msm8974-common: Nuke our copy of SELinux policies
We now get the qcom-common SELinux policy. Get rid of our old policy and add back config as we need it, rather than trying to merge the two. Change-Id: I5ca5098c653f09c7901343d0ae71793f6eb21ab8
This commit is contained in:
Christopher R. Palmer
Ethan Chen
parent
d96a6cd3d1
commit
ef32c33672
@ -52,33 +52,6 @@ MAX_EGL_CACHE_SIZE := 2048*1024
|
||||
# Fonts
|
||||
EXTENDED_FONT_FOOTPRINT := true
|
||||
|
||||
# SELinux
|
||||
BOARD_SEPOLICY_DIRS += \
|
||||
device/samsung/msm8974-common/sepolicy
|
||||
|
||||
BOARD_SEPOLICY_UNION += \
|
||||
file_contexts \
|
||||
app.te \
|
||||
bluetooth.te \
|
||||
device.te \
|
||||
domain.te \
|
||||
drmserver.te \
|
||||
file.te \
|
||||
hci_init.te \
|
||||
healthd.te \
|
||||
init.te \
|
||||
init_shell.te \
|
||||
keystore.te \
|
||||
kickstart.te \
|
||||
mediaserver.te \
|
||||
nfc.te \
|
||||
rild.te \
|
||||
surfaceflinger.te \
|
||||
system.te \
|
||||
ueventd.te \
|
||||
wpa.te \
|
||||
wpa_socket.te
|
||||
|
||||
# Time services
|
||||
BOARD_USES_QC_TIME_SERVICES := true
|
||||
|
||||
|
||||
@ -1,3 +0,0 @@
|
||||
# Grant GPU access to all processes started by Zygote.
|
||||
# They need that to render the standard UI.
|
||||
allow appdomain gpu_device:chr_file rw_file_perms;
|
||||
@ -1 +0,0 @@
|
||||
allow bluetooth smd_device:chr_file rw_file_perms;
|
||||
@ -1,17 +0,0 @@
|
||||
# GPU (used by most UI apps)
|
||||
type gpu_device, dev_type;
|
||||
|
||||
# Qualcomm Secure Execution Environment Communicator (QSEECOM) device
|
||||
type qseecom_device, dev_type;
|
||||
|
||||
type diag_device, dev_type;
|
||||
type bcm2079x_device, dev_type;
|
||||
|
||||
# Qualcomm MSM Audio ACDB device
|
||||
type msm_acdb_device, dev_type;
|
||||
|
||||
# Kickstart device used by QC qcks
|
||||
type kickstart_device, dev_type;
|
||||
|
||||
# SMD device, used by hci_qcomm_init
|
||||
type smd_device, dev_type;
|
||||
@ -1 +0,0 @@
|
||||
allow domain init_tmpfs:file read;
|
||||
@ -1,3 +0,0 @@
|
||||
# Grant DRM Service access to Qualcomm Secure Execution Environment Communicator (QSEECOM) device
|
||||
allow drmserver qseecom_device:chr_file rw_file_perms;
|
||||
allow drmserver sdcard_external:file open;
|
||||
@ -1,11 +0,0 @@
|
||||
# Qualcomm MSM Interface (QMI) socket types
|
||||
type qmux_audio_socket, file_type;
|
||||
type qmux_bluetooth_socket, file_type;
|
||||
type qmux_gps_socket, file_type;
|
||||
type qmux_radio_socket, file_type;
|
||||
|
||||
type firmware_file, fs_type;
|
||||
|
||||
allow efs_file rootfs:filesystem associate;
|
||||
allow cache_file rootfs:filesystem associate;
|
||||
allow asec_apk_file rootfs:filesystem associate;
|
||||
@ -1,33 +0,0 @@
|
||||
# GPU device
|
||||
/dev/kgsl-3d0 u:object_r:gpu_device:s0
|
||||
/dev/msm_rotator u:object_r:gpu_device:s0
|
||||
|
||||
# Qualcomm Secure Execution Environment Communicator (QSEECOM) device
|
||||
/dev/qseecom u:object_r:qseecom_device:s0
|
||||
|
||||
# Qualcomm MSM Interface (QMI) devices
|
||||
/dev/socket/qmux_audio/* u:object_r:qmux_audio_socket:s0
|
||||
/dev/socket/qmux_bluetooth/* u:object_r:qmux_bluetooth_socket:s0
|
||||
/dev/socket/qmux_gps/* u:object_r:qmux_gps_socket:s0
|
||||
/dev/socket/qmux_radio/* u:object_r:qmux_radio_socket:s0
|
||||
|
||||
/dev/bcm2079x-i2c u:object_r:bcm2079x_device:s0
|
||||
/dev/diag u:object_r:diag_device:s0
|
||||
/dev/media([0-9])+ u:object_r:camera_device:s0
|
||||
/dev/smd([0-9])+ u:object_r:smd_device:s0
|
||||
/dev/mdm u:object_r:radio_device:s0
|
||||
|
||||
# Qualcomm MSM Audio ACDB device
|
||||
/dev/msm_acdb u:object_r:msm_acdb_device:s0
|
||||
|
||||
/dev/ks_hsic_bridge u:object_r:kickstart_device:s0
|
||||
/dev/efs_hsic_bridge u:object_r:kickstart_device:s0
|
||||
|
||||
/system/bin/qcks u:object_r:kickstart_exec:s0
|
||||
/system/bin/efsks u:object_r:kickstart_exec:s0
|
||||
/system/bin/ks u:object_r:kickstart_exec:s0
|
||||
|
||||
/data/nfc(/.*)? u:object_r:nfc_data_file:s0
|
||||
|
||||
/system/bin/hci_qcomm_init u:object_r:hci_exec:s0
|
||||
/system/bin/bdAddrLoader u:object_r:hci_exec:s0
|
||||
@ -1,6 +0,0 @@
|
||||
type hci_init, domain;
|
||||
permissive hci_init;
|
||||
type hci_exec, file_type, exec_type;
|
||||
type hci_data_file, file_type;
|
||||
domain_auto_trans(shell, hci_exec, hci_init)
|
||||
unconfined_domain(hci_init)
|
||||
@ -1 +0,0 @@
|
||||
allow healthd rootfs:file entrypoint;
|
||||
@ -1 +0,0 @@
|
||||
allow init wpa_socket:unix_dgram_socket { bind create };
|
||||
@ -1,6 +0,0 @@
|
||||
allow init_shell diag_device:chr_file { read write };
|
||||
allow init_shell hci_exec:file rx_file_perms;
|
||||
allow init_shell bluetooth_prop:property_service set;
|
||||
allow init_shell smd_device:chr_file rw_file_perms;
|
||||
allow init_shell unlabeled:file r_file_perms;
|
||||
allow init_shell init:fifo_file r_file_perms;
|
||||
@ -1,3 +0,0 @@
|
||||
# Grant keystore daemon access to Qualcomm Secure Execution Environment Communicator (QSEECOM) device
|
||||
allow keystore qseecom_device:chr_file rw_file_perms;
|
||||
|
||||
@ -1,5 +0,0 @@
|
||||
type kickstart, domain;
|
||||
permissive kickstart;
|
||||
type kickstart_exec, file_type, exec_type;
|
||||
domain_auto_trans(init, kickstart_exec, kickstart)
|
||||
unconfined_domain(kickstart)
|
||||
@ -1,13 +0,0 @@
|
||||
# Grant access to Qualcomm MSM Audio ACDB device to mediaserver
|
||||
allow mediaserver msm_acdb_device:chr_file rw_file_perms;
|
||||
|
||||
# Grant access to Qualcomm MSM Interface (QMI) audio sockets to mediaserver
|
||||
allow mediaserver qmux_audio_socket:sock_file create_file_perms;
|
||||
allow mediaserver qmux_audio_socket:dir rw_dir_perms;
|
||||
|
||||
# Permit mediaserver to create sockets
|
||||
allow mediaserver self:socket create;
|
||||
|
||||
# Grant access to audio firmware files to mediaserver
|
||||
allow mediaserver audio_firmware_file:dir ra_dir_perms;
|
||||
allow mediaserver audio_firmware_file:file create_file_perms;
|
||||
@ -1 +0,0 @@
|
||||
allow nfc bcm2079x_device:chr_file rw_file_perms;
|
||||
@ -1,5 +0,0 @@
|
||||
allow rild diag_device:chr_file rw_file_perms;
|
||||
|
||||
# Grant access to Qualcomm MSM Interface (QMI) radio sockets to RILD
|
||||
allow rild qmux_radio_socket:sock_file create_file_perms;
|
||||
allow rild qmux_radio_socket:dir rw_dir_perms;
|
||||
@ -1,9 +0,0 @@
|
||||
# Grant GPU access to SurfaceFlinger
|
||||
allow surfaceflinger gpu_device:chr_file rw_file_perms;
|
||||
|
||||
allow surfaceflinger sysfs:file rw_file_perms;
|
||||
|
||||
# Read from /data/local/tmp
|
||||
allow surfaceflinger shell_data_file:dir search;
|
||||
allow surfaceflinger shell_data_file:file { open getattr read };
|
||||
allow surfaceflinger shell_data_file:lnk_file read;
|
||||
@ -1,10 +0,0 @@
|
||||
# Grant GPU access to system apps (e.g., PowerManagerService)
|
||||
allow system gpu_device:chr_file rw_file_perms;
|
||||
allow system diag_device:chr_file rw_file_perms;
|
||||
|
||||
# Grant access to Qualcomm MSM Interface (QMI) radio sockets to system apps
|
||||
# (e.g., LocationManager)
|
||||
allow system qmux_radio_socket:sock_file create_file_perms;
|
||||
allow system qmux_radio_socket:dir rw_dir_perms;
|
||||
|
||||
allow system wpa_socket:unix_dgram_socket sendto;
|
||||
@ -1,6 +0,0 @@
|
||||
allow ueventd sdcard_external:dir search;
|
||||
allow ueventd sdcard_external:file r_file_perms;
|
||||
allow ueventd wifi_data_file:dir search;
|
||||
allow ueventd wifi_data_file:file r_file_perms;
|
||||
allow ueventd firmware_file:dir r_dir_perms;
|
||||
allow ueventd firmware_file:file r_file_perms;
|
||||
@ -1,2 +0,0 @@
|
||||
allow wpa devpts:chr_file rw_file_perms;
|
||||
allow wpa wpa_socket:unix_dgram_socket { read write };
|
||||
@ -1 +0,0 @@
|
||||
allow wpa_socket system:unix_dgram_socket sendto;
|
||||
Loading…
Reference in New Issue
Block a user