diff options
author | Jorge Lucangeli Obes <jorgelo@google.com> | 2015-11-20 11:16:18 -0800 |
---|---|---|
committer | Jorge Lucangeli Obes <jorgelo@google.com> | 2015-11-20 11:16:18 -0800 |
commit | fa1451c3647e9b1985361d6e6907a45ed8c87288 (patch) | |
tree | 76c66adc0a2305c76d96a744388a55475922dbd1 | |
parent | e36b05be69c4d09f5c6bce8aebc5edaec046e2b4 (diff) | |
download | brillo-fa1451c3647e9b1985361d6e6907a45ed8c87288.tar.gz |
SELinux: Clean up policies.
https://android-review.googlesource.com/#/c/183315/ brought /proc
access back to the 'domain' type, so remove it here.
Also, add full 'r_dir_perms' on sysfs for sensorservice.
Bug: 25813239
Change-Id: Ia1a91ef789f2e542fb03818967db3a1dc0d0b235
-rw-r--r-- | sepolicy/sensorservice.te | 2 | ||||
-rw-r--r-- | sepolicy/te_macros | 3 |
2 files changed, 1 insertions, 4 deletions
diff --git a/sepolicy/sensorservice.te b/sepolicy/sensorservice.te index 03c6ea7..b5e98c2 100644 --- a/sepolicy/sensorservice.te +++ b/sepolicy/sensorservice.te @@ -26,7 +26,7 @@ allow sensorservice debugfs:file w_file_perms; allow sensorservice proc_net:dir search; allow sensorservice proc_net:file r_file_perms; -allow sensorservice sysfs:dir getattr; +allow sensorservice sysfs:dir r_dir_perms; allow sensorservice sysfs:file r_file_perms; allow sensorservice sysfs:lnk_file read; diff --git a/sepolicy/te_macros b/sepolicy/te_macros index 3a97038..1277dda 100644 --- a/sepolicy/te_macros +++ b/sepolicy/te_macros @@ -9,9 +9,6 @@ binder_service($1) # Allow connections to dbus_daemon. unix_socket_connect($1, dbus_daemon, dbus_daemon) -# Allow /proc. -allow $1 proc:dir search; - # Cut down on spam. dontaudit $1 kernel:system module_request; dontaudit $1 sysfs_devices_system_cpu:dir search; |