Changes to eg25manager and modemmanager needed for firmware upload on pinephonepro
Signed-off-by: Russell Coker <russell@coker.com.au>
This commit is contained in:
Russell Coker
parent
d542d53698
commit
9f7d6ff7a0
|
|
@ -57,8 +57,10 @@ files_read_usr_files(eg25manager_t)
|
|||
logging_send_syslog_msg(eg25manager_t)
|
||||
|
||||
miscfiles_read_generic_certs(eg25manager_t)
|
||||
miscfiles_read_localization(eg25manager_t)
|
||||
|
||||
modemmanager_dbus_chat(eg25manager_t)
|
||||
# will not upload to pinephone modem without this
|
||||
selinux_get_fs_mount(eg25manager_t)
|
||||
|
||||
sysnet_read_config(eg25manager_t)
|
||||
|
||||
|
|
@ -66,3 +68,10 @@ systemd_dbus_chat_logind(eg25manager_t)
|
|||
systemd_read_resolved_runtime(eg25manager_t)
|
||||
systemd_use_logind_fds(eg25manager_t)
|
||||
systemd_write_inherited_logind_inhibit_pipes(eg25manager_t)
|
||||
|
||||
term_use_unallocated_ttys(eg25manager_t)
|
||||
|
||||
optional_policy(`
|
||||
modemmanager_dbus_chat(eg25manager_t)
|
||||
')
|
||||
|
||||
|
|
|
|||
|
|
@ -15,16 +15,30 @@ init_daemon_domain(modemmanager_t, modemmanager_exec_t)
|
|||
#
|
||||
|
||||
allow modemmanager_t self:capability { net_admin sys_admin sys_tty_config };
|
||||
allow modemmanager_t self:process { getsched signal };
|
||||
allow modemmanager_t self:process { getsched setsched signal setpgid };
|
||||
allow modemmanager_t self:fifo_file rw_fifo_file_perms;
|
||||
allow modemmanager_t self:unix_stream_socket create_stream_socket_perms;
|
||||
allow modemmanager_t self:unix_stream_socket { connectto create_stream_socket_perms };
|
||||
allow modemmanager_t self:netlink_kobject_uevent_socket create_socket_perms;
|
||||
allow modemmanager_t self:netlink_route_socket { create getattr getopt nlmsg_write read write };
|
||||
allow modemmanager_t self:qipcrtr_socket { create getattr getopt read write };
|
||||
|
||||
# ModemManager calls mmap(PROT_READ|PROT_WRITE|PROT_EXEC)
|
||||
allow modemmanager_t self:process execmem;
|
||||
|
||||
kernel_read_system_state(modemmanager_t)
|
||||
kernel_request_load_module(modemmanager_t)
|
||||
|
||||
# for qmi/pass_through
|
||||
dev_create_sysfs_files(modemmanager_t)
|
||||
|
||||
dev_getattr_sysfs(modemmanager_t)
|
||||
dev_read_sysfs(modemmanager_t)
|
||||
dev_write_sysfs(modemmanager_t)
|
||||
dev_rw_modem(modemmanager_t)
|
||||
|
||||
# for /usr/libexec/qmi-proxy
|
||||
corecmd_exec_bin(modemmanager_t)
|
||||
|
||||
files_read_etc_files(modemmanager_t)
|
||||
|
||||
term_use_generic_ptys(modemmanager_t)
|
||||
|
|
|
|||
Loading…
Reference in New Issue