diff options
| author | Michael Bestas <mkbestas@lineageos.org> | 2017-08-08 21:18:48 +0300 |
|---|---|---|
| committer | Michael Bestas <mkbestas@lineageos.org> | 2018-01-21 18:46:50 +0000 |
| commit | fc211fc888a0ab1ad965e503c761691ddcebc1e2 (patch) | |
| tree | 9aafa342856ec2caf9090b1fb1719488bc003392 | |
| parent | 6a968152fa776d52f95a5b95985d39c289102d4e (diff) | |
| download | android_device_qcom_sepolicy-legacy-fc211fc888a0ab1ad965e503c761691ddcebc1e2.tar.gz android_device_qcom_sepolicy-legacy-fc211fc888a0ab1ad965e503c761691ddcebc1e2.tar.bz2 android_device_qcom_sepolicy-legacy-fc211fc888a0ab1ad965e503c761691ddcebc1e2.zip | |
Use set_prop() macro for property sets
Change-Id: Id67a05f8ed718cad5856613c2700f4ce1e404cf0
| -rw-r--r-- | apq8084/qca1530.te | 4 | ||||
| -rw-r--r-- | apq8098_latv/init_shell.te | 2 | ||||
| -rw-r--r-- | common/bluetooth.te | 2 | ||||
| -rw-r--r-- | common/fidodaemon.te | 3 | ||||
| -rw-r--r-- | common/location.te | 2 | ||||
| -rwxr-xr-x | common/mediaserver.te | 2 | ||||
| -rw-r--r-- | common/netd.te | 2 | ||||
| -rw-r--r-- | common/nqnfcinfo.te | 2 | ||||
| -rw-r--r-- | common/qcomsysd.te | 2 | ||||
| -rw-r--r-- | common/qseecomd.te | 3 | ||||
| -rw-r--r-- | common/qseeproxy.te | 3 | ||||
| -rw-r--r-- | common/qti_logkit_app.te | 2 | ||||
| -rw-r--r-- | common/recovery.te | 6 | ||||
| -rwxr-xr-x | common/system_app.te | 13 | ||||
| -rw-r--r-- | common/system_server.te | 16 | ||||
| -rw-r--r-- | common/wcnss_filter.te | 2 | ||||
| -rw-r--r-- | common/wifi_ftmd.te | 3 | ||||
| -rw-r--r-- | common/zygote.te | 4 | ||||
| -rw-r--r-- | msm8916/init_shell.te | 4 | ||||
| -rw-r--r-- | msm8952/init_shell.te | 6 | ||||
| -rw-r--r-- | msm8953/init_shell.te | 4 | ||||
| -rw-r--r-- | msm8960/init_shell.te | 4 | ||||
| -rw-r--r-- | msm8996/init_shell.te | 2 | ||||
| -rw-r--r-- | msm8998/init_shell.te | 2 | ||||
| -rw-r--r-- | msmpeafowl/init_shell.te | 4 | ||||
| -rw-r--r-- | private/wfdservice.te | 3 | ||||
| -rw-r--r-- | sdm670/init_shell.te | 4 | ||||
| -rw-r--r-- | test/fidotest.te | 3 | ||||
| -rw-r--r-- | test/qseeproxysample.te | 3 |
29 files changed, 39 insertions, 73 deletions
diff --git a/apq8084/qca1530.te b/apq8084/qca1530.te index 470f805..adf3a30 100644 --- a/apq8084/qca1530.te +++ b/apq8084/qca1530.te @@ -37,7 +37,6 @@ userdebug_or_eng(` qmux_socket(qca1530) wakelock_use(qca1530) -unix_socket_connect(qca1530, property, init) # need to access sharemem log device for smem logs allow qca1530 smem_log_device:chr_file rw_file_perms; @@ -69,7 +68,8 @@ allow qca1530 system_file:file x_file_perms; #Setting sys.qca1530 property in QCA1530 detect service #Setting system default properties on start command to system server -allow qca1530 { qca1530_prop ctl_default_prop }:property_service set; +set_prop(qca1530, qca1530_prop) +set_prop(qca1530, ctl_default_prop) # Access to serial port conncting to QCA1530 chip allow qca1530 serial_device:chr_file rw_file_perms; diff --git a/apq8098_latv/init_shell.te b/apq8098_latv/init_shell.te index 32fe177..77a8fbb 100644 --- a/apq8098_latv/init_shell.te +++ b/apq8098_latv/init_shell.te @@ -30,7 +30,7 @@ allow qti_init_shell regionalization_file:dir r_dir_perms; allow qti_init_shell regionalization_file:file create_file_perms; # For VR -allow qti_init_shell ctl_qvrd_prop:property_service set; +set_prop(qti_init_shell, ctl_qvrd_prop) allow qti_init_shell sysfs_cpu_boost:dir r_dir_perms; allow qti_init_shell sysfs_cpu_boost:file rw_file_perms; allow qti_init_shell sysfs_devfreq:lnk_file r_file_perms; diff --git a/common/bluetooth.te b/common/bluetooth.te index ea6a0eb..aa9f0fe 100644 --- a/common/bluetooth.te +++ b/common/bluetooth.te @@ -11,7 +11,7 @@ type btnvtool_exec, exec_type, vendor_file_type, file_type; type fmhal_service, bluetoothdomain; type fmhal_service_exec, exec_type, vendor_file_type, file_type; -allow bluetooth bluetooth_prop:property_service set; +set_prop(bluetooth, bluetooth_prop) allow bluetooth sysfs_bluetooth_writable:file w_file_perms; #Access to /data/media diff --git a/common/fidodaemon.te b/common/fidodaemon.te index 79fb151..a8f754d 100644 --- a/common/fidodaemon.te +++ b/common/fidodaemon.te @@ -17,9 +17,6 @@ binder_call(fidodaemon, system_app) #Allow fidodaemon to be registered with service manager allow fidodaemon fidodaemon_service:service_manager add; -#Allow communication with init over property server -unix_socket_connect(fidodaemon, property, init); - #Allow access to tee device allow fidodaemon tee_device:chr_file rw_file_perms; diff --git a/common/location.te b/common/location.te index 27d405b..c669a36 100644 --- a/common/location.te +++ b/common/location.te @@ -71,7 +71,7 @@ allow location persist_file:dir r_dir_perms; netmgr_socket(location); #Allow access to properties -set_prop(location, location_prop); +set_prop(location, location_prop) #diag userdebug_or_eng(` diff --git a/common/mediaserver.te b/common/mediaserver.te index 316b8e8..1108551 100755 --- a/common/mediaserver.te +++ b/common/mediaserver.te @@ -49,7 +49,7 @@ allow mediaserver audio_pp_data_file:dir rw_dir_perms; allow mediaserver audio_pp_data_file:file create_file_perms; #Allow mediaserver to set camera properties -allow mediaserver camera_prop:property_service set; +set_prop(mediaserver, camera_prop) #Allow mediaserver access mmi_data_file allow mediaserver mmi_data_file:file r_file_perms; diff --git a/common/netd.te b/common/netd.te index bdf4604..f1df8f3 100644 --- a/common/netd.te +++ b/common/netd.te @@ -16,7 +16,7 @@ hal_client_domain(netd, wifidisplayhalservice); allowxperm netd self: { unix_stream_socket } ioctl priv_sock_ioctls; # needed for netd to start FST Manager via system property -allow netd netd_prop:property_service set; +set_prop(netd, netd_prop) allow netd self:capability fsetid; #allow netd hostapd:unix_dgram_socket sendto; diff --git a/common/nqnfcinfo.te b/common/nqnfcinfo.te index 814b2f5..fb5a607 100644 --- a/common/nqnfcinfo.te +++ b/common/nqnfcinfo.te @@ -33,7 +33,7 @@ init_daemon_domain(nqnfcinfo) r_dir_file(nqnfcinfo, sysfs_socinfo); -set_prop(nqnfcinfo, nfc_nq_prop); +set_prop(nqnfcinfo, nfc_nq_prop) # Access device nodes inside /dev/nq-nci allow nqnfcinfo nfc_device:chr_file rw_file_perms; diff --git a/common/qcomsysd.te b/common/qcomsysd.te index 50f78f4..6439106 100644 --- a/common/qcomsysd.te +++ b/common/qcomsysd.te @@ -21,7 +21,7 @@ allow qcomsysd sysfs_socinfo:file w_file_perms; allow qcomsysd self:capability { dac_override sys_boot }; use_per_mgr(qcomsysd); #allow qcomsysd access boot mode switch -set_prop(qcomsysd, boot_mode_prop); +set_prop(qcomsysd, boot_mode_prop) #diag userdebug_or_eng(` diff --git a/common/qseecomd.te b/common/qseecomd.te index abae92a..48489ad 100644 --- a/common/qseecomd.te +++ b/common/qseecomd.te @@ -59,9 +59,6 @@ allow tee sysfs_securetouch:file rw_file_perms; binder_call(tee, surfaceflinger) #binder_use(tee) -#allow tee system_app:unix_dgram_socket sendto; -unix_socket_connect(tee, property, init) - set_prop(tee, system_prop); diff --git a/common/qseeproxy.te b/common/qseeproxy.te index bbefcf0..fc99e37 100644 --- a/common/qseeproxy.te +++ b/common/qseeproxy.te @@ -46,9 +46,6 @@ allow qseeproxy qseeproxy_service:service_manager add; #Allow qseeproxy to use system_server via binder to check caller identity binder_call(qseeproxy, system_server) -#Allow communication with init over property server -unix_socket_connect(qseeproxy, property, init); - #Allow access to tee device allow qseeproxy tee_device:chr_file rw_file_perms; diff --git a/common/qti_logkit_app.te b/common/qti_logkit_app.te index 8aed588..da18fd5 100644 --- a/common/qti_logkit_app.te +++ b/common/qti_logkit_app.te @@ -74,7 +74,7 @@ allow qti_logkit_app qti_logkit_pub_data_file:file create_file_perms; allow qti_logkit_app wcnss_service_exec:file rx_file_perms; # bugreport -allow qti_logkit_app ctl_dumpstate_prop:property_service set; +set_prop(qti_logkit_app, ctl_dumpstate_prop) unix_socket_connect(qti_logkit_app, dumpstate, dumpstate) # ANR diff --git a/common/recovery.te b/common/recovery.te index b1a06a5..4a5bc2f 100644 --- a/common/recovery.te +++ b/common/recovery.te @@ -22,7 +22,7 @@ recovery_only(` # Enable adb on configfs devices allow recovery configfs:file rw_file_perms; allow recovery configfs:dir rw_dir_perms; - set_prop(recovery, ffs_prop); - get_prop(recovery, sys_usb_controller_prop); - get_prop(recovery, boot_mode_prop); + set_prop(recovery, ffs_prop) + get_prop(recovery, sys_usb_controller_prop) + get_prop(recovery, boot_mode_prop) ') diff --git a/common/system_app.te b/common/system_app.te index 849ec7f..3f9eacc 100755 --- a/common/system_app.te +++ b/common/system_app.te @@ -28,11 +28,9 @@ r_dir_file(system_app, fm_data_file); r_dir_file(system_app, bluetooth_data_file); r_dir_file(system_app, bt_firmware_file); -allow system_app { - ctl_default_prop - fm_prop - usf_prop -}:property_service set; +set_prop(system_app, ctl_default_prop) +set_prop(system_app, fm_prop) +set_prop(system_app, usf_prop) allow system_app { atfwd_service @@ -84,7 +82,7 @@ allow system_app usf_data_file:{ file lnk_file } create_file_perms; hal_client_domain(system_app, hal_hbtp) #access to wifi_ftmd -allow system_app wififtmd_prop:property_service set; +set_prop(system_app, wififtmd_prop) #unix_socket_send(system_app, wififtmd, wifi_ftmd) # allow system_app to interact with dtseagleservice @@ -142,7 +140,7 @@ allow system_app qti_logkit_priv_socket:dir r_dir_perms; allow system_app wcnss_service_exec:file rx_file_perms; # bugreport -allow system_app ctl_dumpstate_prop:property_service set; +set_prop(system_app, ctl_dumpstate_prop) unix_socket_connect(system_app, dumpstate, dumpstate) # allow gba auth service to add itself as system service @@ -221,7 +219,6 @@ allow system_app self:socket ioctl; #allow system app to interact with the esepowermanager hal_client_domain(system_app, hal_esepowermanager) -allow system_app fm_prop:file r_file_perms; allow system_app vendor_radio_data_file:dir rw_dir_perms; allow system_app vendor_radio_data_file:file create_file_perms; diff --git a/common/system_server.te b/common/system_server.te index daf8e56..31eff2c 100644 --- a/common/system_server.te +++ b/common/system_server.te @@ -35,12 +35,10 @@ allow system_server { allow system_server qtitetherservice_service:service_manager find; #For ANT tty communication and to set wc_transport prop -allow system_server { - bluetooth_prop - usf_prop - alarm_handled_prop - alarm_instance_prop -}:property_service set; +set_prop(system_server, bluetooth_prop) +set_prop(system_server, usf_prop) +set_prop(system_server, alarm_handled_prop) +set_prop(system_server, alarm_instance_prop) # required for ANT App to connectto wcnss_filter sockets allow system_server bluetooth:unix_stream_socket connectto; @@ -64,7 +62,7 @@ allow system_server location_data_file:dir create_dir_perms; allow system_server { location_app_data_file mdtp_svc_app_data_file } :file rw_file_perms; allow system_server { location_app_data_file mdtp_svc_app_data_file } :dir r_dir_perms; #allow system_server location_socket:sock_file create_file_perms; -allow system_server location_prop:property_service set; +set_prop(system_server, location_prop) #For wifistatemachine allow system_server kernel:key search; @@ -136,13 +134,13 @@ binder_call(system_server, fps_hal) allow system_server iqfp_service:service_manager find; # For shutdown animation -allow system_server ctl_bootanim_prop:property_service set; +set_prop(system_server, ctl_bootanim_prop) # allow tethering to access dhcp leases r_dir_file(system_server, dhcp_data_file) # Allow system server to access fst,wigig system properties -allow system_server fst_prop:property_service set; +set_prop(system_server, fst_prop) get_prop(system_server, fst_prop); set_prop(system_server, wigig_prop); diff --git a/common/wcnss_filter.te b/common/wcnss_filter.te index 14d98ee..9ad8305 100644 --- a/common/wcnss_filter.te +++ b/common/wcnss_filter.te @@ -41,7 +41,7 @@ allow wcnss_filter { #wakelock policy wakelock_use(wcnss_filter); -set_prop(wcnss_filter, bluetooth_prop); +set_prop(wcnss_filter, bluetooth_prop) #For bluetooth firmware r_dir_file(wcnss_filter, bt_firmware_file) diff --git a/common/wifi_ftmd.te b/common/wifi_ftmd.te index c2592fb..10c4457 100644 --- a/common/wifi_ftmd.te +++ b/common/wifi_ftmd.te @@ -31,6 +31,5 @@ init_daemon_domain(wifi_ftmd) net_domain(wifi_ftmd) -set_prop(wifi_ftmd,wififtmd_prop); +set_prop(wifi_ftmd, wififtmd_prop) allow wifi_ftmd self:capability net_admin; -allow wifi_ftmd wififtmd_prop:property_service set; diff --git a/common/zygote.te b/common/zygote.te index bd5ee78..6c9873b 100644 --- a/common/zygote.te +++ b/common/zygote.te @@ -28,5 +28,7 @@ allow zygote debug_gralloc_prop:file r_file_perms; allow zygote sf_lcd_density_prop:file r_file_perms; # persist.service.bdroid.bdaddr hw.cabl.level -allow zygote { bluetooth_prop ppd_prop system_prop } :property_service set; +#set_prop(zygote, bluetooth_prop) +set_prop(zygote, ppd_prop) +set_prop(zygote, system_prop) set_prop(zygote, qemu_gles_prop) diff --git a/msm8916/init_shell.te b/msm8916/init_shell.te index fe54e55..ccb1787 100644 --- a/msm8916/init_shell.te +++ b/msm8916/init_shell.te @@ -27,6 +27,4 @@ # media_codecs_eld_prop - to choose target specific media_codecs.xml # media_settings_xml_prop - to choose target specific media_profiles.xml -allow qti_init_shell { - media_msm8939hw_prop -}:property_service set; +set_prop(qti_init_shell, media_msm8939hw_prop) diff --git a/msm8952/init_shell.te b/msm8952/init_shell.te index 1ff9180..4e58fcd 100644 --- a/msm8952/init_shell.te +++ b/msm8952/init_shell.te @@ -28,10 +28,8 @@ # media_codecs_eld_prop - to choose target specific media_codecs.xml # media_settings_xml_prop - to choose target specific media_profiles.xml # media_msm8956_version_prop - to choose target version specific media_codecs.xml -allow qti_init_shell { - media_msm8956hw_prop - media_msm8956_version_prop -}:property_service set; +set_prop(qti_init_shell, media_msm8956hw_prop) +set_prop(qti_init_shell, media_msm8956_version_prop) # For regionalization allow qti_init_shell regionalization_file:dir r_dir_perms; diff --git a/msm8953/init_shell.te b/msm8953/init_shell.te index c18e747..4e46f08 100644 --- a/msm8953/init_shell.te +++ b/msm8953/init_shell.te @@ -28,9 +28,7 @@ # media_codecs_eld_prop - to choose target specific media_codecs.xml # media_settings_xml_prop - to choose target specific media_profiles.xml # media_msm8956_version_prop - to choose target version specific media_codecs.xml -allow qti_init_shell { - media_msm8953_version_prop -}:property_service set; +set_prop(qti_init_shell, media_msm8953_version_prop) # For regionalization allow qti_init_shell regionalization_file:dir r_dir_perms; diff --git a/msm8960/init_shell.te b/msm8960/init_shell.te index a58c8b6..4136ff3 100644 --- a/msm8960/init_shell.te +++ b/msm8960/init_shell.te @@ -27,6 +27,4 @@ #For property starting with hw #ctl_thermal-engine_prop - for access the thermal-engine -allow qti_init_shell { - ctl_thermal-engine_prop -}:property_service set; +set_prop(qti_init_shell, ctl_thermal-engine_prop) diff --git a/msm8996/init_shell.te b/msm8996/init_shell.te index 5546fa1..e2995e5 100644 --- a/msm8996/init_shell.te +++ b/msm8996/init_shell.te @@ -25,4 +25,4 @@ # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -allow qti_init_shell ctl_qvrd_prop:property_service set; +set_prop(qti_init_shell, ctl_qvrd_prop) diff --git a/msm8998/init_shell.te b/msm8998/init_shell.te index ef74769..70f12d9 100644 --- a/msm8998/init_shell.te +++ b/msm8998/init_shell.te @@ -30,4 +30,4 @@ allow qti_init_shell regionalization_file:dir r_dir_perms; allow qti_init_shell regionalization_file:file create_file_perms; # For VR -allow qti_init_shell ctl_qvrd_prop:property_service set; +set_prop(qti_init_shell, ctl_qvrd_prop) diff --git a/msmpeafowl/init_shell.te b/msmpeafowl/init_shell.te index 0f51127..42d6007 100644 --- a/msmpeafowl/init_shell.te +++ b/msmpeafowl/init_shell.te @@ -26,6 +26,4 @@ # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # media_sdm670_version_prop - to choose target version specific media_codecs.xml -allow qti_init_shell { - media_sdm670_version_prop -}:property_service set; +set_prop(qti_init_shell, media_sdm670_version_prop) diff --git a/private/wfdservice.te b/private/wfdservice.te index 026b8c3..78c1d5d 100644 --- a/private/wfdservice.te +++ b/private/wfdservice.te @@ -68,9 +68,6 @@ allow wfdservice graphics_device:chr_file rw_file_perms; #Allow access to encoder for YUV statistics allow wfdservice gpu_device:chr_file rw_file_perms; -#Allow communication with init over property server -unix_socket_connect(wfdservice, property, init); - #Allow access to /dev/video/* devices for encoding/decoding allow wfdservice video_device:chr_file rw_file_perms; allow wfdservice video_device:dir r_dir_perms; diff --git a/sdm670/init_shell.te b/sdm670/init_shell.te index 0f51127..42d6007 100644 --- a/sdm670/init_shell.te +++ b/sdm670/init_shell.te @@ -26,6 +26,4 @@ # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # media_sdm670_version_prop - to choose target version specific media_codecs.xml -allow qti_init_shell { - media_sdm670_version_prop -}:property_service set; +set_prop(qti_init_shell, media_sdm670_version_prop) diff --git a/test/fidotest.te b/test/fidotest.te index a331dca..d0adb00 100644 --- a/test/fidotest.te +++ b/test/fidotest.te @@ -17,9 +17,6 @@ userdebug_or_eng(` #Allow fido test daemons to be registered with service manager allow fidotest fidotest_service:service_manager add; - # Allow communication with init over property server - unix_socket_connect(fidotest, property, init); - # Allow access to tee device allow fidotest tee_device:chr_file rw_file_perms; diff --git a/test/qseeproxysample.te b/test/qseeproxysample.te index 1e71b7f..381400f 100644 --- a/test/qseeproxysample.te +++ b/test/qseeproxysample.te @@ -45,9 +45,6 @@ userdebug_or_eng(` #Allow test daemon to use system_server via binder to check caller identity binder_call(qseeproxysample, system_server) - # Allow communication with init over property server - unix_socket_connect(qseeproxysample, property, init); - # Allow access to tee device allow qseeproxysample tee_device:chr_file rw_file_perms; |