diff options
| author | Nick Kralevich <nnk@google.com> | 2014-06-03 17:01:10 -0700 |
|---|---|---|
| committer | Nick Kralevich <nnk@google.com> | 2014-06-03 17:01:10 -0700 |
| commit | 84ed890aebce5235018b846fac734b47833ee364 (patch) | |
| tree | 3b6571a098c2654d2a2faf7095386e7074ada6c6 | |
| parent | 6f6c425563f4faa4e1e12bf430c32d0b81a78f64 (diff) | |
| download | android_external_sepolicy-84ed890aebce5235018b846fac734b47833ee364.tar.gz android_external_sepolicy-84ed890aebce5235018b846fac734b47833ee364.tar.bz2 android_external_sepolicy-84ed890aebce5235018b846fac734b47833ee364.zip | |
Merge adf_device into graphics_device
As of sepolicy commit a16a59e2c7f1e2f09bf7b750101973a974c972e8
(https://android-review.googlesource.com/94580), adf_device
and graphics_device have the exact same security properties.
Merge them into one type to avoid a proliferation of SELinux
types.
Change-Id: Ib1a24f5d880798600e103b9e14934e41abb1ef95
| -rw-r--r-- | app.te | 5 | ||||
| -rw-r--r-- | device.te | 1 | ||||
| -rw-r--r-- | file_contexts | 6 | ||||
| -rw-r--r-- | healthd.te | 1 | ||||
| -rw-r--r-- | surfaceflinger.te | 3 |
5 files changed, 4 insertions, 12 deletions
@@ -194,10 +194,7 @@ neverallow { appdomain -unconfineddomain } { }:chr_file { read write }; # Note: Try expanding list of app domains in the future. -neverallow { untrusted_app isolated_app shell -unconfineddomain } { - adf_device - graphics_device -}:chr_file { read write }; +neverallow { untrusted_app isolated_app shell -unconfineddomain } graphics_device:chr_file { read write }; neverallow { appdomain -nfc -unconfineddomain } nfc_device:chr_file { read write }; @@ -2,7 +2,6 @@ type device, dev_type, fs_type; type alarm_device, dev_type, mlstrustedobject; type adb_device, dev_type; -type adf_device, dev_type; type ashmem_device, dev_type, mlstrustedobject; type audio_device, dev_type; type binder_device, dev_type, mlstrustedobject; diff --git a/file_contexts b/file_contexts index fe493d3..8ea7f6d 100644 --- a/file_contexts +++ b/file_contexts @@ -31,9 +31,9 @@ /dev(/.*)? u:object_r:device:s0 /dev/akm8973.* u:object_r:sensors_device:s0 /dev/accelerometer u:object_r:sensors_device:s0 -/dev/adf[0-9]* u:object_r:adf_device:s0 -/dev/adf-interface[0-9]*\.[0-9]* u:object_r:adf_device:s0 -/dev/adf-overlay-engine[0-9]*\.[0-9]* u:object_r:adf_device:s0 +/dev/adf[0-9]* u:object_r:graphics_device:s0 +/dev/adf-interface[0-9]*\.[0-9]* u:object_r:graphics_device:s0 +/dev/adf-overlay-engine[0-9]*\.[0-9]* u:object_r:graphics_device:s0 /dev/alarm u:object_r:alarm_device:s0 /dev/android_adb.* u:object_r:adb_device:s0 /dev/ashmem u:object_r:ashmem_device:s0 @@ -23,7 +23,6 @@ allow healthd sysfs:file write; ### healthd: charger mode ### -allow healthd adf_device:chr_file rw_file_perms; allow healthd graphics_device:dir r_dir_perms; allow healthd graphics_device:chr_file rw_file_perms; allow healthd input_device:dir r_dir_perms; diff --git a/surfaceflinger.te b/surfaceflinger.te index cea5e71..5133786 100644 --- a/surfaceflinger.te +++ b/surfaceflinger.te @@ -29,9 +29,6 @@ allow surfaceflinger gpu_device:chr_file rw_file_perms; allow surfaceflinger graphics_device:dir search; allow surfaceflinger graphics_device:chr_file rw_file_perms; -# Access ADF device nodes. -allow surfaceflinger adf_device:chr_file rw_file_perms; - # Access /dev/video1. allow surfaceflinger video_device:dir r_dir_perms; allow surfaceflinger video_device:chr_file rw_file_perms; |