diff options
| author | Davide Garberi <dade.garberi@gmail.com> | 2018-10-30 22:26:47 +0100 |
|---|---|---|
| committer | Davide Garberi <dade.garberi@gmail.com> | 2018-10-31 15:23:08 +0100 |
| commit | cb0e640f160da2f9ea55b7892e21a4fcfff6e0f4 (patch) | |
| tree | 08f209a438ffadb4b7da0f724e5e0cb8f6bd080d | |
| parent | 43413200cf620d3eb29b744d4dc8e8cb1a2d9ebe (diff) | |
msm8996-common: sepolicy: Cleanup
* Mostly squash the various macros
Change-Id: I1e71a6d728cd4d7e7be057604978264c429aed90
Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
| -rw-r--r-- | sepolicy/cnd.te | 3 | ||||
| -rw-r--r-- | sepolicy/mediaprovider.te | 3 | ||||
| -rw-r--r-- | sepolicy/mm-qcamerad.te | 7 | ||||
| -rw-r--r-- | sepolicy/priv_app.te | 25 | ||||
| -rw-r--r-- | sepolicy/thermal-engine.te | 13 |
5 files changed, 8 insertions, 43 deletions
diff --git a/sepolicy/cnd.te b/sepolicy/cnd.te index 5b6938b..99ea2df 100644 --- a/sepolicy/cnd.te +++ b/sepolicy/cnd.te @@ -1,5 +1,4 @@ -allow cnd sysfs_msm_subsys:dir search; +allow cnd { sysfs_msm_subsys sysfs_soc }:dir search; allow cnd sysfs_msm_subsys:file { getattr open read setattr }; -allow cnd sysfs_soc:dir search; allow cnd system_data_file:dir read; allow cnd system_data_file:file { getattr ioctl open read }; diff --git a/sepolicy/mediaprovider.te b/sepolicy/mediaprovider.te index bea5690..cd1717a 100644 --- a/sepolicy/mediaprovider.te +++ b/sepolicy/mediaprovider.te @@ -1,2 +1 @@ -allow mediaprovider cache_private_backup_file:dir r_dir_perms; -allow mediaprovider cache_recovery_file:dir r_dir_perms; +allow mediaprovider{ cache_private_backup_file cache_recovery_file }:dir r_dir_perms; diff --git a/sepolicy/mm-qcamerad.te b/sepolicy/mm-qcamerad.te index 4ae3bd5..5fb8b43 100644 --- a/sepolicy/mm-qcamerad.te +++ b/sepolicy/mm-qcamerad.te @@ -2,8 +2,5 @@ typeattribute mm-qcamerad data_between_core_and_vendor_violators; allow mm-qcamerad camera_data_file:dir create_dir_perms; allow mm-qcamerad camera_data_file:file create_file_perms; - -allow mm-qcamerad sysfs_camera:dir search; -allow mm-qcamerad sysfs_camera:file r_file_perms; -allow mm-qcamerad sysfs_video:dir search; -allow mm-qcamerad sysfs_video:file r_file_perms; +allow mm-qcamerad { sysfs_camera sysfs_video }:dir search; +allow mm-qcamerad { sysfs_camera sysfs_video }:file r_file_perms; diff --git a/sepolicy/priv_app.te b/sepolicy/priv_app.te index 22617da..9439899 100644 --- a/sepolicy/priv_app.te +++ b/sepolicy/priv_app.te @@ -1,28 +1,7 @@ allow priv_app adsprpcd_file:filesystem getattr; -allow priv_app asec_apk_file:dir r_dir_perms; -allow priv_app bt_firmware_file:dir r_dir_perms; -allow priv_app cache_private_backup_file:dir r_dir_perms; -allow priv_app cgroup:dir r_dir_perms; -allow priv_app configfs:dir r_dir_perms; -allow priv_app configfs:file r_file_perms; -allow priv_app file_contexts_file:file r_file_perms; -allow priv_app firmware_file:dir r_file_perms; +allow priv_app { asec_apk_file bt_firmware_file cache_private_backup_file cgroup configfs mnt_media_rw_file radio_data_file }:dir r_dir_perms; +allow priv_app { configfs file_contexts_file firmware_file hwservice_contexts_file keylayout_file mac_perms_file nonplat_service_contexts_file proc proc_interrupts proc_modules proc_stat seapp_contexts_file sepolicy_file service_contexts_file vendor_file vndservice_contexts_file }:file r_file_perms; allow priv_app hal_memtrack_hwservice:hwservice_manager find; -allow priv_app hwservice_contexts_file:file r_file_perms; -allow priv_app keylayout_file:dir r_file_perms; -allow priv_app mac_perms_file:file r_file_perms; -allow priv_app mnt_media_rw_file:dir r_dir_perms; -allow priv_app nonplat_service_contexts_file:file r_file_perms; -allow priv_app proc_stat:file r_file_perms; -allow priv_app radio_data_file:dir r_dir_perms; -allow priv_app seapp_contexts_file:file r_file_perms; -allow priv_app sepolicy_file:file r_file_perms; -allow priv_app service_contexts_file:file r_file_perms; -allow priv_app vendor_file:file rx_file_perms; -allow priv_app vndservice_contexts_file:file r_file_perms; -allow priv_app proc_interrupts:file r_file_perms; -allow priv_app proc_modules:file r_file_perms; -allow priv_app proc:file r_file_perms; allow priv_app device:dir open; r_dir_file(priv_app, sysfs_type); diff --git a/sepolicy/thermal-engine.te b/sepolicy/thermal-engine.te index ffd8a30..5c1b2cd 100644 --- a/sepolicy/thermal-engine.te +++ b/sepolicy/thermal-engine.te @@ -1,13 +1,4 @@ typeattribute thermal-engine data_between_core_and_vendor_violators; -allow thermal-engine sysfs_msm_subsys:dir search; -allow thermal-engine sysfs_msm_subsys:file { getattr open read setattr }; -allow thermal-engine sysfs_usb_supply:dir search; -allow thermal-engine sysfs_usb_supply:file r_file_perms; - -allow thermal-engine sysfs_soc:dir search; - -allow thermal-engine sysfs_msm_core:dir search; -allow thermal-engine sysfs_msm_core:file r_file_perms; - -allow thermal-engine sysfs_rmtfs:dir search; +allow thermal-engine { sysfs_msm_core sysfs_msm_subsys sysfs_usb_supply }:file r_file_perms; +allow thermal-engine { sysfs_soc sysfs_msm_core sysfs_rmtfs sysfs_msm_subsys sysfs_usb_supply }:dir search; |