |    2 ++
 mediaserver.te |    3 +++
 3 files changed, 9 insertions(+), 0 deletions(-)

diff --git a/device.te b/device.te
index 9fc4d18..c9098e9 100644
--- a/device.te
+++ b/device.te
@@ -46,3 +46,7 @@ type gps_device, dev_type;
 # varies per device. This type
 # is used in per device policy
 type hci_attach_dev, dev_type;
+
+# All devices have a rpmsg device for 
+# achieving remoteproc and rpmsg modules
+type rpmsg_device, dev_type;
diff --git a/file_contexts b/file_contexts
index 72c95a5..f88865d 100644
--- a/file_contexts
+++ b/file_contexts
@@ -47,6 +47,8 @@
 /dev/nvmap		u:object_r:nv_device:s0
 /dev/nvhost-.*		u:object_r:nv_device:s0
 /dev/random		u:object_r:random_device:s0
+/dev/rpmsg-omx[0-9]	u:object_r:rpmsg_device:s0
+/dev/rproc_user	u:object_r:rpmsg_device:s0
 /dev/s3c-jpg		u:object_r:camera_device:s0
 /dev/s3c-mem		u:object_r:camera_device:s0
 /dev/s3c-mfc		u:object_r:graphics_device:s0
diff --git a/mediaserver.te b/mediaserver.te
index 8236c79..97f8e5d 100644
--- a/mediaserver.te
+++ b/mediaserver.te
@@ -25,3 +25,6 @@ allow mediaserver sysfs:file rw_file_perms;
 # XXX Why?
 allow mediaserver apk_data_file:file { read getattr };
 allow mediaserver ion_device:chr_file rw_file_perms;
+
+# To use remote processor
+allow mediaserver rpmsg_device:chr_file rw_file_perms;
-- 
1.7.0.4


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] Correct denies of rpmsg device when accessing to remote processors.

[Stephen Smalley]

On Wed, 2012-07-11 at 11:21 -0700, hqjiang wrote:
> ---
>  device.te      |    4 ++++
>  file_contexts  |    2 ++
>  mediaserver.te |    3 +++
>  3 files changed, 9 insertions(+), 0 deletions(-)

Merged on seandroid branch. However, when submitting patches:
- if they are relative to one another, then number them, e.g. [PATCH
1/2], [PATCH 2/2] to make the order explicit,
- identify the target directory in which to apply the patch, e.g. [PATCH
1/2 external/sepolicy].
- if branch-specific, identify the target branch(es), e.g. master vs
4.0.4 vs 4.1.1.
- Make the subject line shorter and include a longer patch description
in the body before the -- and diffstat output.

Using git format-patch to generate the patch or git send-email might
make life easier for you.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.