You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
145 lines
5.6 KiB
145 lines
5.6 KiB
type udev, domain;
|
|
type udev_exec, exec_type, file_type;
|
|
|
|
|
|
init_daemon_domain(udev)
|
|
domain_auto_trans(shell, udev_exec, udev)
|
|
|
|
type udev_file, file_type;
|
|
type udev_conf, file_type;
|
|
type udev_rules, file_type;
|
|
type udev_helper_exec, file_type;
|
|
|
|
#*****************************
|
|
allow udev udev_conf:file {open read getattr};
|
|
allow udev udev_rules:dir {open getattr read search};
|
|
allow udev udev_rules:file {open getattr read};
|
|
allow udev udev_helper_exec:file {execute read open execute_no_trans};
|
|
|
|
#sh file such as mmc-dev-mapping.sh
|
|
allow udev shell_exec:file {execute read open execute_no_trans};
|
|
allow udev rootfs:file {execute_no_trans};
|
|
|
|
allow udev var_file:dir {search};
|
|
#*****************************
|
|
allow udev self:process {setfscreate};
|
|
allow udev self:capability {net_admin sys_nice dac_override sys_resource mknod chown};
|
|
allow udev self:netlink_kobject_uevent_socket {create bind getattr setopt read write};
|
|
#*****************************
|
|
allow udev kernel:security {check_context};
|
|
allow udev sysfs:file {write};
|
|
allow udev selinuxfs:file {write};
|
|
allow udev rootfs:file {execute execmod};
|
|
#allow udev system_file:file {execmod};
|
|
#***********************************
|
|
allow udev device:dir {create read open write add_name remove_name};
|
|
allow udev device:file {create open getattr write rename unlink};
|
|
allow udev device:lnk_file {create};
|
|
allow udev device:chr_file {create setattr};
|
|
|
|
allow udev audio_device:chr_file {create setattr };
|
|
allow udev audio_device:dir {create getattr write add_name};
|
|
allow udev ashmem_device:chr_file {create setattr};
|
|
allow udev binder_device:chr_file { create setattr};
|
|
allow udev block_device:blk_file {create setattr};
|
|
allow udev block_device:dir { create getattr write add_name};
|
|
allow udev block_device:lnk_file { create};
|
|
allow udev console_device:chr_file {getattr setattr read write};
|
|
allow udev cpu_dma_latency_device:chr_file {create setattr };
|
|
allow udev full_device:chr_file {create setattr};
|
|
allow udev fuse_device:chr_file { create setattr};
|
|
allow udev fusion_device:chr_file {create setattr };
|
|
allow udev gpu_device:chr_file { create setattr};
|
|
allow udev graphics_device:chr_file { create setattr};
|
|
allow udev input_device:chr_file {create setattr};
|
|
allow udev ion_device:chr_file { create setattr};
|
|
allow udev jpeg_device:chr_file { create setattr};
|
|
allow udev kmem_device:chr_file {create setattr};
|
|
allow udev kmsg_device:chr_file {create setattr};
|
|
allow udev log_device:chr_file {create setattr};
|
|
allow udev loop-control_device:chr_file { create setattr};
|
|
allow udev loop_device:blk_file {create setattr};
|
|
allow udev mmc_block_device:blk_file {create setattr};
|
|
allow udev network_latency_device:chr_file { create setattr};
|
|
allow udev network_throughput_device:chr_file { create setattr};
|
|
allow udev null_device:chr_file { setattr};
|
|
allow udev owntty_device:chr_file {create setattr };
|
|
allow udev ppp_device:chr_file { create setattr};
|
|
allow udev psaux_device:chr_file {create setattr};
|
|
allow udev ptmx_device:chr_file { create setattr};
|
|
allow udev ram_device:blk_file {create setattr};
|
|
allow udev random_device:chr_file {create setattr};
|
|
allow udev serial_device:chr_file {create getattr setattr write};
|
|
allow udev smmu_device:chr_file {create setattr};
|
|
allow udev tc_ns_client_device:chr_file { create setattr};
|
|
allow udev tty_device:chr_file { create setattr};
|
|
allow udev uhid_device:chr_file { create setattr};
|
|
allow udev urandom_device:chr_file {create setattr};
|
|
allow udev usb_device:dir { create getattr write add_name};
|
|
allow udev usb_device:chr_file { create setattr getattr};
|
|
allow udev vcs_device:chr_file { create setattr};
|
|
allow udev watchdog_device:chr_file {create setattr};
|
|
allow udev zero_device:chr_file {create setattr};
|
|
|
|
########################################3
|
|
|
|
allow udev adec_device:chr_file { create setattr};
|
|
allow udev aenc_device:chr_file { create setattr};
|
|
allow udev ai_device:chr_file { create setattr};
|
|
allow udev ao_device:chr_file { create setattr};
|
|
|
|
allow udev ca_device:chr_file { create setattr};
|
|
allow udev cipher_device:chr_file { create setattr};
|
|
|
|
allow udev demux_device:chr_file { create setattr};
|
|
allow udev disp_device:chr_file { create setattr};
|
|
|
|
allow udev gpio_device:chr_file { create setattr };
|
|
|
|
allow udev hdmi_device:chr_file { create setattr};
|
|
|
|
allow udev i2c_device:chr_file { create setattr};
|
|
allow udev ir_device:chr_file { create setattr};
|
|
|
|
allow udev omxvdec_device:chr_file { create setattr};
|
|
allow udev otp_device:chr_file { create setattr};
|
|
|
|
allow udev pdm_device:chr_file {create setattr};
|
|
allow udev pm_device:chr_file { create setattr};
|
|
allow udev png_device:chr_file { create setattr};
|
|
|
|
allow udev sci_device:chr_file { create setattr};
|
|
allow udev sync_device:chr_file { create setattr};
|
|
|
|
allow udev tuner_device:chr_file { create setattr};
|
|
|
|
allow udev vdec_device:chr_file { create setattr };
|
|
allow udev venc_device:chr_file { create setattr};
|
|
allow udev vo_device:chr_file { create setattr};
|
|
allow udev vpss_device:chr_file { create setattr};
|
|
|
|
|
|
########################################3
|
|
|
|
#media
|
|
allow udev adsp_device:chr_file { create setattr};
|
|
allow udev mce_device:chr_file { create setattr};
|
|
allow udev pq_device:chr_file { create setattr};
|
|
#graphics
|
|
allow udev dbe_device:chr_file { create setattr};
|
|
allow udev tde_device:chr_file { create setattr};
|
|
#common
|
|
allow udev module_device:chr_file { create setattr };
|
|
allow udev stat_device:chr_file { create setattr};
|
|
allow udev sys_device:chr_file { create setattr};
|
|
allow udev userproc_device:chr_file { create setattr};
|
|
#mem
|
|
allow udev mmz_userdev_device:chr_file { create setattr};
|
|
|
|
########################################3
|
|
|
|
|
|
allow udev udev_device:file {create open getattr write rename};
|
|
allow udev udev_device:dir {create search getattr write add_name remove_name};
|
|
|