klte-common: sepolicy: Clean up previous commit
* Some idiot did a 'git push lineage HEAD;refs/for/lineage-15.1' instead of a 'git push lineage HEAD:refs/for/lineage-15.1'. Do you see the difference? * Delete all of the old policy items and commented-out lines like the previous commit promised. Change-Id: I6cd8a8cffc76661b6de486e6b8550bafa83f5de9
This commit is contained in:
Kevin F. Haggerty
parent
5045387dec
commit
669f00e706
|
|
@ -1,25 +0,0 @@
|
|||
# These will be deleted before committing, I just don't want to keep
|
||||
# seeing them during policy bringup
|
||||
|
||||
dontaudit shell kernel:system syslog_read;
|
||||
|
||||
#dontaudit system_server dalvikcache_data_file:file execute;
|
||||
|
||||
dontaudit untrusted_app net_dns_prop:file { open read };
|
||||
dontaudit untrusted_app proc:file r_file_perms;
|
||||
|
||||
dontaudit untrusted_app_25 camera_prop:file r_file_perms;
|
||||
dontaudit untrusted_app_25 debugfs:file r_file_perms;
|
||||
dontaudit untrusted_app_25 hal_memtrack_hwservice:hwservice_manager find;
|
||||
dontaudit untrusted_app_25 mnt_media_rw_file:dir r_dir_perms;
|
||||
dontaudit untrusted_app_25 proc:file r_file_perms;
|
||||
dontaudit untrusted_app_25 proc_stat:file r_file_perms;
|
||||
dontaudit untrusted_app_25 rootfs:dir r_file_perms;
|
||||
dontaudit untrusted_app_25 selinuxfs:file r_file_perms;
|
||||
dontaudit untrusted_app_25 serialno_prop:file r_file_perms;
|
||||
dontaudit untrusted_app_25 sysfs:file { r_file_perms setattr };
|
||||
dontaudit untrusted_app_25 sysfs_devices_system_cpu:file setattr;
|
||||
dontaudit untrusted_app_25 sysfs_lowmemorykiller:dir search;
|
||||
dontaudit untrusted_app_25 sysfs_lowmemorykiller:file r_file_perms;
|
||||
dontaudit untrusted_app_25 userdata_block_device:blk_file getattr;
|
||||
dontaudit untrusted_app_25 usermodehelper:file r_file_perms;
|
||||
|
|
@ -9,8 +9,3 @@ type bt_fw_file, file_type;
|
|||
type nfc_fw_file, file_type;
|
||||
type vcs_data_file, file_type, data_file_type;
|
||||
type wifi_efs_file, file_type;
|
||||
|
||||
#type sensors_efs_file, file_type;
|
||||
#type sysfs_camera, fs_type, sysfs_type;
|
||||
#type sysfs_display, fs_type, sysfs_type;
|
||||
#type sysfs_vibeamp, fs_type, sysfs_type;
|
||||
|
|
|
|||
|
|
@ -38,23 +38,3 @@
|
|||
/sys/module/dhd/parameters/nvram_path u:object_r:sysfs_wifi_nv_path:s0
|
||||
/sys/devices/platform/bcm4354_bluetooth/rfkill/rfkill0/state u:object_r:sysfs_bt_rfkill_state:s0
|
||||
/sys/devices/virtual/sec/sec_key/hall_irq_ctrl u:object_r:sysfs_sec:s0
|
||||
|
||||
# Camera
|
||||
#/sys/devices/virtual/camera(/.*)? u:object_r:sysfs_camera:s0
|
||||
|
||||
# CMHW
|
||||
#/sys/devices/virtual/timed_output/vibrator(/.*)? u:object_r:sysfs_vibeamp:s0
|
||||
|
||||
# Display
|
||||
#/sys/devices/virtual/lcd/panel/power_reduce u:object_r:sysfs_display:s0
|
||||
|
||||
# Fingerprint
|
||||
#/dev/validity(/.*)? u:object_r:vcs_device:s0
|
||||
|
||||
# SEC
|
||||
#/sys/devices/virtual/sec/tsp(/.*)? u:object_r:sysfs_sec:s0
|
||||
|
||||
# Sensors
|
||||
#/efs/FactoryApp/baro_delta u:object_r:sensors_efs_file:s0
|
||||
#/efs/gyro_cal_data u:object_r:sensors_efs_file:s0
|
||||
#/efs/prox_cal u:object_r:sensors_efs_file:s0
|
||||
|
|
|
|||
|
|
@ -1,3 +0,0 @@
|
|||
allow bluetooth bluetooth_device:chr_file rw_file_perms;
|
||||
allow bluetooth proc_bluetooth_writable:dir search;
|
||||
allow bluetooth wifi_data_file:file r_file_perms;
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
allow cameraserver camera_socket:sock_file write;
|
||||
allow cameraserver init:unix_stream_socket connectto;
|
||||
allow cameraserver property_socket:sock_file write;
|
||||
allow cameraserver sysfs_camera:dir search;
|
||||
allow cameraserver sysfs_camera:file { open read };
|
||||
allow cameraserver system_file:file execmod;
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
# Camera
|
||||
/data/cam_socket.* u:object_r:camera_socket:s0
|
||||
|
||||
# EFS
|
||||
/dev/block/platform/msm_sdcc.1/by-name/efs u:object_r:modem_efs_partition_device:s0
|
||||
|
||||
# Macloader
|
||||
/system/bin/macloader u:object_r:macloader_exec:s0
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
allow fingerprintd firmware_file:dir r_dir_perms;
|
||||
allow fingerprintd firmware_file:file r_file_perms;
|
||||
allow fingerprintd vcs_data_file:dir create_dir_perms;
|
||||
allow fingerprintd vcs_data_file:file create_file_perms;
|
||||
|
||||
allow fingerprintd tee_device:chr_file rw_file_perms;
|
||||
allow fingerprintd vcs_device:dir create_dir_perms;
|
||||
allow fingerprintd vcs_device:file create_file_perms;
|
||||
allow fingerprintd vcs_device:fifo_file create_file_perms;
|
||||
|
||||
allow fingerprintd vcs_device:chr_file create_file_perms;
|
||||
allow fingerprintd vfat:file { getattr open read };
|
||||
|
|
@ -1 +0,0 @@
|
|||
allow fsck modem_efs_partition_device:blk_file rw_file_perms;
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
allow healthd device:dir r_dir_perms;
|
||||
allow healthd rtc_device:chr_file rw_file_perms;
|
||||
|
|
@ -1 +0,0 @@
|
|||
allow hostapd bluetooth_device:chr_file { open read };
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
allow init sysfs_sec:lnk_file r_file_perms;
|
||||
allow init debugfs:file write;
|
||||
allow init socket_device:sock_file { create write setattr };
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
allow kernel audio_device:chr_file rw_file_perms;
|
||||
allow kernel efs_file:dir search;
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
type_transition macloader system_data_file:file wifi_data_file;
|
||||
|
||||
allow macloader efs_file:dir search;
|
||||
allow macloader self:capability { chown dac_override fowner fsetid };
|
||||
allow macloader sysfs_wifi_nv_path:file { open write };
|
||||
allow macloader system_data_file:dir { add_name search write };
|
||||
allow macloader wifi_data_file:file { create_file_perms getattr setattr };
|
||||
allow macloader wifi_efs_file:dir search;
|
||||
allow macloader wifi_efs_file:file r_file_perms;
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
allow mediaserver cameraproxy_service:service_manager find;
|
||||
allow mediaserver sensorservice_service:service_manager find;
|
||||
allow mediaserver sysfs_camera:dir search;
|
||||
allow mediaserver sysfs_camera:file { getattr open read };
|
||||
allow mediaserver system_file:file execmod; # for libmmjpeg
|
||||
allow mediaserver system_prop:property_service set;
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
allow mm-qcamerad media_rw_data_file:dir search;
|
||||
allow mm-qcamerad sysfs_camera:dir search;
|
||||
allow mm-qcamerad sysfs_camera:file rw_file_perms;
|
||||
allow mm-qcamerad system_data_file:dir w_dir_perms;
|
||||
allow mm-qcamerad system_file:file execmod; # for libmmcamera_faceproc
|
||||
type_transition mm-qcamerad system_data_file:sock_file camera_socket "cam_socket3";
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
allow mpdecision system_data_file:dir { add_name remove_name write };
|
||||
allow mpdecision system_data_file:sock_file write;
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
allow platform_app exfat:dir create_dir_perms;
|
||||
allow platform_app exfat:file create_file_perms;
|
||||
allow platform_app fuseblk:dir create_dir_perms;
|
||||
allow platform_app fuseblk:file create_file_perms;
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
allow priv_app device:dir { open read };
|
||||
allow priv_app exfat:dir create_dir_perms;
|
||||
allow priv_app exfat:file create_file_perms;
|
||||
allow priv_app fuseblk:dir create_dir_perms;
|
||||
allow priv_app fuseblk:file create_file_perms;
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
allow rild proc_net:file rw_file_perms;
|
||||
allow rild self:capability dac_override;
|
||||
allow rild sysfs_sec:file rw_file_perms;
|
||||
allow rild radio_data_file:lnk_file read;
|
||||
allow rild radio_prop:property_service set;
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
allow shell exfat:dir create_dir_perms;
|
||||
allow shell exfat:file create_file_perms;
|
||||
allow shell fuseblk:dir create_dir_perms;
|
||||
allow shell fuseblk:file create_file_perms;
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
allow system_server efs_file:dir search;
|
||||
allow system_server sensors_efs_file:file r_file_perms;
|
||||
allow system_server sysfs_display:file rw_file_perms;
|
||||
allow system_server sysfs_sec:dir search;
|
||||
allow system_server sysfs_sec:file rw_file_perms;
|
||||
allow system_server sysfs_vibeamp:dir search;
|
||||
allow system_server sysfs_vibeamp:file rw_file_perms;
|
||||
allow system_server wifi_efs_file:dir search;
|
||||
allow system_server wifi_efs_file:file r_file_perms;
|
||||
allow system_server app_data_file:file rename;
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
allow tee vcs_data_file:dir create_dir_perms;
|
||||
allow tee vcs_data_file:file create_file_perms;
|
||||
|
|
@ -1 +0,0 @@
|
|||
allow thermal-engine self:capability chown;
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
allow ueventd sysfs_camera:file rw_file_perms;
|
||||
allow ueventd sysfs_sec:file rw_file_perms;
|
||||
allow ueventd sysfs_vibeamp:file rw_file_perms;
|
||||
allow ueventd vcs_device:chr_file create_file_perms;
|
||||
allow ueventd vfat:dir search;
|
||||
allow ueventd vfat:file { getattr open read };
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
# These are safe for an untrusted_app -- they are the external SD card
|
||||
allow untrusted_app exfat:dir create_dir_perms;
|
||||
allow untrusted_app exfat:file create_file_perms;
|
||||
allow untrusted_app fuseblk:dir create_dir_perms;
|
||||
allow untrusted_app fuseblk:file create_file_perms;
|
||||
|
|
@ -1 +0,0 @@
|
|||
allow vold efs_file:dir r_file_perms;
|
||||
Loading…
Reference in New Issue