diff options
| author | Nikhilesh Reddy <reddyn@codeaurora.org> | 2016-10-25 10:44:32 +0530 |
|---|---|---|
| committer | Sahitya Tummala <stummala@codeaurora.org> | 2016-10-25 10:45:45 +0530 |
| commit | 4969f0cba6f21c7045ad83f4e3fff612736e53d6 (patch) | |
| tree | 560eb43e7990b6b112ffd339d7356a24206dd533 | |
| parent | 22cbbd8e94223fb1970bc88724682cc48e231942 (diff) | |
| download | android_device_qcom_sepolicy-4969f0cba6f21c7045ad83f4e3fff612736e53d6.tar.gz android_device_qcom_sepolicy-4969f0cba6f21c7045ad83f4e3fff612736e53d6.tar.bz2 android_device_qcom_sepolicy-4969f0cba6f21c7045ad83f4e3fff612736e53d6.zip | |
sepolicy: Update the rmt_stroage and rfs_access policies
The rmt_storage and rfs daemons no longer need sys_admin,
dac_overide and net_raw as it now has net_bind_service
capability to access ipcr/qmi sockets.
CRs-Fixed: 1057865
Change-Id: If4acfc4a04ce6c937736e8eaf5cd3bd00591c300
| -rw-r--r-- | common/rfs_access.te | 1 | ||||
| -rw-r--r-- | common/rmt_storage.te | 2 |
2 files changed, 0 insertions, 3 deletions
diff --git a/common/rfs_access.te b/common/rfs_access.te index 318fffc1..629f9e46 100644 --- a/common/rfs_access.te +++ b/common/rfs_access.te @@ -54,7 +54,6 @@ allow rfs_access self:capability { setgid setpcap net_bind_service - net_raw }; # RFS UID and GIDs were changed and moved from old values to new ones OEM range. diff --git a/common/rmt_storage.te b/common/rmt_storage.te index f043becc..56f6f928 100644 --- a/common/rmt_storage.te +++ b/common/rmt_storage.te @@ -17,9 +17,7 @@ allow rmt_storage self:capability { setuid setgid sys_admin - dac_override net_bind_service - net_raw setpcap }; |