summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Bestas <mkbestas@lineageos.org>2017-08-08 21:18:48 +0300
committerBruno Martins <bgcngm@gmail.com>2017-12-07 12:14:55 +0000
commit17be4c5551ed0a7f323ead2d5ffa10d6d995b27b (patch)
treeb1fb1ae0d5701d354d9e819d90ae6ac0fba3ee9a
parenta694963b6731527653fcc2ce63bba865c7aca68b (diff)
downloadandroid_device_qcom_sepolicy-lineage-15.0.tar.gz
android_device_qcom_sepolicy-lineage-15.0.tar.bz2
android_device_qcom_sepolicy-lineage-15.0.zip
Use set_prop() macro for property setslineage-15.0
Change-Id: Id67a05f8ed718cad5856613c2700f4ce1e404cf0
-rw-r--r--apq8084/qca1530.te4
-rw-r--r--apq8098_latv/init_shell.te2
-rw-r--r--common/bluetooth.te2
-rw-r--r--common/fidodaemon.te3
-rw-r--r--common/location.te2
-rwxr-xr-xcommon/mediaserver.te2
-rw-r--r--common/netd.te2
-rw-r--r--common/nqnfcinfo.te2
-rw-r--r--common/qcomsysd.te2
-rw-r--r--common/qseecomd.te3
-rw-r--r--common/qseeproxy.te3
-rw-r--r--common/qti_logkit_app.te2
-rw-r--r--common/recovery.te6
-rwxr-xr-xcommon/system_app.te13
-rw-r--r--common/system_server.te16
-rw-r--r--common/wcnss_filter.te2
-rw-r--r--common/wifi_ftmd.te3
-rw-r--r--msm8916/init_shell.te4
-rw-r--r--msm8952/init_shell.te6
-rw-r--r--msm8953/init_shell.te6
-rw-r--r--msm8960/init_shell.te4
-rw-r--r--msm8996/init_shell.te2
-rw-r--r--msm8998/init_shell.te2
-rw-r--r--private/wfdservice.te3
-rw-r--r--test/fidotest.te3
-rw-r--r--test/qseeproxysample.te3
26 files changed, 35 insertions, 67 deletions
diff --git a/apq8084/qca1530.te b/apq8084/qca1530.te
index 470f8050..adf3a302 100644
--- a/apq8084/qca1530.te
+++ b/apq8084/qca1530.te
@@ -37,7 +37,6 @@ userdebug_or_eng(`
qmux_socket(qca1530)
wakelock_use(qca1530)
-unix_socket_connect(qca1530, property, init)
# need to access sharemem log device for smem logs
allow qca1530 smem_log_device:chr_file rw_file_perms;
@@ -69,7 +68,8 @@ allow qca1530 system_file:file x_file_perms;
#Setting sys.qca1530 property in QCA1530 detect service
#Setting system default properties on start command to system server
-allow qca1530 { qca1530_prop ctl_default_prop }:property_service set;
+set_prop(qca1530, qca1530_prop)
+set_prop(qca1530, ctl_default_prop)
# Access to serial port conncting to QCA1530 chip
allow qca1530 serial_device:chr_file rw_file_perms;
diff --git a/apq8098_latv/init_shell.te b/apq8098_latv/init_shell.te
index 32fe1779..77a8fbb8 100644
--- a/apq8098_latv/init_shell.te
+++ b/apq8098_latv/init_shell.te
@@ -30,7 +30,7 @@ allow qti_init_shell regionalization_file:dir r_dir_perms;
allow qti_init_shell regionalization_file:file create_file_perms;
# For VR
-allow qti_init_shell ctl_qvrd_prop:property_service set;
+set_prop(qti_init_shell, ctl_qvrd_prop)
allow qti_init_shell sysfs_cpu_boost:dir r_dir_perms;
allow qti_init_shell sysfs_cpu_boost:file rw_file_perms;
allow qti_init_shell sysfs_devfreq:lnk_file r_file_perms;
diff --git a/common/bluetooth.te b/common/bluetooth.te
index 5d091672..184a563e 100644
--- a/common/bluetooth.te
+++ b/common/bluetooth.te
@@ -14,7 +14,7 @@ type btnvtool_exec, exec_type, vendor_file_type, file_type;
type fmhal_service, bluetoothdomain;
type fmhal_service_exec, exec_type, vendor_file_type, file_type;
-allow bluetooth bluetooth_prop:property_service set;
+set_prop(bluetooth, bluetooth_prop)
allow bluetooth sysfs_bluetooth_writable:file w_file_perms;
#Access to /data/media
diff --git a/common/fidodaemon.te b/common/fidodaemon.te
index 79fb1515..a8f754d8 100644
--- a/common/fidodaemon.te
+++ b/common/fidodaemon.te
@@ -17,9 +17,6 @@ binder_call(fidodaemon, system_app)
#Allow fidodaemon to be registered with service manager
allow fidodaemon fidodaemon_service:service_manager add;
-#Allow communication with init over property server
-unix_socket_connect(fidodaemon, property, init);
-
#Allow access to tee device
allow fidodaemon tee_device:chr_file rw_file_perms;
diff --git a/common/location.te b/common/location.te
index 88f5f332..a7c8fc6a 100644
--- a/common/location.te
+++ b/common/location.te
@@ -68,7 +68,7 @@ allow location persist_file:dir r_dir_perms;
netmgr_socket(location);
#Allow access to properties
-set_prop(location, location_prop);
+set_prop(location, location_prop)
#diag
userdebug_or_eng(`
diff --git a/common/mediaserver.te b/common/mediaserver.te
index 316b8e87..1108551e 100755
--- a/common/mediaserver.te
+++ b/common/mediaserver.te
@@ -49,7 +49,7 @@ allow mediaserver audio_pp_data_file:dir rw_dir_perms;
allow mediaserver audio_pp_data_file:file create_file_perms;
#Allow mediaserver to set camera properties
-allow mediaserver camera_prop:property_service set;
+set_prop(mediaserver, camera_prop)
#Allow mediaserver access mmi_data_file
allow mediaserver mmi_data_file:file r_file_perms;
diff --git a/common/netd.te b/common/netd.te
index ed60ec02..81f466d9 100644
--- a/common/netd.te
+++ b/common/netd.te
@@ -20,7 +20,7 @@ allow netd ipacm_data_file:file r_file_perms;
allowxperm netd self: { unix_stream_socket } ioctl priv_sock_ioctls;
# needed for netd to start FST Manager via system property
-allow netd netd_prop:property_service set;
+set_prop(netd, netd_prop)
allow netd self:capability fsetid;
#allow netd hostapd:unix_dgram_socket sendto;
diff --git a/common/nqnfcinfo.te b/common/nqnfcinfo.te
index 814b2f51..fb5a6079 100644
--- a/common/nqnfcinfo.te
+++ b/common/nqnfcinfo.te
@@ -33,7 +33,7 @@ init_daemon_domain(nqnfcinfo)
r_dir_file(nqnfcinfo, sysfs_socinfo);
-set_prop(nqnfcinfo, nfc_nq_prop);
+set_prop(nqnfcinfo, nfc_nq_prop)
# Access device nodes inside /dev/nq-nci
allow nqnfcinfo nfc_device:chr_file rw_file_perms;
diff --git a/common/qcomsysd.te b/common/qcomsysd.te
index 50f78f48..6439106f 100644
--- a/common/qcomsysd.te
+++ b/common/qcomsysd.te
@@ -21,7 +21,7 @@ allow qcomsysd sysfs_socinfo:file w_file_perms;
allow qcomsysd self:capability { dac_override sys_boot };
use_per_mgr(qcomsysd);
#allow qcomsysd access boot mode switch
-set_prop(qcomsysd, boot_mode_prop);
+set_prop(qcomsysd, boot_mode_prop)
#diag
userdebug_or_eng(`
diff --git a/common/qseecomd.te b/common/qseecomd.te
index 32e1ca3a..50eb4f88 100644
--- a/common/qseecomd.te
+++ b/common/qseecomd.te
@@ -55,9 +55,6 @@ allow tee sysfs_securetouch:file rw_file_perms;
binder_call(tee, surfaceflinger)
#binder_use(tee)
-#allow tee system_app:unix_dgram_socket sendto;
-unix_socket_connect(tee, property, init)
-
set_prop(tee, system_prop);
diff --git a/common/qseeproxy.te b/common/qseeproxy.te
index bbefcf01..fc99e375 100644
--- a/common/qseeproxy.te
+++ b/common/qseeproxy.te
@@ -46,9 +46,6 @@ allow qseeproxy qseeproxy_service:service_manager add;
#Allow qseeproxy to use system_server via binder to check caller identity
binder_call(qseeproxy, system_server)
-#Allow communication with init over property server
-unix_socket_connect(qseeproxy, property, init);
-
#Allow access to tee device
allow qseeproxy tee_device:chr_file rw_file_perms;
diff --git a/common/qti_logkit_app.te b/common/qti_logkit_app.te
index 8aed5886..da18fd54 100644
--- a/common/qti_logkit_app.te
+++ b/common/qti_logkit_app.te
@@ -74,7 +74,7 @@ allow qti_logkit_app qti_logkit_pub_data_file:file create_file_perms;
allow qti_logkit_app wcnss_service_exec:file rx_file_perms;
# bugreport
-allow qti_logkit_app ctl_dumpstate_prop:property_service set;
+set_prop(qti_logkit_app, ctl_dumpstate_prop)
unix_socket_connect(qti_logkit_app, dumpstate, dumpstate)
# ANR
diff --git a/common/recovery.te b/common/recovery.te
index b1a06a52..4a5bc2f8 100644
--- a/common/recovery.te
+++ b/common/recovery.te
@@ -22,7 +22,7 @@ recovery_only(`
# Enable adb on configfs devices
allow recovery configfs:file rw_file_perms;
allow recovery configfs:dir rw_dir_perms;
- set_prop(recovery, ffs_prop);
- get_prop(recovery, sys_usb_controller_prop);
- get_prop(recovery, boot_mode_prop);
+ set_prop(recovery, ffs_prop)
+ get_prop(recovery, sys_usb_controller_prop)
+ get_prop(recovery, boot_mode_prop)
')
diff --git a/common/system_app.te b/common/system_app.te
index 4a25a980..766a9b19 100755
--- a/common/system_app.te
+++ b/common/system_app.te
@@ -28,11 +28,9 @@ r_dir_file(system_app, fm_data_file);
r_dir_file(system_app, bluetooth_data_file);
r_dir_file(system_app, bt_firmware_file);
-allow system_app {
- ctl_default_prop
- fm_prop
- usf_prop
-}:property_service set;
+set_prop(system_app, ctl_default_prop)
+set_prop(system_app, fm_prop)
+set_prop(system_app, usf_prop)
allow system_app {
atfwd_service
@@ -83,7 +81,7 @@ allow system_app usf_data_file:{ file lnk_file } create_file_perms;
hal_client_domain(system_app, hal_hbtp)
#access to wifi_ftmd
-allow system_app wififtmd_prop:property_service set;
+set_prop(system_app, wififtmd_prop)
#unix_socket_send(system_app, wififtmd, wifi_ftmd)
# allow system_app to interact with dtseagleservice
@@ -141,7 +139,7 @@ allow system_app qti_logkit_priv_socket:dir r_dir_perms;
allow system_app wcnss_service_exec:file rx_file_perms;
# bugreport
-allow system_app ctl_dumpstate_prop:property_service set;
+set_prop(system_app, ctl_dumpstate_prop)
unix_socket_connect(system_app, dumpstate, dumpstate)
# allow gba auth service to add itself as system service
@@ -222,7 +220,6 @@ hal_client_domain(system_app, hal_alarm_qti);
#allow system app to interact with the esepowermanager
hal_client_domain(system_app, hal_esepowermanager)
-allow system_app fm_prop:file r_file_perms;
allow system_app vendor_radio_data_file:dir rw_dir_perms;
allow system_app vendor_radio_data_file:file create_file_perms;
diff --git a/common/system_server.te b/common/system_server.te
index 8c8fe325..51907d10 100644
--- a/common/system_server.te
+++ b/common/system_server.te
@@ -33,12 +33,10 @@ allow system_server {
allow system_server qtitetherservice_service:service_manager find;
#For ANT tty communication and to set wc_transport prop
-allow system_server {
- bluetooth_prop
- usf_prop
- alarm_handled_prop
- alarm_instance_prop
-}:property_service set;
+set_prop(system_server, bluetooth_prop)
+set_prop(system_server, usf_prop)
+set_prop(system_server, alarm_handled_prop)
+set_prop(system_server, alarm_instance_prop)
# required for ANT App to connectto wcnss_filter sockets
allow system_server bluetooth:unix_stream_socket connectto;
@@ -62,7 +60,7 @@ allow system_server location_data_file:dir create_dir_perms;
allow system_server { location_app_data_file mdtp_svc_app_data_file } :file rw_file_perms;
allow system_server { location_app_data_file mdtp_svc_app_data_file } :dir r_dir_perms;
#allow system_server location_socket:sock_file create_file_perms;
-allow system_server location_prop:property_service set;
+set_prop(system_server, location_prop)
#For wifistatemachine
allow system_server kernel:key search;
@@ -137,13 +135,13 @@ binder_call(system_server, fps_hal)
allow system_server iqfp_service:service_manager find;
# For shutdown animation
-allow system_server ctl_bootanim_prop:property_service set;
+set_prop(system_server, ctl_bootanim_prop)
# allow tethering to access dhcp leases
r_dir_file(system_server, dhcp_data_file)
# Allow system server to access fst,wigig system properties
-allow system_server fst_prop:property_service set;
+set_prop(system_server, fst_prop)
get_prop(system_server, fst_prop);
set_prop(system_server, wigig_prop);
diff --git a/common/wcnss_filter.te b/common/wcnss_filter.te
index 14d98ee4..9ad83050 100644
--- a/common/wcnss_filter.te
+++ b/common/wcnss_filter.te
@@ -41,7 +41,7 @@ allow wcnss_filter {
#wakelock policy
wakelock_use(wcnss_filter);
-set_prop(wcnss_filter, bluetooth_prop);
+set_prop(wcnss_filter, bluetooth_prop)
#For bluetooth firmware
r_dir_file(wcnss_filter, bt_firmware_file)
diff --git a/common/wifi_ftmd.te b/common/wifi_ftmd.te
index c2592fb7..10c44575 100644
--- a/common/wifi_ftmd.te
+++ b/common/wifi_ftmd.te
@@ -31,6 +31,5 @@ init_daemon_domain(wifi_ftmd)
net_domain(wifi_ftmd)
-set_prop(wifi_ftmd,wififtmd_prop);
+set_prop(wifi_ftmd, wififtmd_prop)
allow wifi_ftmd self:capability net_admin;
-allow wifi_ftmd wififtmd_prop:property_service set;
diff --git a/msm8916/init_shell.te b/msm8916/init_shell.te
index fe54e552..ccb17877 100644
--- a/msm8916/init_shell.te
+++ b/msm8916/init_shell.te
@@ -27,6 +27,4 @@
# media_codecs_eld_prop - to choose target specific media_codecs.xml
# media_settings_xml_prop - to choose target specific media_profiles.xml
-allow qti_init_shell {
- media_msm8939hw_prop
-}:property_service set;
+set_prop(qti_init_shell, media_msm8939hw_prop)
diff --git a/msm8952/init_shell.te b/msm8952/init_shell.te
index 1ff91807..4e58fcdc 100644
--- a/msm8952/init_shell.te
+++ b/msm8952/init_shell.te
@@ -28,10 +28,8 @@
# media_codecs_eld_prop - to choose target specific media_codecs.xml
# media_settings_xml_prop - to choose target specific media_profiles.xml
# media_msm8956_version_prop - to choose target version specific media_codecs.xml
-allow qti_init_shell {
- media_msm8956hw_prop
- media_msm8956_version_prop
-}:property_service set;
+set_prop(qti_init_shell, media_msm8956hw_prop)
+set_prop(qti_init_shell, media_msm8956_version_prop)
# For regionalization
allow qti_init_shell regionalization_file:dir r_dir_perms;
diff --git a/msm8953/init_shell.te b/msm8953/init_shell.te
index b73f4ee7..93e570ff 100644
--- a/msm8953/init_shell.te
+++ b/msm8953/init_shell.te
@@ -28,10 +28,8 @@
# media_codecs_eld_prop - to choose target specific media_codecs.xml
# media_settings_xml_prop - to choose target specific media_profiles.xml
# media_msm8956_version_prop - to choose target version specific media_codecs.xml
-allow qti_init_shell {
- media_settings_xml_prop
- media_msm8953_version_prop
-}:property_service set;
+set_prop(qti_init_shell, media_settings_xml_prop)
+set_prop(qti_init_shell, media_msm8953_version_prop)
# For regionalization
allow qti_init_shell regionalization_file:dir r_dir_perms;
diff --git a/msm8960/init_shell.te b/msm8960/init_shell.te
index a58c8b6f..4136ff3c 100644
--- a/msm8960/init_shell.te
+++ b/msm8960/init_shell.te
@@ -27,6 +27,4 @@
#For property starting with hw
#ctl_thermal-engine_prop - for access the thermal-engine
-allow qti_init_shell {
- ctl_thermal-engine_prop
-}:property_service set;
+set_prop(qti_init_shell, ctl_thermal-engine_prop)
diff --git a/msm8996/init_shell.te b/msm8996/init_shell.te
index 5546fa1a..e2995e5c 100644
--- a/msm8996/init_shell.te
+++ b/msm8996/init_shell.te
@@ -25,4 +25,4 @@
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-allow qti_init_shell ctl_qvrd_prop:property_service set;
+set_prop(qti_init_shell, ctl_qvrd_prop)
diff --git a/msm8998/init_shell.te b/msm8998/init_shell.te
index ef747698..70f12d91 100644
--- a/msm8998/init_shell.te
+++ b/msm8998/init_shell.te
@@ -30,4 +30,4 @@ allow qti_init_shell regionalization_file:dir r_dir_perms;
allow qti_init_shell regionalization_file:file create_file_perms;
# For VR
-allow qti_init_shell ctl_qvrd_prop:property_service set;
+set_prop(qti_init_shell, ctl_qvrd_prop)
diff --git a/private/wfdservice.te b/private/wfdservice.te
index 026b8c3d..78c1d5d8 100644
--- a/private/wfdservice.te
+++ b/private/wfdservice.te
@@ -68,9 +68,6 @@ allow wfdservice graphics_device:chr_file rw_file_perms;
#Allow access to encoder for YUV statistics
allow wfdservice gpu_device:chr_file rw_file_perms;
-#Allow communication with init over property server
-unix_socket_connect(wfdservice, property, init);
-
#Allow access to /dev/video/* devices for encoding/decoding
allow wfdservice video_device:chr_file rw_file_perms;
allow wfdservice video_device:dir r_dir_perms;
diff --git a/test/fidotest.te b/test/fidotest.te
index a331dca9..d0adb00d 100644
--- a/test/fidotest.te
+++ b/test/fidotest.te
@@ -17,9 +17,6 @@ userdebug_or_eng(`
#Allow fido test daemons to be registered with service manager
allow fidotest fidotest_service:service_manager add;
- # Allow communication with init over property server
- unix_socket_connect(fidotest, property, init);
-
# Allow access to tee device
allow fidotest tee_device:chr_file rw_file_perms;
diff --git a/test/qseeproxysample.te b/test/qseeproxysample.te
index 1e71b7f7..381400ff 100644
--- a/test/qseeproxysample.te
+++ b/test/qseeproxysample.te
@@ -45,9 +45,6 @@ userdebug_or_eng(`
#Allow test daemon to use system_server via binder to check caller identity
binder_call(qseeproxysample, system_server)
- # Allow communication with init over property server
- unix_socket_connect(qseeproxysample, property, init);
-
# Allow access to tee device
allow qseeproxysample tee_device:chr_file rw_file_perms;