diff options
| author | Nick Kralevich <nnk@google.com> | 2015-12-17 23:55:15 +0000 |
|---|---|---|
| committer | Nick Kralevich <nnk@google.com> | 2015-12-17 23:56:31 +0000 |
| commit | cf7ee8a8e57a3d0c92bfeb4532dfcd82760ecede (patch) | |
| tree | 11fa4a922b19c34ac814a49acbb9a3a69cad16d4 | |
| parent | 604a8cae620b1bb31e954c54049c22dbd137795c (diff) | |
| download | sepolicy-cf7ee8a8e57a3d0c92bfeb4532dfcd82760ecede.tar.gz | |
Revert "fingerprintd.te: neverallow fingerprint data file access"
Both angler and bullhead violate these SELinux rules.
Bullhead: tee has access to these files
Angler: system_server has read/write access to these files.
Fixes the following compile time error:
libsepol.report_failure: neverallow on line 32 of external/sepolicy/fingerprintd.te (or line 6704 of policy.conf) violated by allow tee fingerprintd_data_file:file { ioctl read write create setattr lock append rename open };
libsepol.check_assertions: 1 neverallow failures occurred
Error while expanding policy
out/host/linux-x86/bin/checkpolicy: loading policy configuration from out/target/product/bullhead/obj/ETC/sepolicy_intermediates/policy.conf
This reverts commit 604a8cae620b1bb31e954c54049c22dbd137795c.
Change-Id: Iabb8f2e9de96f9082cd6a790d1af80cbc6a569b1
| -rw-r--r-- | fingerprintd.te | 9 |
1 files changed, 0 insertions, 9 deletions
diff --git a/fingerprintd.te b/fingerprintd.te index 41e1aca..1c0ab1c 100644 --- a/fingerprintd.te +++ b/fingerprintd.te @@ -21,12 +21,3 @@ allow fingerprintd keystore:keystore_key { add_auth }; # For permissions checking binder_call(fingerprintd, system_server); allow fingerprintd permission_service:service_manager find; - -### -### Neverallow rules -### - -# Protect fingerprint data files from access by anything other -# than fingerprintd and init -neverallow { domain -fingerprintd -init } fingerprintd_data_file:file - { append create link relabelfrom rename setattr write open read ioctl lock }; |