PawletOS/FrameworkAPI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update sepolicy/pawlet_device.te

Browse Source
This commit is contained in:
oxmc
2025-08-19 15:31:40 -07:00
parent 423e1f468b
commit 82121f7641
1 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
sepolicy/pawlet_device.te
View File

@@ -5,14 +5,14 @@ type pawlet_device_exec, exec_type, file_type, system_file_type;
# Inherit from core domain
typeattribute pawlet_device coredomain;
# Property access - use proper macros ONLY (no direct allow rules)
get_prop(pawlet_device, vendor_default_prop)
set_prop(pawlet_device, vendor_default_prop)
# Basic file access for your domain
allow pawlet_device pawlet_device_exec:file { execute read open map };
allow pawlet_device system_file:file { read getattr open };
# Binder communication if needed
allow pawlet_device system_server:binder { call transfer };
allow pawlet_device servicemanager:binder { call transfer };
binder_use(pawlet_device)
binder_call(pawlet_device, system_server)
binder_call(pawlet_device, servicemanager)
# Basic file access for your domain (only for your own files)
allow pawlet_device pawlet_device_exec:file { execute read open map };
allow pawlet_device system_file:file { read getattr open };
# ONLY THIS LINE IS NEEDED FOR READING PROPERTIES:
get_prop(pawlet_device, vendor_default_prop)