diff options
author | Matt Garnes <matt@cyngn.com> | 2015-05-04 16:29:38 -0700 |
---|---|---|
committer | Matt Garnes <matt@cyngn.com> | 2015-05-04 16:29:38 -0700 |
commit | 485bfae875b0790368a589b23be781c4269b8c86 (patch) | |
tree | 6151085a725d5dba06b5f524323ad574d839a9b0 | |
parent | 94c1a2f52339d203e033b9a205d85bcd0dc0463d (diff) | |
parent | 37a23611c34e1389593bbf11190e2f7dbe967c08 (diff) | |
download | android_external_sepolicy-caf/cm-12.1.tar.gz android_external_sepolicy-caf/cm-12.1.tar.bz2 android_external_sepolicy-caf/cm-12.1.zip |
Merge remote-tracking branch 'caf/LA.BR.1.2.3' into caf/cm-12.1caf/cm-12.1
-rw-r--r-- | app.te | 7 | ||||
-rw-r--r-- | seapp_contexts | 1 | ||||
-rw-r--r-- | wfd_app.te | 7 |
3 files changed, 2 insertions, 13 deletions
@@ -209,11 +209,8 @@ neverallow { appdomain -bluetooth } self:capability2 *; neverallow appdomain dev_type:blk_file { read write }; # Access to any of the following character devices. -neverallow { appdomain -wfd_app } { +neverallow appdomain { audio_device -}:chr_file { read write }; - -neverallow { appdomain } { camera_device dm_device radio_device @@ -228,7 +225,7 @@ neverallow { appdomain -nfc } nfc_device:chr_file { read write }; neverallow { appdomain -bluetooth } hci_attach_dev:chr_file { read write }; -neverallow { appdomain -wfd_app } tee_device:chr_file { read write }; +neverallow appdomain tee_device:chr_file { read write }; # Privileged netlink socket interfaces. neverallow appdomain diff --git a/seapp_contexts b/seapp_contexts index 2063b83..26d0c8f 100644 --- a/seapp_contexts +++ b/seapp_contexts @@ -45,4 +45,3 @@ user=shell domain=shell type=shell_data_file user=_isolated domain=isolated_app user=_app seinfo=platform domain=platform_app type=app_data_file user=_app domain=untrusted_app type=app_data_file -user=system domain=wfd_app seinfo=platform name=com.qualcomm.wfd.service:wfd_service type=system_data_file diff --git a/wfd_app.te b/wfd_app.te deleted file mode 100644 index f8e978f..0000000 --- a/wfd_app.te +++ /dev/null @@ -1,7 +0,0 @@ -# -# wfd service run with the system UID, but needs special privilege. -# Define a new domain for wfd - -type wfd_app, domain; -#permissive_or_unconfined(wfd_app) -app_domain(wfd_app) |