diff options
Diffstat (limited to 'common/sepolicy')
| -rw-r--r-- | common/sepolicy/bootanim.te | 4 | ||||
| -rw-r--r-- | common/sepolicy/device.te | 6 | ||||
| -rw-r--r-- | common/sepolicy/domain.te | 9 | ||||
| -rw-r--r-- | common/sepolicy/file.te | 2 | ||||
| -rw-r--r-- | common/sepolicy/file_contexts | 19 | ||||
| -rw-r--r-- | common/sepolicy/goldfish_setup.te | 29 | ||||
| -rw-r--r-- | common/sepolicy/hal_gnss_default.te | 3 | ||||
| -rw-r--r-- | common/sepolicy/hal_graphics_composer_default.te | 3 | ||||
| -rw-r--r-- | common/sepolicy/init.te | 1 | ||||
| -rw-r--r-- | common/sepolicy/logpersist.te | 13 | ||||
| -rw-r--r-- | common/sepolicy/netd.te | 1 | ||||
| -rw-r--r-- | common/sepolicy/property.te | 8 | ||||
| -rw-r--r-- | common/sepolicy/property_contexts | 6 | ||||
| -rw-r--r-- | common/sepolicy/qemu_props.te | 12 | ||||
| -rw-r--r-- | common/sepolicy/qemud.te | 8 | ||||
| -rw-r--r-- | common/sepolicy/rild.te | 1 | ||||
| -rw-r--r-- | common/sepolicy/shell.te | 1 | ||||
| -rw-r--r-- | common/sepolicy/surfaceflinger.te | 4 | ||||
| -rw-r--r-- | common/sepolicy/system_app.te | 1 | ||||
| -rw-r--r-- | common/sepolicy/system_server.te | 6 | ||||
| -rw-r--r-- | common/sepolicy/zygote.te | 1 |
21 files changed, 1 insertions, 137 deletions
diff --git a/common/sepolicy/bootanim.te b/common/sepolicy/bootanim.te deleted file mode 100644 index b4b1eef..0000000 --- a/common/sepolicy/bootanim.te +++ /dev/null @@ -1,4 +0,0 @@ -allow bootanim self:process execmem; -allow bootanim ashmem_device:chr_file execute; - -set_prop(bootanim, qemu_prop) diff --git a/common/sepolicy/device.te b/common/sepolicy/device.te deleted file mode 100644 index 1fef2c2..0000000 --- a/common/sepolicy/device.te +++ /dev/null @@ -1,6 +0,0 @@ -type qemu_device, dev_type, mlstrustedobject; - -#device type for gss device nodes, ie /dev/gss -type gss_device, dev_type; -type persist_block_device, dev_type; -type sw_sync_device, dev_type; diff --git a/common/sepolicy/domain.te b/common/sepolicy/domain.te deleted file mode 100644 index c5bb959..0000000 --- a/common/sepolicy/domain.te +++ /dev/null @@ -1,9 +0,0 @@ -# Ignore personality-8 denials. -dontaudit domain kernel:system module_request; - -# For /sys/qemu_trace files in the emulator. -allow domain sysfs_writable:dir search; -allow domain sysfs_writable:file rw_file_perms; -allow domain qemu_device:chr_file rw_file_perms; - -get_prop(domain, qemu_prop) diff --git a/common/sepolicy/file.te b/common/sepolicy/file.te deleted file mode 100644 index 9227f80..0000000 --- a/common/sepolicy/file.te +++ /dev/null @@ -1,2 +0,0 @@ -type qemud_socket, file_type; -type sysfs_writable, fs_type, sysfs_type, mlstrustedobject; diff --git a/common/sepolicy/file_contexts b/common/sepolicy/file_contexts index 37eb40d..dbb988b 100644 --- a/common/sepolicy/file_contexts +++ b/common/sepolicy/file_contexts @@ -1,18 +1 @@ - - -# goldfish -/dev/block/mtdblock0 u:object_r:system_block_device:s0 -/dev/block/mtdblock1 u:object_r:userdata_block_device:s0 -/dev/block/mtdblock2 u:object_r:cache_block_device:s0 - -# ranchu -/dev/block/vda u:object_r:system_block_device:s0 -/dev/block/vdb u:object_r:cache_block_device:s0 -/dev/block/vdc u:object_r:userdata_block_device:s0 - -/dev/goldfish_pipe u:object_r:qemu_device:s0 -/dev/qemu_.* u:object_r:qemu_device:s0 -/dev/socket/qemud u:object_r:qemud_socket:s0 -/dev/ttyGF[0-9]* u:object_r:serial_device:s0 -/dev/ttyS2 u:object_r:console_device:s0 -/system/bin/qemud u:object_r:qemud_exec:s0 +/(vendor|system/vendor)/bin/hw/android.hardware.automotive.vehicle@2.0-service u:object_r:hal_vehicle_default_exec:s0 diff --git a/common/sepolicy/goldfish_setup.te b/common/sepolicy/goldfish_setup.te deleted file mode 100644 index 78d20fc..0000000 --- a/common/sepolicy/goldfish_setup.te +++ /dev/null @@ -1,29 +0,0 @@ -# goldfish-setup service: runs init.goldfish.sh script -type goldfish_setup, domain; -type goldfish_setup_exec, exec_type, file_type; - -init_daemon_domain(goldfish_setup) - -# Inherit open file to shell (interpreter) for script. -allow goldfish_setup shell_exec:file rx_file_perms; - -# Run ifconfig, route commands to configure interfaces and routes. -allow goldfish_setup system_file:file execute_no_trans; -allow goldfish_setup toolbox_exec:file rx_file_perms; -allow goldfish_setup self:capability { net_admin net_raw }; -allow goldfish_setup self:udp_socket create_socket_perms; -allowxperm goldfish_setup self:udp_socket ioctl priv_sock_ioctls; - -wakelock_use(goldfish_setup) -net_domain(goldfish_setup) - -# Set net.eth0.dns*, debug.sf.nobootanimation -set_prop(goldfish_setup, system_prop) -set_prop(goldfish_setup, debug_prop) - -# Set ro.radio.noril -set_prop(goldfish_setup, radio_noril_prop) - -# Stop ril-daemon service (by setting ctl.stop to ril-daemon, which -# transforms to a permission check on ctl.ril-daemon). -set_prop(goldfish_setup, ctl_rildaemon_prop) diff --git a/common/sepolicy/hal_gnss_default.te b/common/sepolicy/hal_gnss_default.te deleted file mode 100644 index 0dd3d03..0000000 --- a/common/sepolicy/hal_gnss_default.te +++ /dev/null @@ -1,3 +0,0 @@ -#============= hal_gnss_default ============== -allow hal_gnss_default vndbinder_device:chr_file { ioctl open read write }; - diff --git a/common/sepolicy/hal_graphics_composer_default.te b/common/sepolicy/hal_graphics_composer_default.te deleted file mode 100644 index 034bdef..0000000 --- a/common/sepolicy/hal_graphics_composer_default.te +++ /dev/null @@ -1,3 +0,0 @@ -#============= hal_graphics_composer_default ============== -allow hal_graphics_composer_default vndbinder_device:chr_file { ioctl open read write }; - diff --git a/common/sepolicy/init.te b/common/sepolicy/init.te deleted file mode 100644 index 3aa81d1..0000000 --- a/common/sepolicy/init.te +++ /dev/null @@ -1 +0,0 @@ -allow init tmpfs:lnk_file create_file_perms; diff --git a/common/sepolicy/logpersist.te b/common/sepolicy/logpersist.te deleted file mode 100644 index 3fc0250..0000000 --- a/common/sepolicy/logpersist.te +++ /dev/null @@ -1,13 +0,0 @@ -# goldfish logcat service: runs logcat -Q in logpersist domain - -# See global logcat.te/logpersist.te, only set for eng & userdebug, -# allow for all builds in a non-conflicting manner. - -domain_auto_trans(init, logcat_exec, logpersist) - -# Read from logd. -unix_socket_connect(logpersist, logdr, logd) - -# Write to /dev/ttyS2 and /dev/ttyGF2. -allow logpersist serial_device:chr_file { write open }; -get_prop(logpersist, qemu_cmdline) diff --git a/common/sepolicy/netd.te b/common/sepolicy/netd.te deleted file mode 100644 index 2b002ec..0000000 --- a/common/sepolicy/netd.te +++ /dev/null @@ -1 +0,0 @@ -dontaudit netd self:capability sys_module; diff --git a/common/sepolicy/property.te b/common/sepolicy/property.te deleted file mode 100644 index 04c5bc1..0000000 --- a/common/sepolicy/property.te +++ /dev/null @@ -1,8 +0,0 @@ -type qemu_prop, property_type; -type qemu_cmdline, property_type; -type radio_noril_prop, property_type; - -# opengles_prop is removed because it conflicts with car_product -# TODO If this is resolved, then most of the copied sepolicy can be removed -# in favor of using device/goldfish/sepolicy. -# type opengles_prop, property_type; diff --git a/common/sepolicy/property_contexts b/common/sepolicy/property_contexts deleted file mode 100644 index c66a85f..0000000 --- a/common/sepolicy/property_contexts +++ /dev/null @@ -1,6 +0,0 @@ -qemu. u:object_r:qemu_prop:s0 -qemu.cmdline u:object_r:qemu_cmdline:s0 -ro.emu. u:object_r:qemu_prop:s0 -ro.emulator. u:object_r:qemu_prop:s0 -ro.radio.noril u:object_r:radio_noril_prop:s0 -ro.opengles. u:object_r:opengles_prop:s0 diff --git a/common/sepolicy/qemu_props.te b/common/sepolicy/qemu_props.te deleted file mode 100644 index d5571fd..0000000 --- a/common/sepolicy/qemu_props.te +++ /dev/null @@ -1,12 +0,0 @@ -# qemu-props service: Sets system properties on boot. -type qemu_props, domain; -type qemu_props_exec, exec_type, file_type; - -init_daemon_domain(qemu_props) - -# Set properties. -set_prop(qemu_props, qemu_prop) -set_prop(qemu_props, dalvik_prop) -set_prop(qemu_props, config_prop) -set_prop(qemu_props, opengles_prop) -set_prop(qemu_props, qemu_cmdline) diff --git a/common/sepolicy/qemud.te b/common/sepolicy/qemud.te deleted file mode 100644 index eee21c4..0000000 --- a/common/sepolicy/qemud.te +++ /dev/null @@ -1,8 +0,0 @@ -# qemu support daemon -type qemud, domain; -type qemud_exec, exec_type, file_type; - -init_daemon_domain(qemud) - -# Access /dev/ttyS1 and /dev/ttyGF1. -allow qemud serial_device:chr_file rw_file_perms; diff --git a/common/sepolicy/rild.te b/common/sepolicy/rild.te deleted file mode 100644 index e148b6c..0000000 --- a/common/sepolicy/rild.te +++ /dev/null @@ -1 +0,0 @@ -unix_socket_connect(rild, qemud, qemud) diff --git a/common/sepolicy/shell.te b/common/sepolicy/shell.te deleted file mode 100644 index b246d7e..0000000 --- a/common/sepolicy/shell.te +++ /dev/null @@ -1 +0,0 @@ -allow shell serial_device:chr_file rw_file_perms; diff --git a/common/sepolicy/surfaceflinger.te b/common/sepolicy/surfaceflinger.te deleted file mode 100644 index e03d07e..0000000 --- a/common/sepolicy/surfaceflinger.te +++ /dev/null @@ -1,4 +0,0 @@ -allow surfaceflinger self:process execmem; -allow surfaceflinger ashmem_device:chr_file execute; - -set_prop(surfaceflinger, qemu_prop) diff --git a/common/sepolicy/system_app.te b/common/sepolicy/system_app.te index 9b861d6..b09239c 100644 --- a/common/sepolicy/system_app.te +++ b/common/sepolicy/system_app.te @@ -1,2 +1 @@ allow system_app hal_vehicle_hwservice:hwservice_manager find; -allow system_app proc_stat:file {read open}; diff --git a/common/sepolicy/system_server.te b/common/sepolicy/system_server.te deleted file mode 100644 index 7aab33e..0000000 --- a/common/sepolicy/system_server.te +++ /dev/null @@ -1,6 +0,0 @@ -unix_socket_connect(system_server, qemud, qemud) -get_prop(system_server, opengles_prop) -get_prop(system_server, radio_noril_prop) - -# For gss -allow system_server gss_device:chr_file rw_file_perms; diff --git a/common/sepolicy/zygote.te b/common/sepolicy/zygote.te deleted file mode 100644 index a90f02b..0000000 --- a/common/sepolicy/zygote.te +++ /dev/null @@ -1 +0,0 @@ -set_prop(zygote, qemu_prop) |