summaryrefslogtreecommitdiff
path: root/sepolicy
diff options
context:
space:
mode:
Diffstat (limited to 'sepolicy')
-rw-r--r--sepolicy/addrsetup.te20
-rw-r--r--sepolicy/cameraserver.te14
-rw-r--r--sepolicy/credmgrd.te77
-rw-r--r--sepolicy/file.te6
-rw-r--r--sepolicy/file_contexts42
-rw-r--r--sepolicy/idd.te37
-rw-r--r--sepolicy/priv_app.te3
-rw-r--r--sepolicy/property.te3
-rw-r--r--sepolicy/property_contexts10
-rw-r--r--sepolicy/vold.te8
-rw-r--r--sepolicy/workarounds.te6
11 files changed, 0 insertions, 226 deletions
diff --git a/sepolicy/addrsetup.te b/sepolicy/addrsetup.te
deleted file mode 100644
index 805450c..0000000
--- a/sepolicy/addrsetup.te
+++ /dev/null
@@ -1,20 +0,0 @@
-type addrsetup, domain, domain_deprecated;
-type addrsetup_exec, exec_type, file_type;
-
-# Started by init
-init_daemon_domain(addrsetup)
-
-# Connect to /dev/socket/tad
-unix_socket_connect(addrsetup, tad, tad)
-
-allow addrsetup bluetooth_data_file:dir rw_dir_perms;
-allow addrsetup bluetooth_data_file:file create_file_perms;
-
-allow addrsetup self:capability dac_override;
-
-allow addrsetup sysfs_addrsetup:file rw_file_perms;
-
-allow addrsetup urandom_device:file read;
-allow addrsetup tad_socket:sock_file { write };
-
-
diff --git a/sepolicy/cameraserver.te b/sepolicy/cameraserver.te
deleted file mode 100644
index fd886cf..0000000
--- a/sepolicy/cameraserver.te
+++ /dev/null
@@ -1,14 +0,0 @@
-# TODO: useless now?
-
-#============= cameraserver ==============
-allow cameraserver camera_data_file:unix_dgram_socket sendto;
-allow cameraserver camera_data_file:unix_stream_socket connectto;
-allow cameraserver camera_device:chr_file { ioctl open read write };
-
-allow cameraserver ion_device:chr_file { ioctl open read };
-
-allow cameraserver mm-qcamerad:unix_stream_socket connectto;
-
-allow cameraserver credmgrd:unix_stream_socket connectto;
-allow cameraserver credmgrd_socket:sock_file write;
-
diff --git a/sepolicy/credmgrd.te b/sepolicy/credmgrd.te
deleted file mode 100644
index d82ddac..0000000
--- a/sepolicy/credmgrd.te
+++ /dev/null
@@ -1,77 +0,0 @@
-#credmgrd define
-type credmgrd, domain;
-type credmgrd_exec, exec_type, file_type;
-type credmgrd_data_file, file_type;
-type credmgrd_socket, file_type;
-type credmgrd_prop, property_type;
-init_daemon_domain(credmgrd);
-
-#credmgrd self
-allow credmgrd self:socket create_socket_perms;
-allow credmgrd self:file rw_file_perms;
-allow credmgrd self:dir rw_file_perms;
-allow credmgrd self:fifo_file rw_file_perms;
-allow credmgrd cache_file:dir { remove_name write };
-allow credmgrd credmgrd_data_file:dir { add_name open read remove_name write };
-allow credmgrd credmgrd_data_file:file { create getattr lock open read setattr unlink write };
-
-#credmgdr tad
-allow credmgrd tad:unix_stream_socket connectto;
-allow credmgrd tad_block_device:blk_file { read write ioctl open };
-allow credmgrd tad_socket:unix_dgram_socket sendto;
-allow credmgrd tad_socket:unix_stream_socket connectto;
-allow credmgrd tad_socket:sock_file write;
-
-#credmgrd camera server
-allow credmgrd camera_socket:file { read write getattr open };
-allow credmgrd camera_socket:unix_stream_socket { connectto sendto };
-
-#credmgrd mediaserver
-allow mediaserver credmgrd:unix_stream_socket connectto;
-
-#credmgrd mm-qcamera
-allow credmgrd mm-qcamerad:file { read write getattr open };
-allow credmgrd mm-qcamerad:unix_stream_socket { connectto sendto };
-
-#credmgrd qseecomd tee
-allow credmgrd tee_device:chr_file rw_file_perms;
-
-#credmgrd suntrold
-allow credmgrd suntrold:unix_stream_socket connectto;
-allow credmgrd suntrold_sock_socket:dir search;
-allow credmgrd suntrold_sock_socket:unix_dgram_socket sendto;
-allow credmgrd suntrold_sock_socket:unix_stream_socket connectto;
-allow credmgrd suntrold_sock_socket:sock_file write;
-
-#credmgrd iddd
-allow credmgrd iddd:unix_dgram_socket sendto;
-allow credmgrd iddd_file:dir search;
-allow credmgrd iddd_file:sock_file write;
-allow credmgrd iddd_file:unix_stream_socket connectto;
-allow credmgrd iddd_file:unix_dgram_socket sendto;
-allow credmgrd iddd_file:lnk_file { read };
-
-#/mnt/idd is tmpfs
-allow credmgrd tmpfs:dir search;
-allow credmgrd tmpfs:lnk_file read;
-
-#credmgrd ion
-allow credmgrd ion_device:chr_file { ioctl open read };
-
-#============= credmgr init script ==============
-allow credmgrd cache_file:dir { add_name search };
-allow credmgrd cache_file:file { create_file_perms };
-allow credmgrd credmgrd_data_file:dir { add_name getattr relabelto reparent rename rmdir search };
-allow credmgrd credmgrd_data_file:file { append getattr open read unlink write };
-allow credmgrd credmgrd_prop:property_service set;
-allow credmgrd property_socket:sock_file write;
-allow credmgrd shell_exec:file { getattr read };
-allow credmgrd system_file:file execute_no_trans;
-allow credmgrd system_prop:property_service set;
-allow credmgrd system_data_file:dir { add_name create relabelfrom remove_name setattr write };
-
-#TODO: wrong labeled on dest socket?
-allow credmgrd init:unix_stream_socket connectto;
-
-allow credmgrd toolbox_exec:file { execute execute_no_trans getattr open read };
-
diff --git a/sepolicy/file.te b/sepolicy/file.te
index 48c3b1f..26a4973 100644
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -1,12 +1,6 @@
type sysfs_vibrator, fs_type, sysfs_type;
-# idd
-type iddd_file, file_type, data_file_type;
-
# BRCM BT FM
type brcm_ldisc_sysfs, sysfs_type, fs_type;
type brcm_uim_exec, exec_type, file_type;
-# Macaddr
-type sysfs_addrsetup, fs_type, sysfs_type;
-
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 560f2b6..24fab9d 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -11,52 +11,10 @@
# Hardware tunables
/sys/devices/virtual/timed_output/vibrator/vtg_level -- u:object_r:sysfs_vibrator:s0
-# In Device Diagnostics (idd)
-/system/bin/iddd u:object_r:iddd_exec:s0
-/system/bin/idd-logreader u:object_r:iddd_exec:s0
-/idd(/.*)? u:object_r:iddd_file:s0
-/mnt/idd u:object_r:iddd_file:s0
-
# HCI
/dev/ttyHS0 u:object_r:hci_attach_dev:s0
/dev/brcm_bt_drv u:object_r:hci_attach_dev:s0
-# Taimport
-/data/etc(/.*) u:object_r:ta_data_file:s0
-
-/system/bin/scd u:object_r:scd_exec:s0
-/data/scd u:object_r:scd_data:s0
-/data/scd(/.*) u:object_r:scd_data:s0
-/system/bin/scdnotifier u:object_r:scd_exec:s0
-
-/system/bin/wvkbd u:object_r:wv_exec:s0
-
# Bluetooth
/system/bin/brcm-uim-sysfs u:object_r:brcm_uim_exec:s0
-###########
-#credmgrd
-/system/bin/credmgrd u:object_r:credmgrd_exec:s0
-/system/bin/credmgrfirstboot.sh u:object_r:credmgrd_exec:s0
-/dev/socket/credmgr u:object_r:credmgrd_socket:s0
-/data/credmgr(/.*)? u:object_r:credmgrd_data_file:s0
-/cache/CredentialManagerData u:object_r:credmgrd_data_file:s0
-/cache/credmgr.log u:object_r:credmgrd_data_file:s0
-/ta(/.*)? -- u:object_r:ta_data_file:s0
-
-#cam_socket
-/data/misc/camera(/.*) u:object_r:camera_data_file:s0
-/dev/block/mmcblk0p1 u:object_r:tad_block_device:s0
-
-# macaddrsetup
-/system/bin/macaddrsetup u:object_r:addrsetup_exec:s0
-/sys/devices/platform/bcmdhd_wlan/macaddr u:object_r:sysfs_addrsetup:s0
-
-#KGSL
-/sys/devices/fdb00000.qcom,kgsl-3d0/kgsl/kgsl-3d0/gpuclk u:object_r:sysfs_thermal:s0
-/sys/devices(/soc\.0)?/fdb00000\.qcom,kgsl-3d0/kgsl/kgsl-3d0/max_gpuclk u:object_r:sysfs_thermal:s0
-/sys/devices(/soc\.0)?/fdb00000\.qcom,kgsl-3d0/kgsl/kgsl-3d0/reset_count u:object_r:sysfs_thermal:s0
-
-# ZRAM
-/sys/devices/virtual/block/zram0/mm_stat u:object_r:sysfs_zram:s0
-
diff --git a/sepolicy/idd.te b/sepolicy/idd.te
deleted file mode 100644
index 1c068d7..0000000
--- a/sepolicy/idd.te
+++ /dev/null
@@ -1,37 +0,0 @@
-# iddd daemon
-type iddd, domain;
-
-type iddd_exec, exec_type, file_type;
-init_daemon_domain(iddd)
-
-type_transition iddd system_data_file:file iddd_file;
-
-allow iddd self:socket create_socket_perms;
-allow iddd iddd_file:sock_file { create setattr unlink write };
-
-allow iddd iddd_file:fifo_file rw_file_perms;
-allow iddd iddd_file:file rw_file_perms;
-allow iddd iddd_file:file { create rename unlink };
-allow iddd iddd_file:dir rw_file_perms;
-allow iddd iddd_file:dir { add_name create remove_name search };
-
-# TODO: label the right way / Allow context change
-allow iddd system_file:file execute_no_trans;
-allow iddd iddd_exec:file execute_no_trans;
-
-# Allow iddd send to logd
-allow iddd logd:unix_stream_socket connectto;
-allow iddd logdr_socket:sock_file write;
-
-# Allow file system create (we use tmpfs now)
-allow iddd tmpfs:lnk_file read;
-allow iddd tmpfs:dir search;
-
-# Allow proc socket search
-allow iddd proc:file { getattr open read };
-
-# Allow idd to read ro.semc
-allow iddd ta_prop:file { getattr open read };
-
-# Allow reading via symlink
-allow iddd iddd_file:lnk_file { read }; \ No newline at end of file
diff --git a/sepolicy/priv_app.te b/sepolicy/priv_app.te
deleted file mode 100644
index 9da0f51..0000000
--- a/sepolicy/priv_app.te
+++ /dev/null
@@ -1,3 +0,0 @@
-allow priv_app device:dir { open read getattr };
-allow priv_app cache_private_backup_file:dir { getattr setattr };
-allow vold cache_file:dir create;
diff --git a/sepolicy/property.te b/sepolicy/property.te
deleted file mode 100644
index a9978eb..0000000
--- a/sepolicy/property.te
+++ /dev/null
@@ -1,3 +0,0 @@
-type timekeep_prop, property_type;
-type tee_prop, property_type;
-type ta_prop, property_type;
diff --git a/sepolicy/property_contexts b/sepolicy/property_contexts
deleted file mode 100644
index a6b2b29..0000000
--- a/sepolicy/property_contexts
+++ /dev/null
@@ -1,10 +0,0 @@
-
-sys.keymaster.loaded u:object_r:tee_prop:s0
-sys.listeners.registered u:object_r:tee_prop:s0
-persist.sys.timeadjust u:object_r:timekeep_prop:s0
-persist.service.bdroid.bdaddr u:object_r:bluetooth_prop:s0
-persist.tareset.notfirstboot u:object_r:ta_prop:s0
-sys.credmgrdready u:object_r:credmgrd_prop:s0
-ro.semc. u:object_r:ta_prop:s0
-ro.sony.color_id u:object_r:ta_prop:s0
-init.taimport u:object_r:ta_prop:s0
diff --git a/sepolicy/vold.te b/sepolicy/vold.te
deleted file mode 100644
index 0881f15..0000000
--- a/sepolicy/vold.te
+++ /dev/null
@@ -1,8 +0,0 @@
-allow vold diag_data_file:dir { read open ioctl };
-allow vold tee_prop:file { getattr open read };
-allow vold firmware_file:file { getattr open read };
-allow vold iddd_file:dir { open read ioctl };
-allow vold tee_device:unix_stream_socket connectto;
-allow vold tee_device:sock_file write;
-allow vold tee_device:unix_stream_socket connectto;
-allow vold tee_device:sock_file write;
diff --git a/sepolicy/workarounds.te b/sepolicy/workarounds.te
deleted file mode 100644
index e425163..0000000
--- a/sepolicy/workarounds.te
+++ /dev/null
@@ -1,6 +0,0 @@
-
-
-#TODO: shouldnot exist
-allow rmt_storage self:capability dac_override;
-
-