diff options
| author | Vishal Bhoj <vishal.bhoj@linaro.org> | 2019-01-28 09:42:38 +0000 |
|---|---|---|
| committer | Linaro Android Code Review <android-review@review.linaro.org> | 2019-01-28 09:42:38 +0000 |
| commit | a6be6eef5bf755a53e726292128d724fcb85583f (patch) | |
| tree | 9421debac049b96dfa5c0f9364244dfa6f119895 | |
| parent | 42e0b836e352c529e4aa700dc25c3dd597116082 (diff) | |
| parent | 9e1da538938df19a68248e94b85a0e82b9e39871 (diff) | |
| download | common-linaro-pie-arm.tar.gz | |
Merge "update sepolicy" into linaro-pie-armlinaro-pie-arm
| -rw-r--r-- | sepolicy/file_contexts | 1 | ||||
| -rw-r--r-- | sepolicy/gatord.te | 3 | ||||
| -rw-r--r-- | sepolicy/healthd.te | 1 | ||||
| -rw-r--r-- | sepolicy/init.te | 6 | ||||
| -rw-r--r-- | sepolicy/linaro.te | 13 | ||||
| -rw-r--r-- | sepolicy/netd.te | 4 | ||||
| -rw-r--r-- | sepolicy/toolbox.te | 1 |
7 files changed, 5 insertions, 24 deletions
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index f789ca4..47c0dba 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -7,4 +7,3 @@ /dev/dri/card0 u:object_r:gpu_device:s0 /dev/hci_tty u:object_r:hci_attach_dev:s0 /dev/ttyAMA1 u:object_r:hci_attach_dev:s0 -/system/bin/faketsd u:object_r:linaro_exec:s0 diff --git a/sepolicy/gatord.te b/sepolicy/gatord.te deleted file mode 100644 index 2943a9b..0000000 --- a/sepolicy/gatord.te +++ /dev/null @@ -1,3 +0,0 @@ -type gatord, domain, mlstrustedsubject; - -permissive gatord; diff --git a/sepolicy/healthd.te b/sepolicy/healthd.te deleted file mode 100644 index 5ae2745..0000000 --- a/sepolicy/healthd.te +++ /dev/null @@ -1 +0,0 @@ -allow healthd self:capability { dac_override dac_read_search sys_nice }; diff --git a/sepolicy/init.te b/sepolicy/init.te index 0b93bc1..2c0522f 100644 --- a/sepolicy/init.te +++ b/sepolicy/init.te @@ -4,12 +4,12 @@ userdebug_or_eng(` allow init self:capability { sys_module }; allow init self:tcp_socket create; -allow init gatord:process { transition rlimitinh siginh }; +#allow init gatord:process { transition rlimitinh siginh }; allow init kernel:system module_request; allow init tmpfs:lnk_file create_file_perms; allow init cache_file:dir mounton; allow init storage_file:dir mounton; allow init debugfs:dir mounton; -domain_trans(init, rootfs, linaro) -domain_trans(init, linaro_exec, linaro) +#domain_trans(init, rootfs, linaro) +#domain_trans(init, linaro_exec, linaro) diff --git a/sepolicy/linaro.te b/sepolicy/linaro.te deleted file mode 100644 index f84d7db..0000000 --- a/sepolicy/linaro.te +++ /dev/null @@ -1,13 +0,0 @@ -type linaro, domain, mlstrustedsubject; -type linaro_exec, exec_type, file_type; - -init_daemon_domain(linaro) - -allow linaro sysfs:file write; -allow linaro proc:file write; -allow linaro system_file:file execute_no_trans; -allow linaro shell_exec:file rx_file_perms; - -allow linaro self:capability dac_override; - -permissive linaro; diff --git a/sepolicy/netd.te b/sepolicy/netd.te index ee36425..1b237cf 100644 --- a/sepolicy/netd.te +++ b/sepolicy/netd.te @@ -2,5 +2,5 @@ dontaudit netd self:capability sys_module; allow netd usermodehelper:file r_file_perms; allow netd debug_prop:property_service set; allow netd kernel:system module_request; -allow netd gatord:fd use; -allow netd gatord:tcp_socket rw_socket_perms; +#allow netd gatord:fd use; +#allow netd gatord:tcp_socket rw_socket_perms; diff --git a/sepolicy/toolbox.te b/sepolicy/toolbox.te deleted file mode 100644 index 3709919..0000000 --- a/sepolicy/toolbox.te +++ /dev/null @@ -1 +0,0 @@ -allow toolbox self:capability { dac_override dac_read_search sys_nice }; |