deprecate domain_deprecated
Move device specific policy to a local device_domain_deprecated attribute to focus effort on core policy. Bug: 28760354 Change-Id: Id08cc74a3a2c7b8ff242b3c6f26bd514e6855a48
This commit is contained in:
parent
c91bb1bad8
commit
96b92e3361
|
@ -0,0 +1,4 @@
|
||||||
|
# domain_deprecated attribute is being removed from core policy. Leave it
|
||||||
|
# in device-specific policy for device-specific domains. Unlike core policy,
|
||||||
|
# device-specific policy will eventually be deprecated.
|
||||||
|
attribute device_domain_deprecated;
|
|
@ -1,5 +1,5 @@
|
||||||
# Bluetooth executables and script (bdAddrLoader, init.flo.bt.sh)
|
# Bluetooth executables and script (bdAddrLoader, init.flo.bt.sh)
|
||||||
type bluetooth_loader, domain, domain_deprecated;
|
type bluetooth_loader, domain, device_domain_deprecated;
|
||||||
type bluetooth_loader_exec, exec_type, file_type;
|
type bluetooth_loader_exec, exec_type, file_type;
|
||||||
|
|
||||||
# Start bdAddrLoader from init
|
# Start bdAddrLoader from init
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
# Bridge Manager (radio process)
|
# Bridge Manager (radio process)
|
||||||
type bridge, domain, domain_deprecated;
|
type bridge, domain, device_domain_deprecated;
|
||||||
type bridge_exec, exec_type, file_type;
|
type bridge_exec, exec_type, file_type;
|
||||||
|
|
||||||
# Started by init
|
# Started by init
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
# Qualcomm MSM camera
|
# Qualcomm MSM camera
|
||||||
type camera, domain, domain_deprecated;
|
type camera, domain, device_domain_deprecated;
|
||||||
type camera_exec, exec_type, file_type;
|
type camera_exec, exec_type, file_type;
|
||||||
|
|
||||||
# Started by init
|
# Started by init
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
# wifi connection service
|
# wifi connection service
|
||||||
type conn_init, domain, domain_deprecated;
|
type conn_init, domain, device_domain_deprecated;
|
||||||
type conn_init_exec, exec_type, file_type;
|
type conn_init_exec, exec_type, file_type;
|
||||||
|
|
||||||
init_daemon_domain(conn_init)
|
init_daemon_domain(conn_init)
|
||||||
|
|
|
@ -0,0 +1,36 @@
|
||||||
|
allow device_domain_deprecated adbd:unix_stream_socket connectto;
|
||||||
|
allow device_domain_deprecated adbd:fd use;
|
||||||
|
allow device_domain_deprecated adbd:unix_stream_socket { getattr getopt ioctl read write shutdown };
|
||||||
|
allow device_domain_deprecated rootfs:dir r_dir_perms;
|
||||||
|
allow device_domain_deprecated rootfs:file r_file_perms;
|
||||||
|
allow device_domain_deprecated rootfs:lnk_file r_file_perms;
|
||||||
|
allow device_domain_deprecated device:file read;
|
||||||
|
allow device_domain_deprecated system_file:dir r_dir_perms;
|
||||||
|
allow device_domain_deprecated system_file:file r_file_perms;
|
||||||
|
allow device_domain_deprecated system_file:lnk_file r_file_perms;
|
||||||
|
allow device_domain_deprecated system_data_file:file { getattr read };
|
||||||
|
allow device_domain_deprecated system_data_file:lnk_file r_file_perms;
|
||||||
|
allow device_domain_deprecated apk_data_file:dir { getattr search };
|
||||||
|
allow device_domain_deprecated apk_data_file:file r_file_perms;
|
||||||
|
allow device_domain_deprecated apk_data_file:lnk_file r_file_perms;
|
||||||
|
allow device_domain_deprecated dalvikcache_data_file:dir { search getattr };
|
||||||
|
allow device_domain_deprecated dalvikcache_data_file:file r_file_perms;
|
||||||
|
allow device_domain_deprecated cache_file:dir r_dir_perms;
|
||||||
|
allow device_domain_deprecated cache_file:file { getattr read };
|
||||||
|
allow device_domain_deprecated cache_file:lnk_file r_file_perms;
|
||||||
|
allow device_domain_deprecated ion_device:chr_file rw_file_perms;
|
||||||
|
allow device_domain_deprecated proc:dir r_dir_perms;
|
||||||
|
allow device_domain_deprecated proc:{ file lnk_file } r_file_perms;
|
||||||
|
allow device_domain_deprecated sysfs:dir r_dir_perms;
|
||||||
|
allow device_domain_deprecated sysfs:{ file lnk_file } r_file_perms;
|
||||||
|
allow device_domain_deprecated inotify:dir r_dir_perms;
|
||||||
|
allow device_domain_deprecated inotify:{ file lnk_file } r_file_perms;
|
||||||
|
allow device_domain_deprecated cgroup:dir r_dir_perms;
|
||||||
|
allow device_domain_deprecated cgroup:{ file lnk_file } r_file_perms;
|
||||||
|
allow device_domain_deprecated proc_meminfo:file r_file_perms;
|
||||||
|
allow device_domain_deprecated proc_net:dir r_dir_perms;
|
||||||
|
allow device_domain_deprecated proc_net:{ file lnk_file } r_file_perms;
|
||||||
|
allow device_domain_deprecated selinuxfs:dir r_dir_perms;
|
||||||
|
allow device_domain_deprecated selinuxfs:file r_file_perms;
|
||||||
|
allow device_domain_deprecated asec_public_file:file r_file_perms;
|
||||||
|
allow device_domain_deprecated { asec_public_file asec_apk_file }:dir r_dir_perms;
|
|
@ -1,5 +1,5 @@
|
||||||
# irsc_util (used to configure IPC Router with security rules for QMI services)
|
# irsc_util (used to configure IPC Router with security rules for QMI services)
|
||||||
type irsc_util, domain, domain_deprecated;
|
type irsc_util, domain, device_domain_deprecated;
|
||||||
type irsc_util_exec, exec_type, file_type;
|
type irsc_util_exec, exec_type, file_type;
|
||||||
|
|
||||||
init_daemon_domain(irsc_util)
|
init_daemon_domain(irsc_util)
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
# kickstart processes and scripts (system process)
|
# kickstart processes and scripts (system process)
|
||||||
type kickstart, domain, domain_deprecated;
|
type kickstart, domain, device_domain_deprecated;
|
||||||
type kickstart_exec, file_type, exec_type;
|
type kickstart_exec, file_type, exec_type;
|
||||||
|
|
||||||
init_daemon_domain(kickstart)
|
init_daemon_domain(kickstart)
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
# CPU governor (root process)
|
# CPU governor (root process)
|
||||||
type mpdecision, domain, domain_deprecated;
|
type mpdecision, domain, device_domain_deprecated;
|
||||||
type mpdecision_exec, exec_type, file_type;
|
type mpdecision_exec, exec_type, file_type;
|
||||||
|
|
||||||
# DAC overrides
|
# DAC overrides
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
# Network utilities (radio process)
|
# Network utilities (radio process)
|
||||||
type netmgrd, domain, domain_deprecated;
|
type netmgrd, domain, device_domain_deprecated;
|
||||||
type netmgrd_exec, exec_type, file_type;
|
type netmgrd_exec, exec_type, file_type;
|
||||||
|
|
||||||
# Started by init
|
# Started by init
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
# Qualcomm Management Interface Multiplexer
|
# Qualcomm Management Interface Multiplexer
|
||||||
type qmux, domain, domain_deprecated;
|
type qmux, domain, device_domain_deprecated;
|
||||||
type qmux_exec, exec_type, file_type;
|
type qmux_exec, exec_type, file_type;
|
||||||
|
|
||||||
# Started by init
|
# Started by init
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
# remote storage process (runs as nobody)
|
# remote storage process (runs as nobody)
|
||||||
type rmt, domain, domain_deprecated;
|
type rmt, domain, device_domain_deprecated;
|
||||||
type rmt_exec, exec_type, file_type;
|
type rmt_exec, exec_type, file_type;
|
||||||
|
|
||||||
# Started by init
|
# Started by init
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
# Integrated qualcomm sensor process
|
# Integrated qualcomm sensor process
|
||||||
type sensors, domain, domain_deprecated;
|
type sensors, domain, device_domain_deprecated;
|
||||||
type sensors_exec, exec_type, file_type;
|
type sensors_exec, exec_type, file_type;
|
||||||
|
|
||||||
# Started by init
|
# Started by init
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
# Temperature sensor daemon (root process)
|
# Temperature sensor daemon (root process)
|
||||||
type thermald, domain, domain_deprecated;
|
type thermald, domain, device_domain_deprecated;
|
||||||
type thermald_exec, exec_type, file_type;
|
type thermald_exec, exec_type, file_type;
|
||||||
|
|
||||||
# Started by init
|
# Started by init
|
||||||
|
|
Loading…
Reference in New Issue