diff options
| author | dianlujitao <dianlujitao@lineageos.org> | 2020-02-19 23:00:30 +0800 |
|---|---|---|
| committer | Michael Bestas <mkbestas@lineageos.org> | 2020-04-30 00:49:34 +0300 |
| commit | b3cd73e066a5d113ed1b3bc2a200b3209a9e40aa (patch) | |
| tree | 8e2e949913ae2cf6559154ae7687ec5afc96489f | |
| parent | 4f576a0beea712233e362bd9c4c44fe510573997 (diff) | |
sdm660-common: sepolicy: Clean up crappy rules
Change-Id: I9d7312e6aaafdde2c0751f4887f05d8d5029ee04
25 files changed, 1 insertions, 68 deletions
diff --git a/sepolicy/vendor/atfwd.te b/sepolicy/vendor/atfwd.te deleted file mode 100644 index a60277a..0000000 --- a/sepolicy/vendor/atfwd.te +++ /dev/null @@ -1 +0,0 @@ -allow atfwd sysfs:file read; diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts index d9e7b6d..bc1cbb6 100644 --- a/sepolicy/vendor/file_contexts +++ b/sepolicy/vendor/file_contexts @@ -5,7 +5,7 @@ /sys/devices/soc/soc:fpc1020(/.*)? u:object_r:fingerprint_sysfs:s0 # For Goodix fingerprint -/dev/goodix_fp* u:object_r:fingerprint_device:s0 +/dev/goodix_fp u:object_r:fingerprint_device:s0 # Goodix Fingerprint data /data/gf_data(/.*)? u:object_r:fingerprintd_data_file:s0 @@ -46,8 +46,5 @@ # RTC /sys/devices/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,pm660_rtc/rtc/rtc0(/.*)? u:object_r:sysfs_rtc:s0 -# Shell Script -/(vendor|system/vendor)/bin/init\.goodix\.sh u:object_r:init_fingerprint_exec:s0 - # Thermal /data/vendor/thermal(/.*)? u:object_r:thermal_data_file:s0 diff --git a/sepolicy/vendor/hal_audio_default.te b/sepolicy/vendor/hal_audio_default.te deleted file mode 100644 index 128920f..0000000 --- a/sepolicy/vendor/hal_audio_default.te +++ /dev/null @@ -1,2 +0,0 @@ -allow hal_audio_default vendor_data_file:dir { create write add_name }; -allow hal_audio_default vendor_data_file:file { append create getattr open read }; diff --git a/sepolicy/vendor/hal_cas_default.te b/sepolicy/vendor/hal_cas_default.te deleted file mode 100644 index 18b00de..0000000 --- a/sepolicy/vendor/hal_cas_default.te +++ /dev/null @@ -1 +0,0 @@ -vndbinder_use(hal_cas_default) diff --git a/sepolicy/vendor/hal_gnss_qti.te b/sepolicy/vendor/hal_gnss_qti.te deleted file mode 100644 index 711c8bb..0000000 --- a/sepolicy/vendor/hal_gnss_qti.te +++ /dev/null @@ -1 +0,0 @@ -allow hal_gnss_qti sysfs:file { read open }; diff --git a/sepolicy/vendor/hal_graphics_composer_default.te b/sepolicy/vendor/hal_graphics_composer_default.te deleted file mode 100644 index 39e8fb4..0000000 --- a/sepolicy/vendor/hal_graphics_composer_default.te +++ /dev/null @@ -1,2 +0,0 @@ -allow hal_graphics_composer_default sysfs_graphics:file r_file_perms; -allow hal_graphics_composer_default sysfs_graphics:lnk_file read; diff --git a/sepolicy/vendor/hal_perf_default.te b/sepolicy/vendor/hal_perf_default.te deleted file mode 100644 index 115df51..0000000 --- a/sepolicy/vendor/hal_perf_default.te +++ /dev/null @@ -1 +0,0 @@ -dontaudit hal_perf_default self:capability { dac_override dac_read_search }; diff --git a/sepolicy/vendor/hal_sensors_default.te b/sepolicy/vendor/hal_sensors_default.te deleted file mode 100644 index 28414f9..0000000 --- a/sepolicy/vendor/hal_sensors_default.te +++ /dev/null @@ -1 +0,0 @@ -allow hal_sensors_default sysfs:file { read open }; diff --git a/sepolicy/vendor/hvdcp.te b/sepolicy/vendor/hvdcp.te deleted file mode 100644 index 49a6b78..0000000 --- a/sepolicy/vendor/hvdcp.te +++ /dev/null @@ -1 +0,0 @@ -allow hvdcp sysfs:file { open read }; diff --git a/sepolicy/vendor/hwservice.te b/sepolicy/vendor/hwservice.te index ce36043..6c299d1 100644 --- a/sepolicy/vendor/hwservice.te +++ b/sepolicy/vendor/hwservice.te @@ -1,3 +1,2 @@ type goodixhw_service, hwservice_manager_type; type hal_mlipay_hwservice, hwservice_manager_type; -type fpnav_hwservice, hwservice_manager_type; diff --git a/sepolicy/vendor/hwservicemanager.te b/sepolicy/vendor/hwservicemanager.te deleted file mode 100644 index 3262afb..0000000 --- a/sepolicy/vendor/hwservicemanager.te +++ /dev/null @@ -1,4 +0,0 @@ -#============= hwservicemanager ============== -allow hwservicemanager init:dir search; -allow hwservicemanager init:file { open read }; -allow hwservicemanager init:process getattr; diff --git a/sepolicy/vendor/init.te b/sepolicy/vendor/init.te deleted file mode 100644 index 16ca39b..0000000 --- a/sepolicy/vendor/init.te +++ /dev/null @@ -1,5 +0,0 @@ -allow init hwservicemanager:binder { call transfer }; -allow init ipa_dev:chr_file open; -allow init ion_device:chr_file ioctl; -allow init property_socket:sock_file write; -allow init sysfs_dm:file { open write }; diff --git a/sepolicy/vendor/init_fingerprint.te b/sepolicy/vendor/init_fingerprint.te deleted file mode 100644 index 29ea735..0000000 --- a/sepolicy/vendor/init_fingerprint.te +++ /dev/null @@ -1,15 +0,0 @@ -type init_fingerprint, domain; -type init_fingerprint_exec, exec_type, vendor_file_type, file_type; - -# Allow for transition from init domain to init_fingerprint -init_daemon_domain(init_fingerprint) - -# Shell script needs to execute /vendor/bin/sh -allow init_fingerprint vendor_shell_exec:file rx_file_perms; -allow init_fingerprint vendor_toolbox_exec:file rx_file_perms; - -# Allow to delete file -allow init_fingerprint persist_file:dir search; -allow init_fingerprint persist_drm_file:dir { read search open write remove_name }; -allow init_fingerprint persist_drm_file:file { getattr unlink }; -allow init_fingerprint system_data_file:file getattr; diff --git a/sepolicy/vendor/location.te b/sepolicy/vendor/location.te deleted file mode 100644 index 4333581..0000000 --- a/sepolicy/vendor/location.te +++ /dev/null @@ -1 +0,0 @@ -allow location sysfs:file { read open }; diff --git a/sepolicy/vendor/netmgrd.te b/sepolicy/vendor/netmgrd.te deleted file mode 100644 index 47ce266..0000000 --- a/sepolicy/vendor/netmgrd.te +++ /dev/null @@ -1 +0,0 @@ -allow netmgrd property_socket:sock_file write; diff --git a/sepolicy/vendor/priv_app.te b/sepolicy/vendor/priv_app.te deleted file mode 100644 index 7ae851d..0000000 --- a/sepolicy/vendor/priv_app.te +++ /dev/null @@ -1 +0,0 @@ -allow priv_app sysfs_graphics:file { getattr open read };
\ No newline at end of file diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts index b1a0c21..c5212b1 100644 --- a/sepolicy/vendor/property_contexts +++ b/sepolicy/vendor/property_contexts @@ -1,5 +1,4 @@ persist.camera. u:object_r:camera_prop:s0 -persist.vendor.camera. u:object_r:camera_prop:s0 ro.boot.fpsensor u:object_r:hal_fingerprint_prop:s0 sys.fp.goodix u:object_r:hal_fingerprint_prop:s0 sys.fp.vendor u:object_r:hal_fingerprint_prop:s0 diff --git a/sepolicy/vendor/qti_init_shell.te b/sepolicy/vendor/qti_init_shell.te deleted file mode 100644 index f5584a6..0000000 --- a/sepolicy/vendor/qti_init_shell.te +++ /dev/null @@ -1,4 +0,0 @@ -allow qti_init_shell sysfs_cpu_boost:file write; -allow qti_init_shell { sysfs sysfs_dm }:file write; -allow qti_init_shell vendor_radio_data_file:dir { getattr read search }; -allow qti_init_shell vendor_radio_data_file:file { getattr read setattr write }; diff --git a/sepolicy/vendor/rild.te b/sepolicy/vendor/rild.te deleted file mode 100644 index 06625de..0000000 --- a/sepolicy/vendor/rild.te +++ /dev/null @@ -1 +0,0 @@ -allow rild vendor_file:file ioctl; diff --git a/sepolicy/vendor/system_app.te b/sepolicy/vendor/system_app.te deleted file mode 100644 index c4a7f00..0000000 --- a/sepolicy/vendor/system_app.te +++ /dev/null @@ -1,2 +0,0 @@ -allow system_app vendor_default_prop:file { getattr open read }; -allow system_app wificond:binder call; diff --git a/sepolicy/vendor/system_server.te b/sepolicy/vendor/system_server.te index 1ab55bd..b364128 100644 --- a/sepolicy/vendor/system_server.te +++ b/sepolicy/vendor/system_server.te @@ -1,5 +1,2 @@ allow system_server vendor_keylayout_file:dir search; allow system_server vendor_keylayout_file:file r_file_perms; -allow system_server sysfs_vibrator:file rw_file_perms; -allow system_server sysfs_rtc:file r_file_perms; -allow system_server fpnav_hwservice:hwservice_manager { add find }; diff --git a/sepolicy/vendor/tee.te b/sepolicy/vendor/tee.te index 6c2c9b1..0a124bc 100644 --- a/sepolicy/vendor/tee.te +++ b/sepolicy/vendor/tee.te @@ -4,5 +4,3 @@ typeattribute tee data_between_core_and_vendor_violators; allow tee system_data_file:dir r_dir_perms; allow tee fingerprintd_data_file:dir rw_dir_perms; allow tee fingerprintd_data_file:file create_file_perms; -allow tee vendor_data_file:file { read open unlink }; -allow tee vendor_data_file:dir { write remove_name read }; diff --git a/sepolicy/vendor/thermal-engine.te b/sepolicy/vendor/thermal-engine.te index 00922f8..0e03308 100644 --- a/sepolicy/vendor/thermal-engine.te +++ b/sepolicy/vendor/thermal-engine.te @@ -4,7 +4,3 @@ allow thermal-engine self:capability { chown fowner }; dontaudit thermal-engine self:capability dac_override; set_prop(thermal-engine, thermal_engine_prop); - -r_dir_file(thermal-engine sysfs_devfreq) -r_dir_file(thermal-engine sysfs_graphics) -r_dir_file(thermal-engine sysfs_thermal) diff --git a/sepolicy/vendor/vendor_init.te b/sepolicy/vendor/vendor_init.te index d53b2c7..8d3b1e6 100644 --- a/sepolicy/vendor/vendor_init.te +++ b/sepolicy/vendor/vendor_init.te @@ -6,9 +6,3 @@ allow vendor_init { }:dir { create search getattr open read setattr ioctl write add_name remove_name rmdir relabelfrom }; set_prop(vendor_init, camera_prop) -set_prop(vendor_init, persist_debug_prop) -set_prop(vendor_init, persist_dpm_prop) -set_prop(vendor_init, qcom_ims_prop) - -allow vendor_init rootfs:dir { add_name create setattr write }; -allow vendor_init rootfs:lnk_file setattr; diff --git a/sepolicy/vendor/vndservicemanager.te b/sepolicy/vendor/vndservicemanager.te deleted file mode 100644 index 8d04dea..0000000 --- a/sepolicy/vendor/vndservicemanager.te +++ /dev/null @@ -1,3 +0,0 @@ -allow vndservicemanager hal_fingerprint_default:dir { search read open }; -allow vndservicemanager hal_fingerprint_default:file { read open }; -allow vndservicemanager hal_fingerprint_default:process getattr; |