From 00575eea94e4c78e7cce9514efe2de6f8e75b0c5 Mon Sep 17 00:00:00 2001
From: Nikhil Punathil <nikhilpe@gmail.com>
Date: Tue, 22 Aug 2017 00:36:59 +0530
Subject: shinano-common: move common sepolicy to msm8974-common

Change-Id: I270a673ac8c13dd192799e2513ec377919653458
Signed-off-by: Nikhil Punathil <nikhilpe@gmail.com>
---
 sepolicy/addrsetup.te      | 20 ------------
 sepolicy/cameraserver.te   | 14 ---------
 sepolicy/credmgrd.te       | 77 ----------------------------------------------
 sepolicy/file.te           |  6 ----
 sepolicy/file_contexts     | 42 -------------------------
 sepolicy/idd.te            | 37 ----------------------
 sepolicy/priv_app.te       |  3 --
 sepolicy/property.te       |  3 --
 sepolicy/property_contexts | 10 ------
 sepolicy/vold.te           |  8 -----
 sepolicy/workarounds.te    |  6 ----
 11 files changed, 226 deletions(-)
 delete mode 100644 sepolicy/addrsetup.te
 delete mode 100644 sepolicy/cameraserver.te
 delete mode 100644 sepolicy/credmgrd.te
 delete mode 100644 sepolicy/idd.te
 delete mode 100644 sepolicy/priv_app.te
 delete mode 100644 sepolicy/property.te
 delete mode 100644 sepolicy/property_contexts
 delete mode 100644 sepolicy/vold.te
 delete mode 100644 sepolicy/workarounds.te

(limited to 'sepolicy')

diff --git a/sepolicy/addrsetup.te b/sepolicy/addrsetup.te
deleted file mode 100644
index 805450c..0000000
--- a/sepolicy/addrsetup.te
+++ /dev/null
@@ -1,20 +0,0 @@
-type addrsetup, domain, domain_deprecated;
-type addrsetup_exec, exec_type, file_type;
-
-# Started by init
-init_daemon_domain(addrsetup)
-
-# Connect to /dev/socket/tad
-unix_socket_connect(addrsetup, tad, tad)
-
-allow addrsetup bluetooth_data_file:dir rw_dir_perms;
-allow addrsetup bluetooth_data_file:file create_file_perms;
-
-allow addrsetup self:capability dac_override;
-
-allow addrsetup sysfs_addrsetup:file rw_file_perms;
-
-allow addrsetup urandom_device:file read;
-allow addrsetup tad_socket:sock_file { write };
-
-
diff --git a/sepolicy/cameraserver.te b/sepolicy/cameraserver.te
deleted file mode 100644
index fd886cf..0000000
--- a/sepolicy/cameraserver.te
+++ /dev/null
@@ -1,14 +0,0 @@
-# TODO: useless now?
-
-#============= cameraserver ==============
-allow cameraserver camera_data_file:unix_dgram_socket sendto;
-allow cameraserver camera_data_file:unix_stream_socket connectto;
-allow cameraserver camera_device:chr_file { ioctl open read write };
-
-allow cameraserver ion_device:chr_file { ioctl open read };
-
-allow cameraserver mm-qcamerad:unix_stream_socket connectto;
-
-allow cameraserver credmgrd:unix_stream_socket connectto;
-allow cameraserver credmgrd_socket:sock_file write;
-
diff --git a/sepolicy/credmgrd.te b/sepolicy/credmgrd.te
deleted file mode 100644
index d82ddac..0000000
--- a/sepolicy/credmgrd.te
+++ /dev/null
@@ -1,77 +0,0 @@
-#credmgrd define
-type credmgrd, domain;
-type credmgrd_exec, exec_type, file_type;
-type credmgrd_data_file, file_type;
-type credmgrd_socket, file_type;
-type credmgrd_prop, property_type;
-init_daemon_domain(credmgrd);
-
-#credmgrd self
-allow credmgrd self:socket create_socket_perms;
-allow credmgrd self:file rw_file_perms;
-allow credmgrd self:dir rw_file_perms;
-allow credmgrd self:fifo_file rw_file_perms;
-allow credmgrd cache_file:dir { remove_name write };
-allow credmgrd credmgrd_data_file:dir { add_name open read remove_name write };
-allow credmgrd credmgrd_data_file:file { create getattr lock open read setattr unlink write };
-
-#credmgdr tad
-allow credmgrd tad:unix_stream_socket connectto;
-allow credmgrd tad_block_device:blk_file { read write ioctl open };
-allow credmgrd tad_socket:unix_dgram_socket sendto;
-allow credmgrd tad_socket:unix_stream_socket connectto;
-allow credmgrd tad_socket:sock_file write;
-
-#credmgrd camera server
-allow credmgrd camera_socket:file { read write getattr open };
-allow credmgrd camera_socket:unix_stream_socket { connectto sendto }; 
-
-#credmgrd mediaserver
-allow mediaserver credmgrd:unix_stream_socket connectto;
-
-#credmgrd mm-qcamera
-allow credmgrd mm-qcamerad:file { read write getattr open };
-allow credmgrd mm-qcamerad:unix_stream_socket { connectto sendto };
-
-#credmgrd qseecomd tee
-allow credmgrd tee_device:chr_file rw_file_perms;
-
-#credmgrd suntrold
-allow credmgrd suntrold:unix_stream_socket connectto;
-allow credmgrd suntrold_sock_socket:dir search;
-allow credmgrd suntrold_sock_socket:unix_dgram_socket sendto;
-allow credmgrd suntrold_sock_socket:unix_stream_socket connectto;
-allow credmgrd suntrold_sock_socket:sock_file write;
-
-#credmgrd iddd
-allow credmgrd iddd:unix_dgram_socket sendto;
-allow credmgrd iddd_file:dir search;
-allow credmgrd iddd_file:sock_file write;
-allow credmgrd iddd_file:unix_stream_socket connectto;
-allow credmgrd iddd_file:unix_dgram_socket sendto;
-allow credmgrd iddd_file:lnk_file { read };
-
-#/mnt/idd is tmpfs
-allow credmgrd tmpfs:dir search;
-allow credmgrd tmpfs:lnk_file read;
-
-#credmgrd ion
-allow credmgrd ion_device:chr_file { ioctl open read };
-
-#============= credmgr init script ==============
-allow credmgrd cache_file:dir { add_name search };
-allow credmgrd cache_file:file { create_file_perms };
-allow credmgrd credmgrd_data_file:dir { add_name getattr relabelto reparent rename rmdir search };
-allow credmgrd credmgrd_data_file:file { append getattr open read unlink write };
-allow credmgrd credmgrd_prop:property_service set;
-allow credmgrd property_socket:sock_file write;
-allow credmgrd shell_exec:file { getattr read };
-allow credmgrd system_file:file execute_no_trans;
-allow credmgrd system_prop:property_service set;
-allow credmgrd system_data_file:dir { add_name create relabelfrom remove_name setattr write };
-
-#TODO: wrong labeled on dest socket?
-allow credmgrd init:unix_stream_socket connectto;
-
-allow credmgrd toolbox_exec:file { execute execute_no_trans getattr open read };
-
diff --git a/sepolicy/file.te b/sepolicy/file.te
index 48c3b1f..26a4973 100644
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -1,12 +1,6 @@
 type sysfs_vibrator, fs_type, sysfs_type;
 
-# idd
-type iddd_file, file_type, data_file_type;
-
 # BRCM BT FM
 type brcm_ldisc_sysfs, sysfs_type, fs_type;
 type brcm_uim_exec, exec_type, file_type;
 
-# Macaddr
-type sysfs_addrsetup, fs_type, sysfs_type;
-
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 560f2b6..24fab9d 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -11,52 +11,10 @@
 # Hardware tunables
 /sys/devices/virtual/timed_output/vibrator/vtg_level   -- u:object_r:sysfs_vibrator:s0
 
-# In Device Diagnostics (idd)
-/system/bin/iddd                                         u:object_r:iddd_exec:s0
-/system/bin/idd-logreader                                u:object_r:iddd_exec:s0
-/idd(/.*)?                                               u:object_r:iddd_file:s0
-/mnt/idd                                                 u:object_r:iddd_file:s0
-
 # HCI
 /dev/ttyHS0                              u:object_r:hci_attach_dev:s0
 /dev/brcm_bt_drv                         u:object_r:hci_attach_dev:s0
 
-# Taimport
-/data/etc(/.*)                           u:object_r:ta_data_file:s0
-
-/system/bin/scd 						u:object_r:scd_exec:s0
-/data/scd								u:object_r:scd_data:s0
-/data/scd(/.*)							u:object_r:scd_data:s0
-/system/bin/scdnotifier					u:object_r:scd_exec:s0
-
-/system/bin/wvkbd						u:object_r:wv_exec:s0
-
 # Bluetooth
 /system/bin/brcm-uim-sysfs                              u:object_r:brcm_uim_exec:s0
 
-###########
-#credmgrd
-/system/bin/credmgrd 					u:object_r:credmgrd_exec:s0
-/system/bin/credmgrfirstboot.sh			u:object_r:credmgrd_exec:s0
-/dev/socket/credmgr						u:object_r:credmgrd_socket:s0
-/data/credmgr(/.*)?						u:object_r:credmgrd_data_file:s0
-/cache/CredentialManagerData			u:object_r:credmgrd_data_file:s0
-/cache/credmgr.log						u:object_r:credmgrd_data_file:s0
-/ta(/.*)? -- 							u:object_r:ta_data_file:s0
-
-#cam_socket
-/data/misc/camera(/.*)					u:object_r:camera_data_file:s0
-/dev/block/mmcblk0p1					u:object_r:tad_block_device:s0
-
-# macaddrsetup
-/system/bin/macaddrsetup                 u:object_r:addrsetup_exec:s0
-/sys/devices/platform/bcmdhd_wlan/macaddr    u:object_r:sysfs_addrsetup:s0
-
-#KGSL
-/sys/devices/fdb00000.qcom,kgsl-3d0/kgsl/kgsl-3d0/gpuclk   				 u:object_r:sysfs_thermal:s0
-/sys/devices(/soc\.0)?/fdb00000\.qcom,kgsl-3d0/kgsl/kgsl-3d0/max_gpuclk                  u:object_r:sysfs_thermal:s0
-/sys/devices(/soc\.0)?/fdb00000\.qcom,kgsl-3d0/kgsl/kgsl-3d0/reset_count                 u:object_r:sysfs_thermal:s0
-
-# ZRAM
-/sys/devices/virtual/block/zram0/mm_stat                                          u:object_r:sysfs_zram:s0
-
diff --git a/sepolicy/idd.te b/sepolicy/idd.te
deleted file mode 100644
index 1c068d7..0000000
--- a/sepolicy/idd.te
+++ /dev/null
@@ -1,37 +0,0 @@
-# iddd daemon
-type iddd, domain;
-
-type iddd_exec, exec_type, file_type;
-init_daemon_domain(iddd)
-
-type_transition iddd system_data_file:file iddd_file;
-
-allow iddd self:socket create_socket_perms;
-allow iddd iddd_file:sock_file { create setattr unlink write };
-
-allow iddd iddd_file:fifo_file rw_file_perms;
-allow iddd iddd_file:file rw_file_perms;
-allow iddd iddd_file:file { create rename unlink };
-allow iddd iddd_file:dir rw_file_perms;
-allow iddd iddd_file:dir { add_name create remove_name search };
-
-# TODO: label the right way / Allow context change
-allow iddd system_file:file execute_no_trans;
-allow iddd iddd_exec:file execute_no_trans;
-
-# Allow iddd send to logd
-allow iddd logd:unix_stream_socket connectto;
-allow iddd logdr_socket:sock_file write;
-
-# Allow file system create (we use tmpfs now)
-allow iddd tmpfs:lnk_file read;
-allow iddd tmpfs:dir search;
-
-# Allow proc socket search
-allow iddd proc:file { getattr open read };
-
-# Allow idd to read ro.semc
-allow iddd ta_prop:file { getattr open read };
-
-# Allow reading via symlink
-allow iddd iddd_file:lnk_file { read };
\ No newline at end of file
diff --git a/sepolicy/priv_app.te b/sepolicy/priv_app.te
deleted file mode 100644
index 9da0f51..0000000
--- a/sepolicy/priv_app.te
+++ /dev/null
@@ -1,3 +0,0 @@
-allow priv_app device:dir { open read getattr };
-allow priv_app cache_private_backup_file:dir { getattr setattr };
-allow vold cache_file:dir create;
diff --git a/sepolicy/property.te b/sepolicy/property.te
deleted file mode 100644
index a9978eb..0000000
--- a/sepolicy/property.te
+++ /dev/null
@@ -1,3 +0,0 @@
-type timekeep_prop, property_type;
-type tee_prop, property_type;
-type ta_prop, property_type;
diff --git a/sepolicy/property_contexts b/sepolicy/property_contexts
deleted file mode 100644
index a6b2b29..0000000
--- a/sepolicy/property_contexts
+++ /dev/null
@@ -1,10 +0,0 @@
-
-sys.keymaster.loaded       u:object_r:tee_prop:s0
-sys.listeners.registered   u:object_r:tee_prop:s0
-persist.sys.timeadjust     u:object_r:timekeep_prop:s0
-persist.service.bdroid.bdaddr u:object_r:bluetooth_prop:s0
-persist.tareset.notfirstboot  u:object_r:ta_prop:s0
-sys.credmgrdready		u:object_r:credmgrd_prop:s0
-ro.semc. 				u:object_r:ta_prop:s0
-ro.sony.color_id		u:object_r:ta_prop:s0
-init.taimport			u:object_r:ta_prop:s0
diff --git a/sepolicy/vold.te b/sepolicy/vold.te
deleted file mode 100644
index 0881f15..0000000
--- a/sepolicy/vold.te
+++ /dev/null
@@ -1,8 +0,0 @@
-allow vold diag_data_file:dir { read open ioctl };
-allow vold tee_prop:file { getattr open read };
-allow vold firmware_file:file { getattr open read };
-allow vold iddd_file:dir { open read ioctl };
-allow vold tee_device:unix_stream_socket connectto;
-allow vold tee_device:sock_file write;
-allow vold tee_device:unix_stream_socket connectto;
-allow vold tee_device:sock_file write;
diff --git a/sepolicy/workarounds.te b/sepolicy/workarounds.te
deleted file mode 100644
index e425163..0000000
--- a/sepolicy/workarounds.te
+++ /dev/null
@@ -1,6 +0,0 @@
-
-
-#TODO: shouldnot exist
-allow rmt_storage self:capability dac_override;
-
-
-- 
cgit v1.2.3