diff options
| author | Joey Hewitt <joey@joeyhewitt.com> | 2019-09-02 21:24:47 -0600 |
|---|---|---|
| committer | Joey Hewitt <joey@joeyhewitt.com> | 2019-09-02 21:25:54 -0600 |
| commit | a83b24ba10576ec8c815df0ccaa97791e2c4537f (patch) | |
| tree | 3375481d607172dc6e7b79bede7da3e8afa00252 | |
| parent | 37c4769bcc40f7004b1ae2eb04cb1049121402aa (diff) | |
| download | device_samsung_t0lte-a83b24ba10576ec8c815df0ccaa97791e2c4537f.tar.gz device_samsung_t0lte-a83b24ba10576ec8c815df0ccaa97791e2c4537f.tar.bz2 device_samsung_t0lte-a83b24ba10576ec8c815df0ccaa97791e2c4537f.zip | |
remove references to proprietary stuff, mostly ril
| -rw-r--r-- | BoardConfig.mk | 3 | ||||
| -rw-r--r-- | common.mk | 8 | ||||
| -rwxr-xr-x | extract-files.sh | 113 | ||||
| -rw-r--r-- | libsamsung_symbols/Android.mk | 28 | ||||
| -rw-r--r-- | libsamsung_symbols/samsung_ril.cpp | 21 | ||||
| -rw-r--r-- | proprietary-files.txt | 43 | ||||
| -rw-r--r-- | rootdir/init.target.rc | 52 | ||||
| -rw-r--r-- | selinux/SMD-daemon.te | 9 | ||||
| -rw-r--r-- | selinux/at_distributor.te | 33 | ||||
| -rw-r--r-- | selinux/diag_uart_log.te | 12 | ||||
| -rw-r--r-- | selinux/domain.te | 5 | ||||
| -rw-r--r-- | selinux/file.te | 1 | ||||
| -rw-r--r-- | selinux/file_contexts | 16 | ||||
| -rw-r--r-- | selinux/init.te | 3 | ||||
| -rwxr-xr-x | selinux/kickstart.te | 53 | ||||
| -rw-r--r-- | selinux/mediaserver.te | 1 | ||||
| -rwxr-xr-x | selinux/netmgrd.te | 32 | ||||
| -rw-r--r-- | selinux/qmiproxy.te | 17 | ||||
| -rw-r--r-- | selinux/qmuxd.te | 54 | ||||
| -rw-r--r-- | selinux/radio.te | 4 | ||||
| -rwxr-xr-x | selinux/rild.te | 41 | ||||
| -rw-r--r-- | selinux/secril.te | 37 | ||||
| -rw-r--r-- | selinux/servicemanager.te | 3 | ||||
| -rwxr-xr-x | selinux/system.te | 5 | ||||
| -rwxr-xr-x | selinux/te_macros | 13 | ||||
| -rw-r--r-- | selinux/wpa.te | 1 | ||||
| -rw-r--r-- | system.prop | 6 |
27 files changed, 1 insertions, 613 deletions
diff --git a/BoardConfig.mk b/BoardConfig.mk index 6bd0390..d12c465 100644 --- a/BoardConfig.mk +++ b/BoardConfig.mk @@ -24,6 +24,3 @@ # GPS BOARD_GPS_SET_PRIVACY := true -# inherit from the proprietary version --include vendor/samsung/t0lte/BoardConfigVendor.mk - @@ -77,14 +77,6 @@ PRODUCT_PACKAGES += \ Stk \ SamsungServiceMode -# Samsung symbols -PRODUCT_PACKAGES += \ - libsamsung_symbols - -# RIL -PRODUCT_PROPERTY_OVERRIDES += \ - mobiledata.interfaces=pdp0,gprs,ppp0,rmnet0,rmnet1 - # These are the hardware-specific features PRODUCT_COPY_FILES += \ frameworks/native/data/etc/handheld_core_hardware.xml:system/etc/permissions/handheld_core_hardware.xml \ diff --git a/extract-files.sh b/extract-files.sh deleted file mode 100755 index 4441ab0..0000000 --- a/extract-files.sh +++ /dev/null @@ -1,113 +0,0 @@ -#!/bin/sh - -# Copyright (C) 2013 The CyanogenMod Project -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This file is generated by device/common/generate-blob-scripts.sh - DO NOT EDIT - -VENDOR=samsung -DEVICE=t0lte -COMMON=common - -if [ $COMMON = $1 ] -then - COMMON="-common" -else - COMMON="" -fi - -mkdir -p ../../../vendor/$VENDOR/$DEVICE/proprietary - -adb root -adb wait-for-device - -echo "Pulling proprietary files..." -for FILE in `cat ../$DEVICE/proprietary-files.txt | grep -v ^# | grep -v ^$`; do - DIR=`dirname $FILE` - if [ ! -d ../../../vendor/$VENDOR/$DEVICE/proprietary/$DIR ]; then - mkdir -p ../../../vendor/$VENDOR/$DEVICE/proprietary/$DIR - fi - adb pull /$FILE ../../../vendor/$VENDOR/$DEVICE/proprietary/$FILE -done - - -(cat << EOF) | sed s/__DEVICE__/$DEVICE/g | sed s/__VENDOR__/$VENDOR/g > ../../../vendor/$VENDOR/$DEVICE/$DEVICE$COMMON-vendor-blobs.mk -# Copyright (C) 2013 The CyanogenMod Project -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -LOCAL_PATH := vendor/__VENDOR__/__DEVICE__ - -PRODUCT_COPY_FILES += \\ -EOF - -LINEEND=" \\" -COUNT=`cat proprietary-files.txt | grep -v ^# | grep -v ^$ | wc -l | awk {'print $1'}` -for FILE in `cat proprietary-files.txt | grep -v ^# | grep -v ^$`; do - COUNT=`expr $COUNT - 1` - if [ $COUNT = "0" ]; then - LINEEND="" - fi - echo " \$(LOCAL_PATH)/proprietary/$FILE:$FILE$LINEEND" >> ../../../vendor/$VENDOR/$DEVICE/$DEVICE$COMMON-vendor-blobs.mk -done - -(cat << EOF) | sed s/__DEVICE__/$DEVICE/g | sed s/__VENDOR__/$VENDOR/g > ../../../vendor/$VENDOR/$DEVICE/$DEVICE$COMMON-vendor.mk -# Copyright (C) 2013 The CyanogenMod Project -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Pick up overlay for features that depend on non-open-source files -DEVICE_PACKAGE_OVERLAYS += vendor/__VENDOR__/__DEVICE__/overlay - -\$(call inherit-product, vendor/__VENDOR__/__DEVICE__/__DEVICE__$COMMON-vendor-blobs.mk) -EOF - -(cat << EOF) | sed s/__DEVICE__/$DEVICE/g | sed s/__VENDOR__/$VENDOR/g > ../../../vendor/$VENDOR/$DEVICE/BoardConfigVendor.mk -# Copyright (C) 2013 The CyanogenMod Project -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -EOF - -cd ./../../../device/samsung/smdk4412-common/ && ./extract-files.sh diff --git a/libsamsung_symbols/Android.mk b/libsamsung_symbols/Android.mk deleted file mode 100644 index c2e942e..0000000 --- a/libsamsung_symbols/Android.mk +++ /dev/null @@ -1,28 +0,0 @@ -# Copyright (C) 2015 The CyanogenMod Project -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -LOCAL_PATH := $(call my-dir) - -include $(CLEAR_VARS) - -LOCAL_SRC_FILES := \ - samsung_ril.cpp - -LOCAL_SHARED_LIBRARIES := libbinder - -LOCAL_MODULE := libsamsung_symbols -LOCAL_MODULE_TAGS := optional -LOCAL_MODULE_CLASS := SHARED_LIBRARIES - -include $(BUILD_SHARED_LIBRARY) diff --git a/libsamsung_symbols/samsung_ril.cpp b/libsamsung_symbols/samsung_ril.cpp deleted file mode 100644 index 404616d..0000000 --- a/libsamsung_symbols/samsung_ril.cpp +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright (C) 2015 The CyanogenMod Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* status_t Parcel::writeString16 */ -extern "C" int _ZN7android6Parcel13writeString16EPKDsj(); -extern "C" int _ZN7android6Parcel13writeString16EPKtj() { - return _ZN7android6Parcel13writeString16EPKDsj(); -} diff --git a/proprietary-files.txt b/proprietary-files.txt deleted file mode 100644 index 89ffbe3..0000000 --- a/proprietary-files.txt +++ /dev/null @@ -1,43 +0,0 @@ -system/bin/at_distributor -system/bin/diag_uart_log -system/bin/efsks -system/bin/ks -system/bin/qcks -system/bin/qmiproxy -system/bin/qmuxd -system/bin/rild -system/bin/smdexe -system/etc/Diag.cfg -system/etc/Diag_zero.cfg -system/lib/libakm.so -system/lib/libatparser.so -system/lib/libcordon.so -system/lib/libcsd-client.so -system/lib/libfactoryutil.so -system/lib/libloc_api_v02.so -system/lib/libomission_avoidance.so -system/lib/libril.so -system/lib/libsec-ril.so -system/lib/libsecnativefeature.so -system/lib/libsecril-client.so -system/lib/libxml.so -system/usr/idc/sec_e-pen.idc -system/usr/keylayout/sec_e-pen.kl -system/usr/keylayout/sec_touchkey.kl -system/vendor/lib/libdiag.so -system/vendor/lib/libconfigdb.so -system/vendor/lib/libdsutils.so -system/vendor/lib/libgeofence.so -system/vendor/lib/libidl.so -system/vendor/lib/libizat_core.so -system/vendor/lib/liblbs_core.so -system/vendor/lib/liblocationservice.so -system/vendor/lib/libqcci_legacy.so -system/vendor/lib/libqmi.so -system/vendor/lib/libqmi_cci.so -system/vendor/lib/libqmi_client_qmux.so -system/vendor/lib/libqmi_common_so.so -system/vendor/lib/libqmi_csi.so -system/vendor/lib/libqmi_encdec.so -system/vendor/lib/libqmiservices.so -system/vendor/lib/libril-qcril-hook-oem.so
\ No newline at end of file diff --git a/rootdir/init.target.rc b/rootdir/init.target.rc index d987195..331254d 100644 --- a/rootdir/init.target.rc +++ b/rootdir/init.target.rc @@ -1,8 +1,6 @@ import init.bt.rc on init - export LD_SHIM_LIBS /system/lib/libril.so|libsamsung_symbols.so - # Vibetonz export VIBE_PIPE_PATH /dev/pipes mkdir /dev/pipes 0771 shell shell @@ -42,19 +40,6 @@ on post-fs-data chown system radio /dev/block/platform/dw_mmc/by-name chmod 0775 /dev/block/platform/dw_mmc/by-name - # QCRIL - # Create QMUX deamon socket area - mkdir /dev/socket/qmux_radio 0777 radio radio - chmod 2777 /dev/socket/qmux_radio - mkdir /dev/socket/qmux_audio 0770 media audio - chmod 2770 /dev/socket/qmux_audio - mkdir /dev/socket/qmux_gps 0770 gps gps - chmod 2770 /dev/socket/qmux_gps - - # Allow QMUX daemon to assign port open wait time - chown radio radio /sys/devices/virtual/hsicctl/hsicctl0/modem_wait - chmod 0666 /sys/devices/virtual/hsicctl/hsicctl0/modem_wait - # To prevent out of order acknowledgements from making # connection tracking to treat them as not belonging to # the connection they belong to. @@ -126,40 +111,3 @@ on boot on property:sys.boot_completed=1 write /sys/block/mmcblk0/queue/scheduler cfq write /sys/power/cpufreq_min_limit -1 - -# AT Distributor for factory test -service at_distributor /system/bin/at_distributor - class late_start - user root - seclabel u:r:at_distributor:s0 - group radio log - -# diag app for cp uart -service diag_uart_log /system/bin/diag_uart_log - class main - user root - seclabel u:r:diag_uart_log:s0 - group radio - -service SMD-daemon /system/bin/smdexe - class main - user root - seclabel u:r:SMD-daemon:s0 - group system radio inet net_raw - -service qc_kickstart /system/bin/qcks s - class core - user root - seclabel u:r:kickstart:s0 - group radio cache inet misc audio sdcard_rw log - -#For EncryptionMode - remove disabled, Modify class main -service qmiproxy /system/bin/qmiproxy - class main - user radio - group radio gps - -service qmuxd /system/bin/qmuxd - class main - user system - group radio log audio bluetooth gps log diff --git a/selinux/SMD-daemon.te b/selinux/SMD-daemon.te deleted file mode 100644 index 031daf0..0000000 --- a/selinux/SMD-daemon.te +++ /dev/null @@ -1,9 +0,0 @@ -type SMD-daemon, domain; -type SMD-daemon_exec, exec_type, file_type; -init_daemon_domain(SMD-daemon) - -allow SMD-daemon system_file:file { execute_no_trans }; -allow SMD-daemon self:capability { setuid }; - -allow SMD-daemon log_device:chr_file { write open }; -allow SMD-daemon log_device:dir { search }; diff --git a/selinux/at_distributor.te b/selinux/at_distributor.te deleted file mode 100644 index 23036ad..0000000 --- a/selinux/at_distributor.te +++ /dev/null @@ -1,33 +0,0 @@ -type at_distributor, domain; -type at_distributor_exec, exec_type, file_type; -init_daemon_domain(at_distributor) - -allow at_distributor system_file:file { execute_no_trans }; - -allow at_distributor radio_device:chr_file { read write open ioctl }; - -allow at_distributor rild:unix_stream_socket { connectto }; - -allow at_distributor log_device:chr_file { open write }; -allow at_distributor log_device:dir { search }; - -allow at_distributor efs_file:dir { search }; -allow at_distributor efs_file:file { read open getattr setattr }; - -allow at_distributor radio_data_file:dir { search write add_name }; -allow at_distributor radio_data_file:file { open write create getattr read }; - -allow at_distributor unlabeled:dir { search getattr }; -allow at_distributor unlabeled:file { open read write setattr getattr }; - -allow at_distributor self:capability { dac_override chown fowner setuid fsetid }; - -allow at_distributor property_socket:sock_file { open write }; - -allow at_distributor diag_uart_log_exec:file { getattr }; - -allow at_distributor init:unix_stream_socket { connectto }; - -allow at_distributor radio_prop:property_service { set }; - -allow at_distributor sysfs_wake_lock:file { read write open }; diff --git a/selinux/diag_uart_log.te b/selinux/diag_uart_log.te deleted file mode 100644 index 6ebaacb..0000000 --- a/selinux/diag_uart_log.te +++ /dev/null @@ -1,12 +0,0 @@ -type diag_uart_log, domain; -type diag_uart_log_exec, exec_type, file_type; -init_daemon_domain(diag_uart_log) - -allow diag_uart_log init:process { noatsecure rlimitinh siginh }; - -allow diag_uart_log log_device:chr_file { open write }; -allow diag_uart_log log_device:dir { search }; - -allow diag_uart_log at_distributor:unix_stream_socket { connectto }; - -allow diag_uart_log self:capability { setuid }; diff --git a/selinux/domain.te b/selinux/domain.te index cd1d423..7b21391 100644 --- a/selinux/domain.te +++ b/selinux/domain.te @@ -1,8 +1,3 @@ -allow domain at_distributor:chr_file rw_file_perms; -allow domain diag_uart_log:chr_file rw_file_perms; -allow domain SMD-daemon:chr_file rw_file_perms; -allow domain qmiproxy:chr_file rw_file_perms; - userdebug_or_eng(` allow domain diag_device:chr_file rw_file_perms; ') diff --git a/selinux/file.te b/selinux/file.te index bc4ef55..0f14cce 100644 --- a/selinux/file.te +++ b/selinux/file.te @@ -6,7 +6,6 @@ type firmware_camera, file_type; type mdnie_sysfs, file_type; type vib_sysfs, file_type; -type qmuxd_socket, file_type; type kickstart_data_file, file_type, data_file_type; type sensors_data_file, file_type, data_file_type; type volume_data_file, file_type, data_file_type; diff --git a/selinux/file_contexts b/selinux/file_contexts index 2b87860..b552aa4 100644 --- a/selinux/file_contexts +++ b/selinux/file_contexts @@ -55,22 +55,6 @@ /data/misc/radio(/.*)? u:object_r:radio_data_file:s0 /efs u:object_r:efs_device_file:s0 -# Binaries -/system/bin/qmuxd u:object_r:qmuxd_exec:s0 -/system/bin/efsks u:object_r:kickstart_exec:s0 -/system/bin/ks u:object_r:kickstart_exec:s0 -/system/bin/qcks u:object_r:kickstart_exec:s0 -/system/bin/qmiproxy u:object_r:qmiproxy_exec:s0 -/system/bin/at_distributor u:object_r:at_distributor_exec:s0 -/system/bin/smdexe u:object_r:SMD-daemon_exec:s0 -/system/bin/diag_uart_log u:object_r:diag_uart_log_exec:s0 - -# Sockets -/dev/socket/qmux_audio(/.*)? u:object_r:qmuxd_socket:s0 -/dev/socket/qmux_bluetooth(/.*)? u:object_r:qmuxd_socket:s0 -/dev/socket/qmux_gps(/.*)? u:object_r:qmuxd_socket:s0 -/dev/socket/qmux_radio(/.*)? u:object_r:qmuxd_socket:s0 - # Block devices /dev/block/mmcblk0(.*) u:object_r:boot_block_device:s0 /dev/block/mmcblk0p3 u:object_r:efs_block_device:s0 diff --git a/selinux/init.te b/selinux/init.te index 9f3c6ae..1e1fab6 100644 --- a/selinux/init.te +++ b/selinux/init.te @@ -14,8 +14,5 @@ allow init sysfs:lnk_file { setattr }; allow init log_device:chr_file { write }; allow init kernel:system { module_request }; allow init block_device:lnk_file { setattr }; -domain_trans(init, rootfs, SMD-daemon) allow init shell_data_file:lnk_file { getattr }; - -allow init rild:process noatsecure; diff --git a/selinux/kickstart.te b/selinux/kickstart.te deleted file mode 100755 index 8d550c6..0000000 --- a/selinux/kickstart.te +++ /dev/null @@ -1,53 +0,0 @@ -# kickstart processes and scripts -type kickstart, domain; -type kickstart_exec, exec_type, file_type; - -# kickstart_checker.sh talks to init over the property socket -unix_socket_connect(kickstart, property, init) - -# Start /system/bin/qcks from init -init_daemon_domain(kickstart) - -# Spawn /system/bin/efsks and /system/bin/ks -allow kickstart kickstart_exec:file { open execute_no_trans getattr }; -allow kickstart rild_exec:file { open execute_no_trans getattr }; - -# Run dd on m9kefs[123] block devices; write to /data/qcks/ -# Run cat on firmware and m9kefs[123] data; write to /data/qcks/ -allow kickstart boot_block_device:blk_file { getattr read write open }; -allow kickstart kickstart_data_file:file create_file_perms; -allow kickstart kickstart_data_file:dir rw_dir_perms; -allow kickstart radio_efs_file:file r_file_perms; -allow kickstart radio_efs_file:dir search; - -# Let qcks access /dev/mdm node (modem driver) -allow kickstart radio_device:chr_file rw_file_perms; - -# Allow /dev/ttyUSB0 access -allow kickstart radio_device:chr_file { write ioctl getattr }; - -# Allow to run toolbox commands -allow kickstart shell_exec:file rx_file_perms; -# Toolbox commands for firmware dd -allow kickstart system_file:file execute_no_trans; - -# Access to /dev/block/platform/msm_sdcc.1/by-name/m9kefs2 -allow kickstart block_device:dir { getattr write search }; - -# Set system property key -allow kickstart radio_prop:property_service set; - -allow kickstart shell_exec:file entrypoint; -# ls on /data/qcks/ -allow kickstart self:capability { dac_override setuid }; - -# XXX Label sysfs files with a specific type? -allow kickstart sysfs:file rw_file_perms; - -allow kickstart unlabeled:file { setattr getattr read write open }; -allow kickstart vfat:file { getattr read open }; -allow kickstart kickstart:process { execmem }; -allow kickstart usbfs:dir { search }; -allow kickstart vfat:dir { search }; -allow kickstart log_device:chr_file { open write }; -allow kickstart rild_exec:file { getattr execute read open }; diff --git a/selinux/mediaserver.te b/selinux/mediaserver.te index 3241f66..1b2c8ba 100644 --- a/selinux/mediaserver.te +++ b/selinux/mediaserver.te @@ -1,4 +1,3 @@ -qmux_socket(mediaserver); allow mediaserver self:socket create_socket_perms; allow mediaserver { firmware_camera }:file r_file_perms; allow mediaserver firmware_camera:dir r_dir_perms; diff --git a/selinux/netmgrd.te b/selinux/netmgrd.te deleted file mode 100755 index 8b99f42..0000000 --- a/selinux/netmgrd.te +++ /dev/null @@ -1,32 +0,0 @@ -# Network utilities (radio process) -type netmgrd, domain; -type netmgrd_exec, exec_type, file_type; - -net_domain(netmgrd) -# Started by init -init_daemon_domain(netmgrd) - - -allow netmgrd self:udp_socket { create ioctl }; -# fsetid, dac_override unlink on /dev/socket/qmux_radio/qmux_client_socket -allow netmgrd self:capability { sys_module fsetid setuid setgid net_admin net_raw dac_override }; -allow netmgrd self:packet_socket { write bind read create }; -allow netmgrd self:netlink_socket { write read create bind setopt }; -allow netmgrd self:netlink_route_socket { create bind read write nlmsg_read nlmsg_write setopt getattr }; - -# Talk to qmuxd -qmux_socket(netmgrd) - -# Allow logging diagnostic items -allow netmgrd diagnostic_device:chr_file rw_file_perms; - -# /data/data_test/ access with shell -allow netmgrd shell_exec:file { execute read open execute_no_trans }; -allow netmgrd system_file:file { execute_no_trans }; - -# Talk to init over the property socket -unix_socket_connect(netmgrd, property, init) -# Set net.rmnet_usb0. values -allow netmgrd radio_prop:property_service set; - -allow netmgrd netmgrd:process { execmem }; diff --git a/selinux/qmiproxy.te b/selinux/qmiproxy.te deleted file mode 100644 index eb332c8..0000000 --- a/selinux/qmiproxy.te +++ /dev/null @@ -1,17 +0,0 @@ -type qmiproxy, domain; -type qmiproxy_exec, exec_type, file_type; - -net_domain(qmiproxy) -init_daemon_domain(qmiproxy) - -allow qmiproxy log_device:chr_file { open write }; -allow qmiproxy log_device:dir { search }; - -allow qmiproxy qmuxd_socket:dir { search write add_name }; -allow qmiproxy qmuxd_socket:sock_file { create }; -allow qmiproxy property_socket:sock_file { open write }; -allow qmiproxy init:unix_stream_socket connectto; - -allow qmiproxy radio_prop:property_service { set }; - -allow qmiproxy system_file:file { execmod }; diff --git a/selinux/qmuxd.te b/selinux/qmuxd.te deleted file mode 100644 index dfef990..0000000 --- a/selinux/qmuxd.te +++ /dev/null @@ -1,54 +0,0 @@ -type qmuxd, domain; -type qmuxd_exec, exec_type, file_type; -net_domain(qmuxd) -init_daemon_domain(qmuxd) - -userdebug_or_eng(` - domain_auto_trans(shell, qmuxd_exec, qmuxd) - domain_auto_trans(adbd, qmuxd_exec, qmuxd) -') - -#Allow qmuxd to operate on various qmux device sockets -#allow qmuxd qmux_radio_socket:dir { write add_name remove_name search }; -#allow qmuxd qmux_radio_socket:sock_file { create setattr getattr write unlink }; -#allow qmuxd qmux_audio_socket:dir { write add_name remove_name search }; -#allow qmuxd qmux_audio_socket:sock_file { create setattr getattr write unlink }; -#allow qmuxd qmux_gps_socket:dir { write add_name remove_name search }; -#allow qmuxd qmux_gps_socket:sock_file { create setattr getattr write unlink }; -#allow qmuxd qmux_bluetooth_socket:dir { write add_name remove_name search }; -#allow qmuxd qmux_bluetooth_socket:sock_file { create setattr getattr write unlink }; - -qmux_socket(qmuxd); - -#Allow logging -allow qmuxd diag_device:chr_file { rw_file_perms }; - -#Allow operation in platform specific transports -allow qmuxd smd_device:chr_file { rw_file_perms }; -allow qmuxd hsic_device:chr_file { rw_file_perms }; - -#Allow qmuxd to operate in platform specific transports -allow qmuxd sysfs_smd_open_timeout:file w_file_perms; -allow qmuxd sysfs_wake_lock:file { append open }; - -#Allow qmuxd to write in hsic specific transport -allow qmuxd sysfs:file w_file_perms; -allow qmuxd radio_device:file w_file_perms; - -allow qmuxd self:capability { setuid setgid setpcap dac_override }; - -#Allow qmuxd to have the CAP_BLOCK_SUSPEND capability -allow qmuxd qmuxd:capability2 { block_suspend }; - -allow qmuxd sysfs_esoc:dir r_dir_perms; -allow qmuxd sysfs_hsic_modem_wait:file w_file_perms; -allow qmuxd sysfs_esoc:lnk_file read; - -r_dir_file(qmuxd, sysfs_ssr); -allow qmuxd mhi_device:chr_file rw_file_perms; - -allow qmuxd qmuxd:process { execmem }; -allow qmuxd radio_device:chr_file { read write open }; -allow qmuxd log_device:chr_file { open write }; - -allow qmuxd system_file:file { execmod }; diff --git a/selinux/radio.te b/selinux/radio.te index 0ac335e..53c51f6 100644 --- a/selinux/radio.te +++ b/selinux/radio.te @@ -1,7 +1,3 @@ -# Talk to qmuxd (/dev/socket/qmux_radio) -qmux_socket(radio) ; - -allow radio secril-daemon:unix_stream_socket { connectto }; allow radio log_device:chr_file { write open }; allow radio log_device:dir { search }; allow radio system_app_data_file:dir { search }; diff --git a/selinux/rild.te b/selinux/rild.te deleted file mode 100755 index eeaeccf..0000000 --- a/selinux/rild.te +++ /dev/null @@ -1,41 +0,0 @@ -#allow rild qmux_radio_socket:dir { write remove_name search add_name }; -#allow rild qmux_radio_socket:sock_file { write create unlink setattr }; -#allow rild qmuxd:unix_stream_socket connectto; -qmux_socket(rild); -binder_use(rild) - -allow rild ssr_device:chr_file { open read }; -allow rild sysfs_esoc:dir { search read open}; -allow rild sysfs_esoc:lnk_file { read }; -allow rild sysfs_esoc:file { write }; -allow rild sysfs_ssr:dir { open search read }; -allow rild sysfs_ssr:lnk_file { read open }; - -allow rild mediaserver:binder { transfer call }; - -#allow rild diag_device:chr_file { open read write }; -allow rild rild_socket:chr_file { open read write }; - -allow rild sysfs_ssr:dir r_dir_perms; -allow rild sysfs_ssr:lnk_file read; -allow rild system_data_file:dir w_dir_perms; -#allow rild system_data_file:file create_file_perms; -#allow rild time_daemon:unix_stream_socket connectto; - -allow rild rild:process execmem; -allow rild diagnostic_device:chr_file { read write open }; -allow rild radio_data_file:dir { setattr }; -allow rild init:unix_stream_socket { read write }; -allow rild proc_net:file { write }; - -allow rild log_device:chr_file { open }; -allow rild log_device:chr_file write; -allow rild self:capability dac_override; - -allow rild unlabeled:dir { search }; -allow rild unlabeled:file { open read getattr }; - -allow rild at_distributor:dir { search }; -allow rild at_distributor:file { read open getattr }; - -allow rild system_file:file { execmod }; diff --git a/selinux/secril.te b/selinux/secril.te deleted file mode 100644 index 0681aa4..0000000 --- a/selinux/secril.te +++ /dev/null @@ -1,37 +0,0 @@ -# sec-ril -type secril-daemon, domain; -type secril-daemon_exec, exec_type, file_type; - -# Start /system/bin/sec-ril from init -init_daemon_domain(secril-daemon) - -allow secril-daemon secril-daemon_exec:file { open execute_no_trans getattr }; -allow secril-daemon self:udp_socket { create ioctl }; -unix_socket_connect(secril-daemon, property, init) -unix_socket_connect(secril-daemon, rild, rild) - -allow secril-daemon { efs_file }:file rw_file_perms; -allow secril-daemon system_data_file:dir create_dir_perms; -# allow secril-daemon system_data_file:file unlink; -allow secril-daemon radio_data_file:file { create_file_perms }; -allow secril-daemon self:capability { sys_module fsetid setuid setgid net_admin net_raw dac_override }; -allow secril-daemon system_file:file x_file_perms; -allow secril-daemon sysfs:file rw_file_perms; -allow secril-daemon shell_exec:file rx_file_perms; -allow secril-daemon app_data_file:file rw_file_perms; -allow secril-daemon app_data_file:dir search; -allow secril-daemon zygote_exec:file rx_file_perms; -allow secril-daemon ashmem_device:chr_file x_file_perms; - -allow secril-daemon secril-daemon:process { execmem }; -allow secril-daemon unlabeled:dir { search }; -allow secril-daemon radio_prop:property_service { set }; -allow secril-daemon sysfs_wake_lock:file { read write open }; -allow secril-daemon unlabeled:file { read open getattr setattr }; -#allow secril-daemon system_file:file { entrypoint }; -allow secril-daemon radio_data_file:dir { search write add_name read open remove_name }; -allow secril-daemon efs_file:dir { search }; -allow secril-daemon rild_exec:file { entrypoint read }; -allow secril-daemon qmuxd_socket:dir { write add_name remove_name search }; -allow secril-daemon qmuxd_socket:sock_file { create setattr unlink }; - diff --git a/selinux/servicemanager.te b/selinux/servicemanager.te index a9d669c..2694903 100644 --- a/selinux/servicemanager.te +++ b/selinux/servicemanager.te @@ -1,6 +1,3 @@ -allow servicemanager rild:dir search; -allow servicemanager rild:file r_file_perms; -allow servicemanager rild:process getattr; allow servicemanager zygote:dir { search read open getattr }; allow servicemanager zygote:file { read open }; allow servicemanager zygote:process { getattr }; diff --git a/selinux/system.te b/selinux/system.te index 1160fd7..29fe0ff 100755 --- a/selinux/system.te +++ b/selinux/system.te @@ -1,6 +1,3 @@ -# Talk to qmuxd -qmux_socket(system_server) - allow system_server diagnostic_device:chr_file rw_file_perms; allow system_server sensors_device:chr_file { read open }; allow system_server sensors_data_file:file r_file_perms; @@ -8,4 +5,4 @@ allow system_server wpa_socket:unix_dgram_socket sendto; allow system_app volume_data_file:file { read write open getattr }; allow system_server sysfs:file { read open write }; -allow system_server self:capability { sys_module };
\ No newline at end of file +allow system_server self:capability { sys_module }; diff --git a/selinux/te_macros b/selinux/te_macros index 8378501..e69de29 100755 --- a/selinux/te_macros +++ b/selinux/te_macros @@ -1,13 +0,0 @@ -##################################### -# qmux_socket(clientdomain) -# Allow client domain to connecto and send -# via a local socket to the qmux domain. -# Also allow the client domain to remove -# its own socket. -define(`qmux_socket', ` -allow $1 qmuxd_socket:dir create_dir_perms; -unix_socket_connect($1, qmuxd, qmuxd) -allow $1 qmuxd_socket:sock_file { read getattr write setattr create unlink }; -') - - diff --git a/selinux/wpa.te b/selinux/wpa.te index d4b06c7..a209706 100644 --- a/selinux/wpa.te +++ b/selinux/wpa.te @@ -1,5 +1,4 @@ allow wpa persist_file:dir search; -qmux_socket(wpa); allow wpa self:socket create_socket_perms; allow wpa smem_log_device:chr_file rw_file_perms; diff --git a/system.prop b/system.prop index 141ca72..3754f1e 100644 --- a/system.prop +++ b/system.prop @@ -2,12 +2,6 @@ # system.prop for t0lte # -rild.libpath=/system/lib/libsec-ril.so -rild.libargs=-d /dev/ttyS0 -ro.telephony.default_network=9 -telephony.lteOnGsmDevice=1 -ro.ril.telephony.mqanelements=6 - ro.sf.lcd_density=320 ro.lcd_min_brightness=20 |