SELinux: Clean up policies.

https://android-review.googlesource.com/#/c/183315/ brought /proc access back to the 'domain' type, so remove it here. Also, add full 'r_dir_perms' on sysfs for sensorservice. Bug: 25813239 Change-Id: Ia1a91ef789f2e542fb03818967db3a1dc0d0b235
author: Jorge Lucangeli Obes <jorgelo@google.com> 2015-11-20 11:16:18 -0800
committer: Jorge Lucangeli Obes <jorgelo@google.com> 2015-11-20 11:16:18 -0800
commit: fa1451c3647e9b1985361d6e6907a45ed8c87288 (patch)
tree: 76c66adc0a2305c76d96a744388a55475922dbd1
parent: e36b05be69c4d09f5c6bce8aebc5edaec046e2b4 (diff)
download: brillo-fa1451c3647e9b1985361d6e6907a45ed8c87288.tar.gz
2 files changed, 1 insertions, 4 deletions
diff --git a/sepolicy/sensorservice.te b/sepolicy/sensorservice.te
index 03c6ea7..b5e98c2 100644
--- a/sepolicy/sensorservice.te
+++ b/sepolicy/sensorservice.te
@@ -26,7 +26,7 @@ allow sensorservice debugfs:file w_file_perms;
 allow sensorservice proc_net:dir search;
 allow sensorservice proc_net:file r_file_perms;
 
-allow sensorservice sysfs:dir getattr;
+allow sensorservice sysfs:dir r_dir_perms;
 allow sensorservice sysfs:file r_file_perms;
 allow sensorservice sysfs:lnk_file read;
 
diff --git a/sepolicy/te_macros b/sepolicy/te_macros
index 3a97038..1277dda 100644
--- a/sepolicy/te_macros
+++ b/sepolicy/te_macros
@@ -9,9 +9,6 @@ binder_service($1)
 # Allow connections to dbus_daemon.
 unix_socket_connect($1, dbus_daemon, dbus_daemon)
 
-# Allow /proc.
-allow $1 proc:dir search;
-
 # Cut down on spam.
 dontaudit $1 kernel:system module_request;
 dontaudit $1 sysfs_devices_system_cpu:dir search;
author	Jorge Lucangeli Obes <jorgelo@google.com>	2015-11-20 11:16:18 -0800
committer	Jorge Lucangeli Obes <jorgelo@google.com>	2015-11-20 11:16:18 -0800
commit	fa1451c3647e9b1985361d6e6907a45ed8c87288 (patch)
tree	76c66adc0a2305c76d96a744388a55475922dbd1
parent	e36b05be69c4d09f5c6bce8aebc5edaec046e2b4 (diff)
download	brillo-fa1451c3647e9b1985361d6e6907a45ed8c87288.tar.gz