summaryrefslogtreecommitdiff
path: root/sepolicy
diff options
context:
space:
mode:
authordianlujitao <dianlujitao@lineageos.org>2020-02-19 23:00:30 +0800
committerMichael Bestas <mkbestas@lineageos.org>2020-04-30 00:49:34 +0300
commitb3cd73e066a5d113ed1b3bc2a200b3209a9e40aa (patch)
tree8e2e949913ae2cf6559154ae7687ec5afc96489f /sepolicy
parent4f576a0beea712233e362bd9c4c44fe510573997 (diff)
sdm660-common: sepolicy: Clean up crappy rules
Change-Id: I9d7312e6aaafdde2c0751f4887f05d8d5029ee04
Diffstat (limited to 'sepolicy')
-rw-r--r--sepolicy/vendor/atfwd.te1
-rw-r--r--sepolicy/vendor/file_contexts5
-rw-r--r--sepolicy/vendor/hal_audio_default.te2
-rw-r--r--sepolicy/vendor/hal_cas_default.te1
-rw-r--r--sepolicy/vendor/hal_gnss_qti.te1
-rw-r--r--sepolicy/vendor/hal_graphics_composer_default.te2
-rw-r--r--sepolicy/vendor/hal_perf_default.te1
-rw-r--r--sepolicy/vendor/hal_sensors_default.te1
-rw-r--r--sepolicy/vendor/hvdcp.te1
-rw-r--r--sepolicy/vendor/hwservice.te1
-rw-r--r--sepolicy/vendor/hwservicemanager.te4
-rw-r--r--sepolicy/vendor/init.te5
-rw-r--r--sepolicy/vendor/init_fingerprint.te15
-rw-r--r--sepolicy/vendor/location.te1
-rw-r--r--sepolicy/vendor/netmgrd.te1
-rw-r--r--sepolicy/vendor/priv_app.te1
-rw-r--r--sepolicy/vendor/property_contexts1
-rw-r--r--sepolicy/vendor/qti_init_shell.te4
-rw-r--r--sepolicy/vendor/rild.te1
-rw-r--r--sepolicy/vendor/system_app.te2
-rw-r--r--sepolicy/vendor/system_server.te3
-rw-r--r--sepolicy/vendor/tee.te2
-rw-r--r--sepolicy/vendor/thermal-engine.te4
-rw-r--r--sepolicy/vendor/vendor_init.te6
-rw-r--r--sepolicy/vendor/vndservicemanager.te3
25 files changed, 1 insertions, 68 deletions
diff --git a/sepolicy/vendor/atfwd.te b/sepolicy/vendor/atfwd.te
deleted file mode 100644
index a60277a..0000000
--- a/sepolicy/vendor/atfwd.te
+++ /dev/null
@@ -1 +0,0 @@
-allow atfwd sysfs:file read;
diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts
index d9e7b6d..bc1cbb6 100644
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
@@ -5,7 +5,7 @@
/sys/devices/soc/soc:fpc1020(/.*)? u:object_r:fingerprint_sysfs:s0
# For Goodix fingerprint
-/dev/goodix_fp* u:object_r:fingerprint_device:s0
+/dev/goodix_fp u:object_r:fingerprint_device:s0
# Goodix Fingerprint data
/data/gf_data(/.*)? u:object_r:fingerprintd_data_file:s0
@@ -46,8 +46,5 @@
# RTC
/sys/devices/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm660@0:qcom,pm660_rtc/rtc/rtc0(/.*)? u:object_r:sysfs_rtc:s0
-# Shell Script
-/(vendor|system/vendor)/bin/init\.goodix\.sh u:object_r:init_fingerprint_exec:s0
-
# Thermal
/data/vendor/thermal(/.*)? u:object_r:thermal_data_file:s0
diff --git a/sepolicy/vendor/hal_audio_default.te b/sepolicy/vendor/hal_audio_default.te
deleted file mode 100644
index 128920f..0000000
--- a/sepolicy/vendor/hal_audio_default.te
+++ /dev/null
@@ -1,2 +0,0 @@
-allow hal_audio_default vendor_data_file:dir { create write add_name };
-allow hal_audio_default vendor_data_file:file { append create getattr open read };
diff --git a/sepolicy/vendor/hal_cas_default.te b/sepolicy/vendor/hal_cas_default.te
deleted file mode 100644
index 18b00de..0000000
--- a/sepolicy/vendor/hal_cas_default.te
+++ /dev/null
@@ -1 +0,0 @@
-vndbinder_use(hal_cas_default)
diff --git a/sepolicy/vendor/hal_gnss_qti.te b/sepolicy/vendor/hal_gnss_qti.te
deleted file mode 100644
index 711c8bb..0000000
--- a/sepolicy/vendor/hal_gnss_qti.te
+++ /dev/null
@@ -1 +0,0 @@
-allow hal_gnss_qti sysfs:file { read open };
diff --git a/sepolicy/vendor/hal_graphics_composer_default.te b/sepolicy/vendor/hal_graphics_composer_default.te
deleted file mode 100644
index 39e8fb4..0000000
--- a/sepolicy/vendor/hal_graphics_composer_default.te
+++ /dev/null
@@ -1,2 +0,0 @@
-allow hal_graphics_composer_default sysfs_graphics:file r_file_perms;
-allow hal_graphics_composer_default sysfs_graphics:lnk_file read;
diff --git a/sepolicy/vendor/hal_perf_default.te b/sepolicy/vendor/hal_perf_default.te
deleted file mode 100644
index 115df51..0000000
--- a/sepolicy/vendor/hal_perf_default.te
+++ /dev/null
@@ -1 +0,0 @@
-dontaudit hal_perf_default self:capability { dac_override dac_read_search };
diff --git a/sepolicy/vendor/hal_sensors_default.te b/sepolicy/vendor/hal_sensors_default.te
deleted file mode 100644
index 28414f9..0000000
--- a/sepolicy/vendor/hal_sensors_default.te
+++ /dev/null
@@ -1 +0,0 @@
-allow hal_sensors_default sysfs:file { read open };
diff --git a/sepolicy/vendor/hvdcp.te b/sepolicy/vendor/hvdcp.te
deleted file mode 100644
index 49a6b78..0000000
--- a/sepolicy/vendor/hvdcp.te
+++ /dev/null
@@ -1 +0,0 @@
-allow hvdcp sysfs:file { open read };
diff --git a/sepolicy/vendor/hwservice.te b/sepolicy/vendor/hwservice.te
index ce36043..6c299d1 100644
--- a/sepolicy/vendor/hwservice.te
+++ b/sepolicy/vendor/hwservice.te
@@ -1,3 +1,2 @@
type goodixhw_service, hwservice_manager_type;
type hal_mlipay_hwservice, hwservice_manager_type;
-type fpnav_hwservice, hwservice_manager_type;
diff --git a/sepolicy/vendor/hwservicemanager.te b/sepolicy/vendor/hwservicemanager.te
deleted file mode 100644
index 3262afb..0000000
--- a/sepolicy/vendor/hwservicemanager.te
+++ /dev/null
@@ -1,4 +0,0 @@
-#============= hwservicemanager ==============
-allow hwservicemanager init:dir search;
-allow hwservicemanager init:file { open read };
-allow hwservicemanager init:process getattr;
diff --git a/sepolicy/vendor/init.te b/sepolicy/vendor/init.te
deleted file mode 100644
index 16ca39b..0000000
--- a/sepolicy/vendor/init.te
+++ /dev/null
@@ -1,5 +0,0 @@
-allow init hwservicemanager:binder { call transfer };
-allow init ipa_dev:chr_file open;
-allow init ion_device:chr_file ioctl;
-allow init property_socket:sock_file write;
-allow init sysfs_dm:file { open write };
diff --git a/sepolicy/vendor/init_fingerprint.te b/sepolicy/vendor/init_fingerprint.te
deleted file mode 100644
index 29ea735..0000000
--- a/sepolicy/vendor/init_fingerprint.te
+++ /dev/null
@@ -1,15 +0,0 @@
-type init_fingerprint, domain;
-type init_fingerprint_exec, exec_type, vendor_file_type, file_type;
-
-# Allow for transition from init domain to init_fingerprint
-init_daemon_domain(init_fingerprint)
-
-# Shell script needs to execute /vendor/bin/sh
-allow init_fingerprint vendor_shell_exec:file rx_file_perms;
-allow init_fingerprint vendor_toolbox_exec:file rx_file_perms;
-
-# Allow to delete file
-allow init_fingerprint persist_file:dir search;
-allow init_fingerprint persist_drm_file:dir { read search open write remove_name };
-allow init_fingerprint persist_drm_file:file { getattr unlink };
-allow init_fingerprint system_data_file:file getattr;
diff --git a/sepolicy/vendor/location.te b/sepolicy/vendor/location.te
deleted file mode 100644
index 4333581..0000000
--- a/sepolicy/vendor/location.te
+++ /dev/null
@@ -1 +0,0 @@
-allow location sysfs:file { read open };
diff --git a/sepolicy/vendor/netmgrd.te b/sepolicy/vendor/netmgrd.te
deleted file mode 100644
index 47ce266..0000000
--- a/sepolicy/vendor/netmgrd.te
+++ /dev/null
@@ -1 +0,0 @@
-allow netmgrd property_socket:sock_file write;
diff --git a/sepolicy/vendor/priv_app.te b/sepolicy/vendor/priv_app.te
deleted file mode 100644
index 7ae851d..0000000
--- a/sepolicy/vendor/priv_app.te
+++ /dev/null
@@ -1 +0,0 @@
-allow priv_app sysfs_graphics:file { getattr open read }; \ No newline at end of file
diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts
index b1a0c21..c5212b1 100644
--- a/sepolicy/vendor/property_contexts
+++ b/sepolicy/vendor/property_contexts
@@ -1,5 +1,4 @@
persist.camera. u:object_r:camera_prop:s0
-persist.vendor.camera. u:object_r:camera_prop:s0
ro.boot.fpsensor u:object_r:hal_fingerprint_prop:s0
sys.fp.goodix u:object_r:hal_fingerprint_prop:s0
sys.fp.vendor u:object_r:hal_fingerprint_prop:s0
diff --git a/sepolicy/vendor/qti_init_shell.te b/sepolicy/vendor/qti_init_shell.te
deleted file mode 100644
index f5584a6..0000000
--- a/sepolicy/vendor/qti_init_shell.te
+++ /dev/null
@@ -1,4 +0,0 @@
-allow qti_init_shell sysfs_cpu_boost:file write;
-allow qti_init_shell { sysfs sysfs_dm }:file write;
-allow qti_init_shell vendor_radio_data_file:dir { getattr read search };
-allow qti_init_shell vendor_radio_data_file:file { getattr read setattr write };
diff --git a/sepolicy/vendor/rild.te b/sepolicy/vendor/rild.te
deleted file mode 100644
index 06625de..0000000
--- a/sepolicy/vendor/rild.te
+++ /dev/null
@@ -1 +0,0 @@
-allow rild vendor_file:file ioctl;
diff --git a/sepolicy/vendor/system_app.te b/sepolicy/vendor/system_app.te
deleted file mode 100644
index c4a7f00..0000000
--- a/sepolicy/vendor/system_app.te
+++ /dev/null
@@ -1,2 +0,0 @@
-allow system_app vendor_default_prop:file { getattr open read };
-allow system_app wificond:binder call;
diff --git a/sepolicy/vendor/system_server.te b/sepolicy/vendor/system_server.te
index 1ab55bd..b364128 100644
--- a/sepolicy/vendor/system_server.te
+++ b/sepolicy/vendor/system_server.te
@@ -1,5 +1,2 @@
allow system_server vendor_keylayout_file:dir search;
allow system_server vendor_keylayout_file:file r_file_perms;
-allow system_server sysfs_vibrator:file rw_file_perms;
-allow system_server sysfs_rtc:file r_file_perms;
-allow system_server fpnav_hwservice:hwservice_manager { add find };
diff --git a/sepolicy/vendor/tee.te b/sepolicy/vendor/tee.te
index 6c2c9b1..0a124bc 100644
--- a/sepolicy/vendor/tee.te
+++ b/sepolicy/vendor/tee.te
@@ -4,5 +4,3 @@ typeattribute tee data_between_core_and_vendor_violators;
allow tee system_data_file:dir r_dir_perms;
allow tee fingerprintd_data_file:dir rw_dir_perms;
allow tee fingerprintd_data_file:file create_file_perms;
-allow tee vendor_data_file:file { read open unlink };
-allow tee vendor_data_file:dir { write remove_name read };
diff --git a/sepolicy/vendor/thermal-engine.te b/sepolicy/vendor/thermal-engine.te
index 00922f8..0e03308 100644
--- a/sepolicy/vendor/thermal-engine.te
+++ b/sepolicy/vendor/thermal-engine.te
@@ -4,7 +4,3 @@ allow thermal-engine self:capability { chown fowner };
dontaudit thermal-engine self:capability dac_override;
set_prop(thermal-engine, thermal_engine_prop);
-
-r_dir_file(thermal-engine sysfs_devfreq)
-r_dir_file(thermal-engine sysfs_graphics)
-r_dir_file(thermal-engine sysfs_thermal)
diff --git a/sepolicy/vendor/vendor_init.te b/sepolicy/vendor/vendor_init.te
index d53b2c7..8d3b1e6 100644
--- a/sepolicy/vendor/vendor_init.te
+++ b/sepolicy/vendor/vendor_init.te
@@ -6,9 +6,3 @@ allow vendor_init {
}:dir { create search getattr open read setattr ioctl write add_name remove_name rmdir relabelfrom };
set_prop(vendor_init, camera_prop)
-set_prop(vendor_init, persist_debug_prop)
-set_prop(vendor_init, persist_dpm_prop)
-set_prop(vendor_init, qcom_ims_prop)
-
-allow vendor_init rootfs:dir { add_name create setattr write };
-allow vendor_init rootfs:lnk_file setattr;
diff --git a/sepolicy/vendor/vndservicemanager.te b/sepolicy/vendor/vndservicemanager.te
deleted file mode 100644
index 8d04dea..0000000
--- a/sepolicy/vendor/vndservicemanager.te
+++ /dev/null
@@ -1,3 +0,0 @@
-allow vndservicemanager hal_fingerprint_default:dir { search read open };
-allow vndservicemanager hal_fingerprint_default:file { read open };
-allow vndservicemanager hal_fingerprint_default:process getattr;