diff options
author | Michael Bestas <mkbestas@lineageos.org> | 2017-08-08 21:18:48 +0300 |
---|---|---|
committer | Bruno Martins <bgcngm@gmail.com> | 2017-12-07 12:14:55 +0000 |
commit | 17be4c5551ed0a7f323ead2d5ffa10d6d995b27b (patch) | |
tree | b1fb1ae0d5701d354d9e819d90ae6ac0fba3ee9a | |
parent | a694963b6731527653fcc2ce63bba865c7aca68b (diff) | |
download | android_device_qcom_sepolicy-lineage-15.0.tar.gz android_device_qcom_sepolicy-lineage-15.0.tar.bz2 android_device_qcom_sepolicy-lineage-15.0.zip |
Use set_prop() macro for property setslineage-15.0
Change-Id: Id67a05f8ed718cad5856613c2700f4ce1e404cf0
-rw-r--r-- | apq8084/qca1530.te | 4 | ||||
-rw-r--r-- | apq8098_latv/init_shell.te | 2 | ||||
-rw-r--r-- | common/bluetooth.te | 2 | ||||
-rw-r--r-- | common/fidodaemon.te | 3 | ||||
-rw-r--r-- | common/location.te | 2 | ||||
-rwxr-xr-x | common/mediaserver.te | 2 | ||||
-rw-r--r-- | common/netd.te | 2 | ||||
-rw-r--r-- | common/nqnfcinfo.te | 2 | ||||
-rw-r--r-- | common/qcomsysd.te | 2 | ||||
-rw-r--r-- | common/qseecomd.te | 3 | ||||
-rw-r--r-- | common/qseeproxy.te | 3 | ||||
-rw-r--r-- | common/qti_logkit_app.te | 2 | ||||
-rw-r--r-- | common/recovery.te | 6 | ||||
-rwxr-xr-x | common/system_app.te | 13 | ||||
-rw-r--r-- | common/system_server.te | 16 | ||||
-rw-r--r-- | common/wcnss_filter.te | 2 | ||||
-rw-r--r-- | common/wifi_ftmd.te | 3 | ||||
-rw-r--r-- | msm8916/init_shell.te | 4 | ||||
-rw-r--r-- | msm8952/init_shell.te | 6 | ||||
-rw-r--r-- | msm8953/init_shell.te | 6 | ||||
-rw-r--r-- | msm8960/init_shell.te | 4 | ||||
-rw-r--r-- | msm8996/init_shell.te | 2 | ||||
-rw-r--r-- | msm8998/init_shell.te | 2 | ||||
-rw-r--r-- | private/wfdservice.te | 3 | ||||
-rw-r--r-- | test/fidotest.te | 3 | ||||
-rw-r--r-- | test/qseeproxysample.te | 3 |
26 files changed, 35 insertions, 67 deletions
diff --git a/apq8084/qca1530.te b/apq8084/qca1530.te index 470f8050..adf3a302 100644 --- a/apq8084/qca1530.te +++ b/apq8084/qca1530.te @@ -37,7 +37,6 @@ userdebug_or_eng(` qmux_socket(qca1530) wakelock_use(qca1530) -unix_socket_connect(qca1530, property, init) # need to access sharemem log device for smem logs allow qca1530 smem_log_device:chr_file rw_file_perms; @@ -69,7 +68,8 @@ allow qca1530 system_file:file x_file_perms; #Setting sys.qca1530 property in QCA1530 detect service #Setting system default properties on start command to system server -allow qca1530 { qca1530_prop ctl_default_prop }:property_service set; +set_prop(qca1530, qca1530_prop) +set_prop(qca1530, ctl_default_prop) # Access to serial port conncting to QCA1530 chip allow qca1530 serial_device:chr_file rw_file_perms; diff --git a/apq8098_latv/init_shell.te b/apq8098_latv/init_shell.te index 32fe1779..77a8fbb8 100644 --- a/apq8098_latv/init_shell.te +++ b/apq8098_latv/init_shell.te @@ -30,7 +30,7 @@ allow qti_init_shell regionalization_file:dir r_dir_perms; allow qti_init_shell regionalization_file:file create_file_perms; # For VR -allow qti_init_shell ctl_qvrd_prop:property_service set; +set_prop(qti_init_shell, ctl_qvrd_prop) allow qti_init_shell sysfs_cpu_boost:dir r_dir_perms; allow qti_init_shell sysfs_cpu_boost:file rw_file_perms; allow qti_init_shell sysfs_devfreq:lnk_file r_file_perms; diff --git a/common/bluetooth.te b/common/bluetooth.te index 5d091672..184a563e 100644 --- a/common/bluetooth.te +++ b/common/bluetooth.te @@ -14,7 +14,7 @@ type btnvtool_exec, exec_type, vendor_file_type, file_type; type fmhal_service, bluetoothdomain; type fmhal_service_exec, exec_type, vendor_file_type, file_type; -allow bluetooth bluetooth_prop:property_service set; +set_prop(bluetooth, bluetooth_prop) allow bluetooth sysfs_bluetooth_writable:file w_file_perms; #Access to /data/media diff --git a/common/fidodaemon.te b/common/fidodaemon.te index 79fb1515..a8f754d8 100644 --- a/common/fidodaemon.te +++ b/common/fidodaemon.te @@ -17,9 +17,6 @@ binder_call(fidodaemon, system_app) #Allow fidodaemon to be registered with service manager allow fidodaemon fidodaemon_service:service_manager add; -#Allow communication with init over property server -unix_socket_connect(fidodaemon, property, init); - #Allow access to tee device allow fidodaemon tee_device:chr_file rw_file_perms; diff --git a/common/location.te b/common/location.te index 88f5f332..a7c8fc6a 100644 --- a/common/location.te +++ b/common/location.te @@ -68,7 +68,7 @@ allow location persist_file:dir r_dir_perms; netmgr_socket(location); #Allow access to properties -set_prop(location, location_prop); +set_prop(location, location_prop) #diag userdebug_or_eng(` diff --git a/common/mediaserver.te b/common/mediaserver.te index 316b8e87..1108551e 100755 --- a/common/mediaserver.te +++ b/common/mediaserver.te @@ -49,7 +49,7 @@ allow mediaserver audio_pp_data_file:dir rw_dir_perms; allow mediaserver audio_pp_data_file:file create_file_perms; #Allow mediaserver to set camera properties -allow mediaserver camera_prop:property_service set; +set_prop(mediaserver, camera_prop) #Allow mediaserver access mmi_data_file allow mediaserver mmi_data_file:file r_file_perms; diff --git a/common/netd.te b/common/netd.te index ed60ec02..81f466d9 100644 --- a/common/netd.te +++ b/common/netd.te @@ -20,7 +20,7 @@ allow netd ipacm_data_file:file r_file_perms; allowxperm netd self: { unix_stream_socket } ioctl priv_sock_ioctls; # needed for netd to start FST Manager via system property -allow netd netd_prop:property_service set; +set_prop(netd, netd_prop) allow netd self:capability fsetid; #allow netd hostapd:unix_dgram_socket sendto; diff --git a/common/nqnfcinfo.te b/common/nqnfcinfo.te index 814b2f51..fb5a6079 100644 --- a/common/nqnfcinfo.te +++ b/common/nqnfcinfo.te @@ -33,7 +33,7 @@ init_daemon_domain(nqnfcinfo) r_dir_file(nqnfcinfo, sysfs_socinfo); -set_prop(nqnfcinfo, nfc_nq_prop); +set_prop(nqnfcinfo, nfc_nq_prop) # Access device nodes inside /dev/nq-nci allow nqnfcinfo nfc_device:chr_file rw_file_perms; diff --git a/common/qcomsysd.te b/common/qcomsysd.te index 50f78f48..6439106f 100644 --- a/common/qcomsysd.te +++ b/common/qcomsysd.te @@ -21,7 +21,7 @@ allow qcomsysd sysfs_socinfo:file w_file_perms; allow qcomsysd self:capability { dac_override sys_boot }; use_per_mgr(qcomsysd); #allow qcomsysd access boot mode switch -set_prop(qcomsysd, boot_mode_prop); +set_prop(qcomsysd, boot_mode_prop) #diag userdebug_or_eng(` diff --git a/common/qseecomd.te b/common/qseecomd.te index 32e1ca3a..50eb4f88 100644 --- a/common/qseecomd.te +++ b/common/qseecomd.te @@ -55,9 +55,6 @@ allow tee sysfs_securetouch:file rw_file_perms; binder_call(tee, surfaceflinger) #binder_use(tee) -#allow tee system_app:unix_dgram_socket sendto; -unix_socket_connect(tee, property, init) - set_prop(tee, system_prop); diff --git a/common/qseeproxy.te b/common/qseeproxy.te index bbefcf01..fc99e375 100644 --- a/common/qseeproxy.te +++ b/common/qseeproxy.te @@ -46,9 +46,6 @@ allow qseeproxy qseeproxy_service:service_manager add; #Allow qseeproxy to use system_server via binder to check caller identity binder_call(qseeproxy, system_server) -#Allow communication with init over property server -unix_socket_connect(qseeproxy, property, init); - #Allow access to tee device allow qseeproxy tee_device:chr_file rw_file_perms; diff --git a/common/qti_logkit_app.te b/common/qti_logkit_app.te index 8aed5886..da18fd54 100644 --- a/common/qti_logkit_app.te +++ b/common/qti_logkit_app.te @@ -74,7 +74,7 @@ allow qti_logkit_app qti_logkit_pub_data_file:file create_file_perms; allow qti_logkit_app wcnss_service_exec:file rx_file_perms; # bugreport -allow qti_logkit_app ctl_dumpstate_prop:property_service set; +set_prop(qti_logkit_app, ctl_dumpstate_prop) unix_socket_connect(qti_logkit_app, dumpstate, dumpstate) # ANR diff --git a/common/recovery.te b/common/recovery.te index b1a06a52..4a5bc2f8 100644 --- a/common/recovery.te +++ b/common/recovery.te @@ -22,7 +22,7 @@ recovery_only(` # Enable adb on configfs devices allow recovery configfs:file rw_file_perms; allow recovery configfs:dir rw_dir_perms; - set_prop(recovery, ffs_prop); - get_prop(recovery, sys_usb_controller_prop); - get_prop(recovery, boot_mode_prop); + set_prop(recovery, ffs_prop) + get_prop(recovery, sys_usb_controller_prop) + get_prop(recovery, boot_mode_prop) ') diff --git a/common/system_app.te b/common/system_app.te index 4a25a980..766a9b19 100755 --- a/common/system_app.te +++ b/common/system_app.te @@ -28,11 +28,9 @@ r_dir_file(system_app, fm_data_file); r_dir_file(system_app, bluetooth_data_file); r_dir_file(system_app, bt_firmware_file); -allow system_app { - ctl_default_prop - fm_prop - usf_prop -}:property_service set; +set_prop(system_app, ctl_default_prop) +set_prop(system_app, fm_prop) +set_prop(system_app, usf_prop) allow system_app { atfwd_service @@ -83,7 +81,7 @@ allow system_app usf_data_file:{ file lnk_file } create_file_perms; hal_client_domain(system_app, hal_hbtp) #access to wifi_ftmd -allow system_app wififtmd_prop:property_service set; +set_prop(system_app, wififtmd_prop) #unix_socket_send(system_app, wififtmd, wifi_ftmd) # allow system_app to interact with dtseagleservice @@ -141,7 +139,7 @@ allow system_app qti_logkit_priv_socket:dir r_dir_perms; allow system_app wcnss_service_exec:file rx_file_perms; # bugreport -allow system_app ctl_dumpstate_prop:property_service set; +set_prop(system_app, ctl_dumpstate_prop) unix_socket_connect(system_app, dumpstate, dumpstate) # allow gba auth service to add itself as system service @@ -222,7 +220,6 @@ hal_client_domain(system_app, hal_alarm_qti); #allow system app to interact with the esepowermanager hal_client_domain(system_app, hal_esepowermanager) -allow system_app fm_prop:file r_file_perms; allow system_app vendor_radio_data_file:dir rw_dir_perms; allow system_app vendor_radio_data_file:file create_file_perms; diff --git a/common/system_server.te b/common/system_server.te index 8c8fe325..51907d10 100644 --- a/common/system_server.te +++ b/common/system_server.te @@ -33,12 +33,10 @@ allow system_server { allow system_server qtitetherservice_service:service_manager find; #For ANT tty communication and to set wc_transport prop -allow system_server { - bluetooth_prop - usf_prop - alarm_handled_prop - alarm_instance_prop -}:property_service set; +set_prop(system_server, bluetooth_prop) +set_prop(system_server, usf_prop) +set_prop(system_server, alarm_handled_prop) +set_prop(system_server, alarm_instance_prop) # required for ANT App to connectto wcnss_filter sockets allow system_server bluetooth:unix_stream_socket connectto; @@ -62,7 +60,7 @@ allow system_server location_data_file:dir create_dir_perms; allow system_server { location_app_data_file mdtp_svc_app_data_file } :file rw_file_perms; allow system_server { location_app_data_file mdtp_svc_app_data_file } :dir r_dir_perms; #allow system_server location_socket:sock_file create_file_perms; -allow system_server location_prop:property_service set; +set_prop(system_server, location_prop) #For wifistatemachine allow system_server kernel:key search; @@ -137,13 +135,13 @@ binder_call(system_server, fps_hal) allow system_server iqfp_service:service_manager find; # For shutdown animation -allow system_server ctl_bootanim_prop:property_service set; +set_prop(system_server, ctl_bootanim_prop) # allow tethering to access dhcp leases r_dir_file(system_server, dhcp_data_file) # Allow system server to access fst,wigig system properties -allow system_server fst_prop:property_service set; +set_prop(system_server, fst_prop) get_prop(system_server, fst_prop); set_prop(system_server, wigig_prop); diff --git a/common/wcnss_filter.te b/common/wcnss_filter.te index 14d98ee4..9ad83050 100644 --- a/common/wcnss_filter.te +++ b/common/wcnss_filter.te @@ -41,7 +41,7 @@ allow wcnss_filter { #wakelock policy wakelock_use(wcnss_filter); -set_prop(wcnss_filter, bluetooth_prop); +set_prop(wcnss_filter, bluetooth_prop) #For bluetooth firmware r_dir_file(wcnss_filter, bt_firmware_file) diff --git a/common/wifi_ftmd.te b/common/wifi_ftmd.te index c2592fb7..10c44575 100644 --- a/common/wifi_ftmd.te +++ b/common/wifi_ftmd.te @@ -31,6 +31,5 @@ init_daemon_domain(wifi_ftmd) net_domain(wifi_ftmd) -set_prop(wifi_ftmd,wififtmd_prop); +set_prop(wifi_ftmd, wififtmd_prop) allow wifi_ftmd self:capability net_admin; -allow wifi_ftmd wififtmd_prop:property_service set; diff --git a/msm8916/init_shell.te b/msm8916/init_shell.te index fe54e552..ccb17877 100644 --- a/msm8916/init_shell.te +++ b/msm8916/init_shell.te @@ -27,6 +27,4 @@ # media_codecs_eld_prop - to choose target specific media_codecs.xml # media_settings_xml_prop - to choose target specific media_profiles.xml -allow qti_init_shell { - media_msm8939hw_prop -}:property_service set; +set_prop(qti_init_shell, media_msm8939hw_prop) diff --git a/msm8952/init_shell.te b/msm8952/init_shell.te index 1ff91807..4e58fcdc 100644 --- a/msm8952/init_shell.te +++ b/msm8952/init_shell.te @@ -28,10 +28,8 @@ # media_codecs_eld_prop - to choose target specific media_codecs.xml # media_settings_xml_prop - to choose target specific media_profiles.xml # media_msm8956_version_prop - to choose target version specific media_codecs.xml -allow qti_init_shell { - media_msm8956hw_prop - media_msm8956_version_prop -}:property_service set; +set_prop(qti_init_shell, media_msm8956hw_prop) +set_prop(qti_init_shell, media_msm8956_version_prop) # For regionalization allow qti_init_shell regionalization_file:dir r_dir_perms; diff --git a/msm8953/init_shell.te b/msm8953/init_shell.te index b73f4ee7..93e570ff 100644 --- a/msm8953/init_shell.te +++ b/msm8953/init_shell.te @@ -28,10 +28,8 @@ # media_codecs_eld_prop - to choose target specific media_codecs.xml # media_settings_xml_prop - to choose target specific media_profiles.xml # media_msm8956_version_prop - to choose target version specific media_codecs.xml -allow qti_init_shell { - media_settings_xml_prop - media_msm8953_version_prop -}:property_service set; +set_prop(qti_init_shell, media_settings_xml_prop) +set_prop(qti_init_shell, media_msm8953_version_prop) # For regionalization allow qti_init_shell regionalization_file:dir r_dir_perms; diff --git a/msm8960/init_shell.te b/msm8960/init_shell.te index a58c8b6f..4136ff3c 100644 --- a/msm8960/init_shell.te +++ b/msm8960/init_shell.te @@ -27,6 +27,4 @@ #For property starting with hw #ctl_thermal-engine_prop - for access the thermal-engine -allow qti_init_shell { - ctl_thermal-engine_prop -}:property_service set; +set_prop(qti_init_shell, ctl_thermal-engine_prop) diff --git a/msm8996/init_shell.te b/msm8996/init_shell.te index 5546fa1a..e2995e5c 100644 --- a/msm8996/init_shell.te +++ b/msm8996/init_shell.te @@ -25,4 +25,4 @@ # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -allow qti_init_shell ctl_qvrd_prop:property_service set; +set_prop(qti_init_shell, ctl_qvrd_prop) diff --git a/msm8998/init_shell.te b/msm8998/init_shell.te index ef747698..70f12d91 100644 --- a/msm8998/init_shell.te +++ b/msm8998/init_shell.te @@ -30,4 +30,4 @@ allow qti_init_shell regionalization_file:dir r_dir_perms; allow qti_init_shell regionalization_file:file create_file_perms; # For VR -allow qti_init_shell ctl_qvrd_prop:property_service set; +set_prop(qti_init_shell, ctl_qvrd_prop) diff --git a/private/wfdservice.te b/private/wfdservice.te index 026b8c3d..78c1d5d8 100644 --- a/private/wfdservice.te +++ b/private/wfdservice.te @@ -68,9 +68,6 @@ allow wfdservice graphics_device:chr_file rw_file_perms; #Allow access to encoder for YUV statistics allow wfdservice gpu_device:chr_file rw_file_perms; -#Allow communication with init over property server -unix_socket_connect(wfdservice, property, init); - #Allow access to /dev/video/* devices for encoding/decoding allow wfdservice video_device:chr_file rw_file_perms; allow wfdservice video_device:dir r_dir_perms; diff --git a/test/fidotest.te b/test/fidotest.te index a331dca9..d0adb00d 100644 --- a/test/fidotest.te +++ b/test/fidotest.te @@ -17,9 +17,6 @@ userdebug_or_eng(` #Allow fido test daemons to be registered with service manager allow fidotest fidotest_service:service_manager add; - # Allow communication with init over property server - unix_socket_connect(fidotest, property, init); - # Allow access to tee device allow fidotest tee_device:chr_file rw_file_perms; diff --git a/test/qseeproxysample.te b/test/qseeproxysample.te index 1e71b7f7..381400ff 100644 --- a/test/qseeproxysample.te +++ b/test/qseeproxysample.te @@ -45,9 +45,6 @@ userdebug_or_eng(` #Allow test daemon to use system_server via binder to check caller identity binder_call(qseeproxysample, system_server) - # Allow communication with init over property server - unix_socket_connect(qseeproxysample, property, init); - # Allow access to tee device allow qseeproxysample tee_device:chr_file rw_file_perms; |