summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorArian <arian.kulmer@web.de>2019-08-20 13:09:47 +0200
committerArian <arian.kulmer@web.de>2019-10-25 22:16:14 +0200
commit884cddf51755fb0b42cba313e2c6d769315013e1 (patch)
tree5e7a02b38b0c2aa36eff88866ced18a71888deac
parent82cdab4b1d0ce27465e9dd0a0d154a39a6be23f6 (diff)
shinano-common: sepolicy: clean up
-rw-r--r--sepolicy/bluetooth.te2
-rw-r--r--sepolicy/file_contexts24
-rw-r--r--sepolicy/hci_attach.te4
-rw-r--r--sepolicy/init.te2
-rw-r--r--sepolicy/keystore.te3
-rw-r--r--sepolicy/mlog_qmi.te1
-rw-r--r--sepolicy/qseecomd.te6
-rw-r--r--sepolicy/service_contexts58
8 files changed, 13 insertions, 87 deletions
diff --git a/sepolicy/bluetooth.te b/sepolicy/bluetooth.te
index 4d4e0c9..1ae7ff4 100644
--- a/sepolicy/bluetooth.te
+++ b/sepolicy/bluetooth.te
@@ -1,5 +1,3 @@
allow bluetooth hci_attach_dev:chr_file { open read write };
allow bluetooth ta_data_file:file { open read };
allow bluetooth ta_data_file:dir { search };
-allow bluetooth storage_stub_file:dir { getattr };
-allow bluetooth firmware_file:file r_file_perms;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index c00c5fa..3fb01ef 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -1,31 +1,31 @@
# NFC
-/dev/pn547 u:object_r:nfc_device:s0
+/dev/pn547 u:object_r:nfc_device:s0
# Audio
-/dev/tfa98xx u:object_r:audio_device:s0
-/system/bin/tfa9890_amp u:object_r:tfa_amp_exec:s0
+/dev/tfa98xx u:object_r:audio_device:s0
+/system/bin/tfa9890_amp u:object_r:tfa_amp_exec:s0
# Dumpstate service
-/system/vendor/bin/hw/android\.hardware\.dumpstate@1.0-service\.sony u:object_r:hal_dumpstate_default_exec:s0
+/system/vendor/bin/hw/android\.hardware\.dumpstate@1.0-service\.sony u:object_r:hal_dumpstate_default_exec:s0
# Modem
-/system/vendor/bin/mlog_qmi_service u:object_r:mlog_qmi_exec:s0
+/system/vendor/bin/mlog_qmi_service u:object_r:mlog_qmi_exec:s0
# HCI
/dev/ttyHS0 u:object_r:hci_attach_dev:s0
/dev/brcm_bt_drv u:object_r:hci_attach_dev:s0
# Bluetooth
-/system/bin/brcm-uim-sysfs u:object_r:brcm_uim_exec:s0
+/system/bin/brcm-uim-sysfs u:object_r:brcm_uim_exec:s0
# WIFI
-/sys/module/bcmdhd/parameters/firmware_path u:object_r:sysfs_wlan_fwpath:s0
+/sys/module/bcmdhd/parameters/firmware_path u:object_r:sysfs_wlan_fwpath:s0
# Quick Charge
-/system/vendor/bin/hvdcp u:object_r:hvdcp_exec:s0
+/system/vendor/bin/hvdcp u:object_r:hvdcp_exec:s0
# Touch
-/sys/devices/virtual/input/clearpad/glove -- u:object_r:sysfs_touch:s0
-/sys/devices/virtual/input/clearpad/wakeup_gesture -- u:object_r:sysfs_touch:s0
-/sys/devices/virtual/input/max1187x/glove -- u:object_r:sysfs_touch:s0
-/sys/devices/virtual/input/max1187x/wakeup_gesture -- u:object_r:sysfs_touch:s0
+/sys/devices/virtual/input/clearpad/glove u:object_r:sysfs_touch:s0
+/sys/devices/virtual/input/clearpad/wakeup_gesture u:object_r:sysfs_touch:s0
+/sys/devices/virtual/input/max1187x/glove u:object_r:sysfs_touch:s0
+/sys/devices/virtual/input/max1187x/wakeup_gesture u:object_r:sysfs_touch:s0
diff --git a/sepolicy/hci_attach.te b/sepolicy/hci_attach.te
index 3d57abe..02ce60c 100644
--- a/sepolicy/hci_attach.te
+++ b/sepolicy/hci_attach.te
@@ -5,12 +5,8 @@ init_daemon_domain(hci_attach)
set_prop(hci_attach, wifi_prop)
-#============= hci_attach ==============
allow hci_attach bluetooth_data_file:dir search;
allow hci_attach bluetooth_data_file:file r_file_perms;
allow hci_attach bluetooth_prop:property_service set;
allow hci_attach hci_attach_dev:chr_file rw_file_perms;
allow hci_attach hci_attach_exec:file execute_no_trans;
-allow hci_attach shell_exec:file { entrypoint getattr read };
-allow hci_attach system_file:file execute_no_trans;
-allow hci_attach toolbox_exec:file rx_file_perms;
diff --git a/sepolicy/init.te b/sepolicy/init.te
index 9918a3d..bda5e8b 100644
--- a/sepolicy/init.te
+++ b/sepolicy/init.te
@@ -1,4 +1,4 @@
-#FM BCM
+# FM BCM
allow init hci_attach_dev:chr_file rw_file_perms;
allow init brcm_uim_exec:file { execute getattr read open };
allow init brcm_ldisc_sysfs:lnk_file { read };
diff --git a/sepolicy/keystore.te b/sepolicy/keystore.te
index 4857479..8c2f6d1 100644
--- a/sepolicy/keystore.te
+++ b/sepolicy/keystore.te
@@ -2,7 +2,4 @@ allow keystore tee_device:chr_file rw_file_perms;
allow keystore firmware_file:file r_file_perms;
allow keystore tee_prop:file { getattr open read };
-
allow vold keystore:keystore_key { get_state get insert delete exist list sign verify };
-auditallow vold keystore:keystore_key { get_state get insert delete exist list sign verify };
-
diff --git a/sepolicy/mlog_qmi.te b/sepolicy/mlog_qmi.te
index e8f84d1..ed983fb 100644
--- a/sepolicy/mlog_qmi.te
+++ b/sepolicy/mlog_qmi.te
@@ -14,4 +14,3 @@ allow mlog_qmi smem_log_device:chr_file rw_file_perms;
# qseecom
allow mlog_qmi tee_device:chr_file rw_file_perms;
-allowxperm mlog_qmi tee_device:chr_file ioctl qseecom_sock_ipc_ioctls;
diff --git a/sepolicy/qseecomd.te b/sepolicy/qseecomd.te
index 7e61f6d..e3375cf 100644
--- a/sepolicy/qseecomd.te
+++ b/sepolicy/qseecomd.te
@@ -1,4 +1,3 @@
-
# tee starts as root, and drops privileges
allow tee self:capability {
setuid
@@ -13,11 +12,6 @@ allow tee rpmb_device:blk_file rw_file_perms;
# Provide tee access to ssd partition for HW FDE
allow tee ssd_device:blk_file rw_file_perms;
-# Allow tee to directly save and load fingerprint data
-allow tee fingerprintd_data_file:dir rw_dir_perms;
-allow tee fingerprintd_data_file:file create_file_perms;
-allow tee system_data_file:dir r_dir_perms;
-
# allow tee to load firmware images
r_dir_file(tee, firmware_file)
diff --git a/sepolicy/service_contexts b/sepolicy/service_contexts
index d4a1246..e3d7dcf 100644
--- a/sepolicy/service_contexts
+++ b/sepolicy/service_contexts
@@ -1,63 +1,5 @@
-#line 1 "system/sepolicy/service_contexts"
-#line 1 "out/target/product/leo/obj/ETC/sectxfile_nl_intermediates/sectxfile_nl"
-
#line 1 "vendor/semc/system/sepolicy/Camera_Extension_API/1.1.0/service_contexts"
media.cameraextension u:object_r:mediaserver_service:s0
-#line 1 "out/target/product/leo/obj/ETC/sectxfile_nl_intermediates/sectxfile_nl"
-
-#line 1 "vendor/semc/system/sepolicy/Crash_Handling/1_0_0/service_contexts"
-#crashmonitornative u:object_r:crashmonitor_service:s0
-#line 1 "out/target/product/leo/obj/ETC/sectxfile_nl_intermediates/sectxfile_nl"
-
-#line 1 "vendor/semc/system/sepolicy/Google_Analytics_Proxy/1.0.0/service_contexts"
-#platform_analytics u:object_r:platform_analytics_service:s0
-#line 1 "out/target/product/leo/obj/ETC/sectxfile_nl_intermediates/sectxfile_nl"
#line 1 "vendor/semc/system/sepolicy/Image_Processor_API/1.1.0/service_contexts"
media.cacao u:object_r:mediaserver_service:s0
-#line 1 "out/target/product/leo/obj/ETC/sectxfile_nl_intermediates/sectxfile_nl"
-
-#line 1 "vendor/semc/system/sepolicy/Power_Save/1.0.0/service_contexts"
-#xperiaappdepinfo u:object_r:xperiaappdepinfo_service:s0
-#xperia_power u:object_r:xperia_power_service:s0
-#stamina_qbd u:object_r:stamina_qbd_service:s0
-#line 1 "out/target/product/leo/obj/ETC/sectxfile_nl_intermediates/sectxfile_nl"
-
-#line 1 "vendor/semc/system/sepolicy/Touch/1.0.0/tfsw/service_contexts"
-#tfsw u:object_r:tfsw_service:s0
-#line 1 "out/target/product/leo/obj/ETC/sectxfile_nl_intermediates/sectxfile_nl"
-
-#line 1 "vendor/semc/system/sepolicy/WLAN_Miracast_sink/1.1.0/service_contexts"
-#WfdSinkService u:object_r:wfd_sink_exec_service:s0
-#line 1 "out/target/product/leo/obj/ETC/sectxfile_nl_intermediates/sectxfile_nl"
-
-#line 1 "device/somc/shinano/sepolicy/service_contexts"
-#overlay u:object_r:overlay_service:s0
-#line 1 "out/target/product/leo/obj/ETC/sectxfile_nl_intermediates/sectxfile_nl"
-
-#line 1 "device/qcom/sepolicy/common/service_contexts"
-#android.apps.IQfpService u:object_r:iqfp_service:s0
-#AtCmdFwd u:object_r:atfwd_service:s0
-#dpmservice u:object_r:dpmservice:s0
-#listen.service u:object_r:mediaserver_service:s0
-#cneservice u:object_r:cne_service:s0
-#gbahttpauth u:object_r:gba_auth_service:s0
-#vendor.qcom.PeripheralManager u:object_r:per_mgr_service:s0
-#com.qualcomm.qti.auth.fidocryptodaemon u:object_r:fidodaemon_service:s0
-#wbc_service u:object_r:wbc_service:s0
-#STAProxyService u:object_r:STAProxyService:s0
-#dun u:object_r:dun_service:s0
-#qti.ims.connectionmanagerservice u:object_r:imscm_service:s0
-#com.qti.snapdragon.sdk.display.IColorService u:object_r:color_service:s0
-#wfdservice u:object_r:wfdservice_service:s0
-#DigitalPen u:object_r:usf_service:s0
-#dts_eagle_service u:object_r:dtseagleservice_service:s0
-#wfd.native.mm.service u:object_r:wfdservice_service:s0
-#extphone u:object_r:radio_service:s0
-#com.qualcomm.location.izat.IzatService u:object_r:izat_service:s0
-#line 1 "out/target/product/leo/obj/ETC/sectxfile_nl_intermediates/sectxfile_nl"
-
-#line 1 "device/qcom/sepolicy/test/service_contexts"
-#com.qualcomm.qti.auth.securesampleauthdaemon u:object_r:fidotest_service:s0
-#line 1 "out/target/product/leo/obj/ETC/sectxfile_nl_intermediates/sectxfile_nl"
-