diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2014-02-25 13:50:56 -0500 |
---|---|---|
committer | Stephen Smalley <sds@tycho.nsa.gov> | 2014-02-25 21:26:08 +0000 |
commit | 0296b9434f3b933b37f67c143788f87cb80b3325 (patch) | |
tree | efabafef1ccacd82b11d5557402c38f761060765 | |
parent | 2c347e0a3676bb50cac796ca94eb6ab53c08fc87 (diff) | |
download | android_external_sepolicy-0296b9434f3b933b37f67c143788f87cb80b3325.tar.gz android_external_sepolicy-0296b9434f3b933b37f67c143788f87cb80b3325.tar.bz2 android_external_sepolicy-0296b9434f3b933b37f67c143788f87cb80b3325.zip |
Move qemud and /dev/qemu policy bits to emulator-specific sepolicy.
Change-Id: I620d4aef84a5d4565abb1695db54ce1653612bce
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
-rw-r--r-- | adbd.te | 3 | ||||
-rw-r--r-- | device.te | 1 | ||||
-rw-r--r-- | file.te | 1 | ||||
-rw-r--r-- | file_contexts | 4 | ||||
-rw-r--r-- | mediaserver.te | 1 | ||||
-rw-r--r-- | qemud.te | 6 | ||||
-rw-r--r-- | rild.te | 2 | ||||
-rw-r--r-- | system_server.te | 2 |
8 files changed, 0 insertions, 20 deletions
@@ -25,9 +25,6 @@ net_domain(adbd) # Access /dev/android_adb. allow adbd adb_device:chr_file rw_file_perms; -# On emulator, access /dev/qemu*. -allow adbd qemu_device:chr_file rw_file_perms; - # Use a pseudo tty. allow adbd devpts:chr_file rw_file_perms; @@ -26,7 +26,6 @@ type mtd_device, dev_type; type mtp_device, dev_type, mlstrustedobject; type nfc_device, dev_type; type ptmx_device, dev_type, mlstrustedobject; -type qemu_device, dev_type; type kmsg_device, dev_type; type null_device, dev_type, mlstrustedobject; type random_device, dev_type; @@ -118,7 +118,6 @@ type mdns_socket, file_type; type mdnsd_socket, file_type; type netd_socket, file_type; type property_socket, file_type; -type qemud_socket, file_type; type racoon_socket, file_type; type rild_socket, file_type; type rild_debug_socket, file_type; diff --git a/file_contexts b/file_contexts index 4f843d3..6b7e45c 100644 --- a/file_contexts +++ b/file_contexts @@ -65,7 +65,6 @@ /dev/ppp u:object_r:ppp_device:s0 /dev/ptmx u:object_r:ptmx_device:s0 /dev/pvrsrvkm u:object_r:gpu_device:s0 -/dev/qemu_.* u:object_r:qemu_device:s0 /dev/kmsg u:object_r:kmsg_device:s0 /dev/null u:object_r:null_device:s0 /dev/nvhdcp1 u:object_r:video_device:s0 @@ -88,7 +87,6 @@ /dev/socket/mdnsd u:object_r:mdnsd_socket:s0 /dev/socket/netd u:object_r:netd_socket:s0 /dev/socket/property_service u:object_r:property_socket:s0 -/dev/socket/qemud u:object_r:qemud_socket:s0 /dev/socket/racoon u:object_r:racoon_socket:s0 /dev/socket/rild u:object_r:rild_socket:s0 /dev/socket/rild-debug u:object_r:rild_debug_socket:s0 @@ -136,7 +134,6 @@ /system/bin/debuggerd u:object_r:debuggerd_exec:s0 /system/bin/debuggerd64 u:object_r:debuggerd_exec:s0 /system/bin/wpa_supplicant u:object_r:wpa_exec:s0 -/system/bin/qemud u:object_r:qemud_exec:s0 /system/bin/sdcard u:object_r:sdcardd_exec:s0 /system/bin/dhcpcd u:object_r:dhcp_exec:s0 /system/bin/mtpd u:object_r:mtp_exec:s0 @@ -215,7 +212,6 @@ ############################# # sysfs files # -/sys/qemu_trace(/.*)? -- u:object_r:sysfs_writable:s0 /sys/devices/platform/nfc-power/nfc_power -- u:object_r:sysfs_nfc_power_writable:s0 /sys/devices/system/cpu(/.*)? u:object_r:sysfs_devices_system_cpu:s0 /sys/power/wake_lock -- u:object_r:sysfs_wake_lock:s0 diff --git a/mediaserver.te b/mediaserver.te index 31b4818..ad291b0 100644 --- a/mediaserver.te +++ b/mediaserver.te @@ -28,7 +28,6 @@ allow mediaserver { gpu_device graphics_device }:chr_file rw_file_perms; allow mediaserver video_device:dir r_dir_perms; allow mediaserver video_device:chr_file rw_file_perms; allow mediaserver audio_device:dir r_dir_perms; -allow mediaserver qemu_device:chr_file rw_file_perms; allow mediaserver tee_device:chr_file rw_file_perms; allow mediaserver audio_prop:property_service set; diff --git a/qemud.te b/qemud.te deleted file mode 100644 index caf7a09..0000000 --- a/qemud.te +++ /dev/null @@ -1,6 +0,0 @@ -# qemu support daemon -type qemud, domain; -type qemud_exec, exec_type, file_type; - -init_daemon_domain(qemud) -unconfined_domain(qemud)
\ No newline at end of file @@ -8,13 +8,11 @@ net_domain(rild) allow rild self:netlink_route_socket nlmsg_write; allow rild kernel:system module_request; unix_socket_connect(rild, property, init) -unix_socket_connect(rild, qemud, qemud) allow rild self:capability { setuid net_admin net_raw }; allow rild alarm_device:chr_file rw_file_perms; allow rild cgroup:dir create_dir_perms; allow rild radio_device:chr_file rw_file_perms; allow rild radio_device:blk_file r_file_perms; -allow rild qemu_device:chr_file rw_file_perms; allow rild mtd_device:dir search; allow rild efs_file:dir create_dir_perms; allow rild efs_file:file create_file_perms; diff --git a/system_server.te b/system_server.te index 01ddeb7..152ece1 100644 --- a/system_server.te +++ b/system_server.te @@ -81,7 +81,6 @@ allow system_server init:process sigchld; # Talk to init and various daemons via sockets. unix_socket_connect(system_server, property, init) -unix_socket_connect(system_server, qemud, qemud) unix_socket_connect(system_server, installd, installd) unix_socket_connect(system_server, lmkd, lmkd) unix_socket_connect(system_server, netd, netd) @@ -130,7 +129,6 @@ allow system_server urandom_device:chr_file rw_file_perms; allow system_server usbaccessory_device:chr_file rw_file_perms; allow system_server video_device:dir r_dir_perms; allow system_server video_device:chr_file rw_file_perms; -allow system_server qemu_device:chr_file rw_file_perms; allow system_server adbd_socket:sock_file rw_file_perms; # tun device used for 3rd party vpn apps |