shinano-common: sepolicy: clean up

8 files changed, 13 insertions, 87 deletions

diff --git a/sepolicy/bluetooth.te b/sepolicy/bluetooth.te
index 4d4e0c9..1ae7ff4 100644
--- a/sepolicy/bluetooth.te
+++ b/sepolicy/bluetooth.te
@@ -1,5 +1,3 @@
 allow bluetooth hci_attach_dev:chr_file { open read write };
 allow bluetooth ta_data_file:file { open read };
 allow bluetooth ta_data_file:dir { search };
-allow bluetooth storage_stub_file:dir { getattr };
-allow bluetooth firmware_file:file r_file_perms;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index c00c5fa..3fb01ef 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -1,31 +1,31 @@
 # NFC
-/dev/pn547                           u:object_r:nfc_device:s0
+/dev/pn547                               u:object_r:nfc_device:s0
 
 # Audio
-/dev/tfa98xx                         u:object_r:audio_device:s0
-/system/bin/tfa9890_amp              u:object_r:tfa_amp_exec:s0
+/dev/tfa98xx                             u:object_r:audio_device:s0
+/system/bin/tfa9890_amp                  u:object_r:tfa_amp_exec:s0
 
 # Dumpstate service
-/system/vendor/bin/hw/android\.hardware\.dumpstate@1.0-service\.sony      u:object_r:hal_dumpstate_default_exec:s0
+/system/vendor/bin/hw/android\.hardware\.dumpstate@1.0-service\.sony    u:object_r:hal_dumpstate_default_exec:s0
 
 # Modem
-/system/vendor/bin/mlog_qmi_service         u:object_r:mlog_qmi_exec:s0
+/system/vendor/bin/mlog_qmi_service      u:object_r:mlog_qmi_exec:s0
 
 # HCI
 /dev/ttyHS0                              u:object_r:hci_attach_dev:s0
 /dev/brcm_bt_drv                         u:object_r:hci_attach_dev:s0
 
 # Bluetooth
-/system/bin/brcm-uim-sysfs                              u:object_r:brcm_uim_exec:s0
+/system/bin/brcm-uim-sysfs               u:object_r:brcm_uim_exec:s0
 
 # WIFI
-/sys/module/bcmdhd/parameters/firmware_path             u:object_r:sysfs_wlan_fwpath:s0
+/sys/module/bcmdhd/parameters/firmware_path    u:object_r:sysfs_wlan_fwpath:s0
 
 # Quick Charge
-/system/vendor/bin/hvdcp                      u:object_r:hvdcp_exec:s0
+/system/vendor/bin/hvdcp                 u:object_r:hvdcp_exec:s0
 
 # Touch
-/sys/devices/virtual/input/clearpad/glove -- u:object_r:sysfs_touch:s0
-/sys/devices/virtual/input/clearpad/wakeup_gesture -- u:object_r:sysfs_touch:s0
-/sys/devices/virtual/input/max1187x/glove -- u:object_r:sysfs_touch:s0
-/sys/devices/virtual/input/max1187x/wakeup_gesture -- u:object_r:sysfs_touch:s0
+/sys/devices/virtual/input/clearpad/glove             u:object_r:sysfs_touch:s0
+/sys/devices/virtual/input/clearpad/wakeup_gesture    u:object_r:sysfs_touch:s0
+/sys/devices/virtual/input/max1187x/glove             u:object_r:sysfs_touch:s0
+/sys/devices/virtual/input/max1187x/wakeup_gesture    u:object_r:sysfs_touch:s0
diff --git a/sepolicy/hci_attach.te b/sepolicy/hci_attach.te
index 3d57abe..02ce60c 100644
--- a/sepolicy/hci_attach.te
+++ b/sepolicy/hci_attach.te
@@ -5,12 +5,8 @@ init_daemon_domain(hci_attach)
 
 set_prop(hci_attach, wifi_prop)
 
-#============= hci_attach ==============
 allow hci_attach bluetooth_data_file:dir search;
 allow hci_attach bluetooth_data_file:file r_file_perms;
 allow hci_attach bluetooth_prop:property_service set;
 allow hci_attach hci_attach_dev:chr_file rw_file_perms;
 allow hci_attach hci_attach_exec:file execute_no_trans;
-allow hci_attach shell_exec:file { entrypoint getattr read };
-allow hci_attach system_file:file execute_no_trans;
-allow hci_attach toolbox_exec:file rx_file_perms;
diff --git a/sepolicy/init.te b/sepolicy/init.te
index 9918a3d..bda5e8b 100644
--- a/sepolicy/init.te
+++ b/sepolicy/init.te
@@ -1,4 +1,4 @@
-#FM BCM
+# FM BCM
 allow init hci_attach_dev:chr_file rw_file_perms;
 allow init brcm_uim_exec:file { execute getattr read open };
 allow init brcm_ldisc_sysfs:lnk_file { read };
diff --git a/sepolicy/keystore.te b/sepolicy/keystore.te
index 4857479..8c2f6d1 100644
--- a/sepolicy/keystore.te
+++ b/sepolicy/keystore.te
@@ -2,7 +2,4 @@ allow keystore tee_device:chr_file rw_file_perms;
 allow keystore firmware_file:file r_file_perms;
 allow keystore tee_prop:file { getattr open read };
 
-
 allow vold keystore:keystore_key { get_state get insert delete exist list sign verify };
-auditallow vold keystore:keystore_key { get_state get insert delete exist list sign verify };
-
diff --git a/sepolicy/mlog_qmi.te b/sepolicy/mlog_qmi.te
index e8f84d1..ed983fb 100644
--- a/sepolicy/mlog_qmi.te
+++ b/sepolicy/mlog_qmi.te
@@ -14,4 +14,3 @@ allow mlog_qmi smem_log_device:chr_file rw_file_perms;
 
 # qseecom
 allow mlog_qmi tee_device:chr_file rw_file_perms;
-allowxperm mlog_qmi tee_device:chr_file ioctl qseecom_sock_ipc_ioctls;
diff --git a/sepolicy/qseecomd.te b/sepolicy/qseecomd.te
index 7e61f6d..e3375cf 100644
--- a/sepolicy/qseecomd.te
+++ b/sepolicy/qseecomd.te
@@ -1,4 +1,3 @@
-
 # tee starts as root, and drops privileges
 allow tee self:capability {
     setuid
@@ -13,11 +12,6 @@ allow tee rpmb_device:blk_file rw_file_perms;
 # Provide tee access to ssd partition for HW FDE
 allow tee ssd_device:blk_file rw_file_perms;
 
-# Allow tee to directly save and load fingerprint data
-allow tee fingerprintd_data_file:dir rw_dir_perms;
-allow tee fingerprintd_data_file:file create_file_perms;
-allow tee system_data_file:dir r_dir_perms;
-
 # allow tee to load firmware images
 r_dir_file(tee, firmware_file)
 
diff --git a/sepolicy/service_contexts b/sepolicy/service_contexts
index d4a1246..e3d7dcf 100644
--- a/sepolicy/service_contexts
+++ b/sepolicy/service_contexts
@@ -1,63 +1,5 @@
-#line 1 "system/sepolicy/service_contexts"
-#line 1 "out/target/product/leo/obj/ETC/sectxfile_nl_intermediates/sectxfile_nl"
-
 #line 1 "vendor/semc/system/sepolicy/Camera_Extension_API/1.1.0/service_contexts"
 media.cameraextension                     u:object_r:mediaserver_service:s0
-#line 1 "out/target/product/leo/obj/ETC/sectxfile_nl_intermediates/sectxfile_nl"
-
-#line 1 "vendor/semc/system/sepolicy/Crash_Handling/1_0_0/service_contexts"
-#crashmonitornative u:object_r:crashmonitor_service:s0
-#line 1 "out/target/product/leo/obj/ETC/sectxfile_nl_intermediates/sectxfile_nl"
-
-#line 1 "vendor/semc/system/sepolicy/Google_Analytics_Proxy/1.0.0/service_contexts"
-#platform_analytics u:object_r:platform_analytics_service:s0
-#line 1 "out/target/product/leo/obj/ETC/sectxfile_nl_intermediates/sectxfile_nl"
 
 #line 1 "vendor/semc/system/sepolicy/Image_Processor_API/1.1.0/service_contexts"
 media.cacao                               u:object_r:mediaserver_service:s0
-#line 1 "out/target/product/leo/obj/ETC/sectxfile_nl_intermediates/sectxfile_nl"
-
-#line 1 "vendor/semc/system/sepolicy/Power_Save/1.0.0/service_contexts"
-#xperiaappdepinfo                                       u:object_r:xperiaappdepinfo_service:s0
-#xperia_power                                           u:object_r:xperia_power_service:s0
-#stamina_qbd                                            u:object_r:stamina_qbd_service:s0
-#line 1 "out/target/product/leo/obj/ETC/sectxfile_nl_intermediates/sectxfile_nl"
-
-#line 1 "vendor/semc/system/sepolicy/Touch/1.0.0/tfsw/service_contexts"
-#tfsw                                      u:object_r:tfsw_service:s0
-#line 1 "out/target/product/leo/obj/ETC/sectxfile_nl_intermediates/sectxfile_nl"
-
-#line 1 "vendor/semc/system/sepolicy/WLAN_Miracast_sink/1.1.0/service_contexts"
-#WfdSinkService u:object_r:wfd_sink_exec_service:s0
-#line 1 "out/target/product/leo/obj/ETC/sectxfile_nl_intermediates/sectxfile_nl"
-
-#line 1 "device/somc/shinano/sepolicy/service_contexts"
-#overlay                                   u:object_r:overlay_service:s0
-#line 1 "out/target/product/leo/obj/ETC/sectxfile_nl_intermediates/sectxfile_nl"
-
-#line 1 "device/qcom/sepolicy/common/service_contexts"
-#android.apps.IQfpService                       u:object_r:iqfp_service:s0
-#AtCmdFwd                                       u:object_r:atfwd_service:s0
-#dpmservice                                     u:object_r:dpmservice:s0
-#listen.service                                 u:object_r:mediaserver_service:s0
-#cneservice                                     u:object_r:cne_service:s0
-#gbahttpauth                                    u:object_r:gba_auth_service:s0
-#vendor.qcom.PeripheralManager                  u:object_r:per_mgr_service:s0
-#com.qualcomm.qti.auth.fidocryptodaemon         u:object_r:fidodaemon_service:s0
-#wbc_service                                    u:object_r:wbc_service:s0
-#STAProxyService                                u:object_r:STAProxyService:s0
-#dun                                            u:object_r:dun_service:s0
-#qti.ims.connectionmanagerservice               u:object_r:imscm_service:s0
-#com.qti.snapdragon.sdk.display.IColorService   u:object_r:color_service:s0
-#wfdservice                                     u:object_r:wfdservice_service:s0
-#DigitalPen                                     u:object_r:usf_service:s0
-#dts_eagle_service                              u:object_r:dtseagleservice_service:s0
-#wfd.native.mm.service                          u:object_r:wfdservice_service:s0
-#extphone                                       u:object_r:radio_service:s0
-#com.qualcomm.location.izat.IzatService         u:object_r:izat_service:s0
-#line 1 "out/target/product/leo/obj/ETC/sectxfile_nl_intermediates/sectxfile_nl"
-
-#line 1 "device/qcom/sepolicy/test/service_contexts"
-#com.qualcomm.qti.auth.securesampleauthdaemon   u:object_r:fidotest_service:s0
-#line 1 "out/target/product/leo/obj/ETC/sectxfile_nl_intermediates/sectxfile_nl"
-