aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavide Garberi <dade.garberi@gmail.com>2019-05-02 16:52:20 +0200
committerDavide Garberi <dade.garberi@gmail.com>2019-05-02 17:26:32 +0200
commit2c7ad967d1c9be71a50a9c27e336e180c035e648 (patch)
tree60e0b6d920cfaf3990dd42e254b09f2593b975ae
parentf03c601509bec9331de6829531d61e927e42f736 (diff)
msm8996-common: sepolicy: Cleanup
* Add back the fstab contexts to prevent some vfat denials * Remove a lot of not needed addresses * Create a domain for double tap to wake to not let the powerhal access all the sysfs files Change-Id: I44dfc5e9903eb562748215541f2d71f9a3d111d7
Diffstat
-rw-r--r--rootdir/etc/fstab.qcom6
-rw-r--r--sepolicy/adbd.te1
-rw-r--r--sepolicy/adsprpcd.te2
-rw-r--r--sepolicy/charger.te1
-rw-r--r--sepolicy/cnd.te1
-rw-r--r--sepolicy/file.te1
-rw-r--r--sepolicy/file_contexts11
-rw-r--r--sepolicy/genfs_contexts1
-rw-r--r--sepolicy/hal_audio_default.te1
-rw-r--r--sepolicy/hal_bluetooth_default.te3
-rw-r--r--sepolicy/hal_bluetooth_qti.te2
-rw-r--r--sepolicy/hal_drm_default.te4
-rw-r--r--sepolicy/hal_fingerprint_default.te2
-rw-r--r--sepolicy/hal_health_default.te1
-rw-r--r--sepolicy/hal_light_default.te1
-rw-r--r--sepolicy/hal_perf_default.te1
-rw-r--r--sepolicy/hal_power_default.te2
-rw-r--r--sepolicy/hal_vibrator_default.te1
-rw-r--r--sepolicy/hwservicemanager.te1
-rw-r--r--sepolicy/ims.te1
-rw-r--r--sepolicy/init.te4
-rw-r--r--sepolicy/installd.te1
-rw-r--r--sepolicy/kernel.te2
-rw-r--r--sepolicy/location.te1
-rw-r--r--sepolicy/mediaextractor.te1
-rw-r--r--sepolicy/mediaprovider.te1
-rw-r--r--sepolicy/mm-qcamerad.te1
-rw-r--r--sepolicy/netd.te1
-rw-r--r--sepolicy/netutils_wrapper.te1
-rw-r--r--sepolicy/peripheral_manager.te2
-rw-r--r--sepolicy/priv_app.te12
-rw-r--r--sepolicy/qti_init_shell.te3
-rw-r--r--sepolicy/rmt_storage.te2
-rw-r--r--sepolicy/system_app.te3
-rw-r--r--sepolicy/system_server.te2
-rw-r--r--sepolicy/ueventd.te2
-rw-r--r--sepolicy/untrusted_app.te2
-rw-r--r--sepolicy/vendor_init.te5
-rw-r--r--sepolicy/wcnss_service.te6
-rw-r--r--sepolicy/webview_zygote.te1
40 files changed, 16 insertions, 81 deletions
diff --git a/rootdir/etc/fstab.qcom b/rootdir/etc/fstab.qcom
index b1985f6..4c4ccdb 100644
--- a/rootdir/etc/fstab.qcom
+++ b/rootdir/etc/fstab.qcom
@@ -16,9 +16,9 @@
/dev/block/bootdevice/by-name/cache /cache ext4 nosuid,nodev,noatime,barrier=1 wait,check
/dev/block/bootdevice/by-name/cache /cache f2fs nosuid,nodev,noatime,inline_xattr,flush_merge,data_flush wait,check
/dev/block/bootdevice/by-name/persist /mnt/vendor/persist ext4 nosuid,nodev,noatime,barrier=1 wait
-/dev/block/bootdevice/by-name/dsp /vendor/dsp ext4 ro,nosuid,nodev,barrier=1 wait
-/dev/block/bootdevice/by-name/modem /vendor/firmware_mnt vfat ro,shortname=lower,uid=0,gid=1000,dmask=227,fmask=337 wait
-/dev/block/bootdevice/by-name/bluetooth /vendor/bt_firmware vfat ro,shortname=lower,uid=1002,gid=3002,dmask=222,fmask=333 wait
+/dev/block/bootdevice/by-name/dsp /vendor/dsp ext4 ro,nosuid,nodev,barrier=1,context=u:object_r:adsprpcd_file:s0 wait
+/dev/block/bootdevice/by-name/modem /vendor/firmware_mnt vfat ro,shortname=lower,uid=0,gid=1000,dmask=227,fmask=337,context=u:object_r:firmware_file:s0 wait
+/dev/block/bootdevice/by-name/bluetooth /vendor/bt_firmware vfat ro,shortname=lower,uid=1002,gid=3002,dmask=222,fmask=333,context=u:object_r:bt_firmware_file:s0 wait
/dev/block/bootdevice/by-name/misc /misc emmc defaults defaults
/dev/block/zram0 none swap defaults zramsize=536870912,max_comp_streams=4
/mnt/vendor/persist /persist none bind wait
diff --git a/sepolicy/adbd.te b/sepolicy/adbd.te
deleted file mode 100644
index 01a14f2..0000000
--- a/sepolicy/adbd.te
+++ /dev/null
@@ -1 +0,0 @@
-allow adbd ctl_mdnsd_prop:property_service set;
diff --git a/sepolicy/adsprpcd.te b/sepolicy/adsprpcd.te
index cbb5d4d..8707457 100644
--- a/sepolicy/adsprpcd.te
+++ b/sepolicy/adsprpcd.te
@@ -1 +1 @@
-allow adsprpcd_file self:filesystem { associate getattr };
+allow adsprpcd_file self:filesystem associate;
diff --git a/sepolicy/charger.te b/sepolicy/charger.te
index 944a1c0..f9509e4 100644
--- a/sepolicy/charger.te
+++ b/sepolicy/charger.te
@@ -1,2 +1 @@
-allow charger rtc_device:chr_file r_file_perms;
allow charger sysfs_battery_supply:file read;
diff --git a/sepolicy/cnd.te b/sepolicy/cnd.te
deleted file mode 100644
index 9589b02..0000000
--- a/sepolicy/cnd.te
+++ /dev/null
@@ -1 +0,0 @@
-allow cnd system_data_file:file { getattr ioctl read };
diff --git a/sepolicy/file.te b/sepolicy/file.te
index b33eadf..486a6d0 100644
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -10,6 +10,7 @@ type sysfs_fingerprint, sysfs_type, fs_type;
type sysfs_pcie, sysfs_type, fs_type, mlstrustedobject;
type sysfs_wifi, sysfs_type, fs_type, mlstrustedobject;
type sysfs_scsi_devices_0000, sysfs_type, fs_type;
+type sysfs_doubletap, sysfs_type, fs_type;
# /vendor
type idc_file, file_type, vendor_file_type;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index ce36adc..429d4c4 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -1,6 +1,6 @@
# Binaries
-/vendor/bin/init.wlan.sh u:object_r:qti_init_shell_exec:s0
-/vendor/bin/wcg_mac_tool u:object_r:wcg_mac_exec:s0
+/(vendor|system/vendor)/bin/init.wlan.sh u:object_r:qti_init_shell_exec:s0
+/(vendor|system/vendor)/bin/wcg_mac_tool u:object_r:wcg_mac_exec:s0
# Data files
/data/fpc(/.*)? u:object_r:fpc_data_file:s0
@@ -12,13 +12,12 @@
/dev/tfa9890 u:object_r:audio_device:s0
# HALs
-/vendor/bin/hw/android\.hardware\.light@2\.0-service\.zuk_8996 u:object_r:hal_light_default_exec:s0
-/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.0-service\.zuk u:object_r:hal_fingerprint_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.light@2\.0-service\.zuk_8996 u:object_r:hal_light_default_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.lineage\.touch@1\.0-service\.zuk_8996 u:object_r:hal_lineage_touch_default_exec:s0
# Misc files on /vendor
-/vendor/usr/idc(/.*)? u:object_r:idc_file:s0
-/vendor/usr/keylayout(/.*)? u:object_r:keylayout_file:s0
+/(vendor|system/vendor)/usr/idc(/.*)? u:object_r:idc_file:s0
+/(vendor|system/vendor)/usr/keylayout(/.*)? u:object_r:keylayout_file:s0
# Sys files
/sys/devices/soc/soc:fpc1020(/.*)? u:object_r:sysfs_fingerprint:s0
diff --git a/sepolicy/genfs_contexts b/sepolicy/genfs_contexts
index 989b76b..65f4c90 100644
--- a/sepolicy/genfs_contexts
+++ b/sepolicy/genfs_contexts
@@ -10,3 +10,4 @@ genfscon sysfs /devices/soc/400f000.qcom,spmi/spmi-0/spmi0-02/400f000.qcom,spmi:
genfscon sysfs /devices/soc/400f000.qcom,spmi/spmi-0/spmi0-02/400f000.qcom,spmi:qcom,pmi8994@2:qcom,qpnp-smbcharger/power_supply u:object_r:sysfs_batteryinfo:s0
genfscon sysfs /devices/soc/400f000.qcom,spmi/spmi-0/spmi0-02/400f000.qcom,spmi:qcom,pmi8994@2:bcl@4200/power_supply u:object_r:sysfs_batteryinfo:s0
genfscon sysfs /devices/soc/400f000.qcom,spmi/spmi-0/spmi0-03/400f000.qcom,spmi:qcom,pmi8994@3:qcom,haptics@c000/leds u:object_r:sysfs_leds:s0
+genfscon sysfs /devices/virtual/touch/tp_dev/gesture_on u:object_r:sysfs_doubletap:s0
diff --git a/sepolicy/hal_audio_default.te b/sepolicy/hal_audio_default.te
index 8a9e7d8..f841aaa 100644
--- a/sepolicy/hal_audio_default.te
+++ b/sepolicy/hal_audio_default.te
@@ -4,4 +4,3 @@ allow hal_audio_default vendor_data_file:file create_file_perms;
allow hal_audio_default vendor_data_file:dir rw_dir_perms;
allow hal_audio_default thermal_socket:sock_file write;
allow hal_audio_default thermal-engine:unix_stream_socket connectto;
-allow hal_audio_default sysfs:dir { open read };
diff --git a/sepolicy/hal_bluetooth_default.te b/sepolicy/hal_bluetooth_default.te
index 2ee676b..35da311 100644
--- a/sepolicy/hal_bluetooth_default.te
+++ b/sepolicy/hal_bluetooth_default.te
@@ -1,6 +1,3 @@
typeattribute hal_bluetooth_default data_between_core_and_vendor_violators;
allow hal_bluetooth_default bluetooth_data_file:dir rw_dir_perms;
-
allow hal_bluetooth_default bluetooth_data_file:file create_file_perms;
-
-allow hal_bluetooth_default wcnss_filter:unix_stream_socket connectto;
diff --git a/sepolicy/hal_bluetooth_qti.te b/sepolicy/hal_bluetooth_qti.te
deleted file mode 100644
index 6143159..0000000
--- a/sepolicy/hal_bluetooth_qti.te
+++ /dev/null
@@ -1,2 +0,0 @@
-allow hal_bluetooth_qti vfat:dir create_dir_perms;
-allow hal_bluetooth_qti vfat:file create_file_perms;
diff --git a/sepolicy/hal_drm_default.te b/sepolicy/hal_drm_default.te
deleted file mode 100644
index 172d7d3..0000000
--- a/sepolicy/hal_drm_default.te
+++ /dev/null
@@ -1,4 +0,0 @@
-typeattribute hal_drm_default data_between_core_and_vendor_violators;
-
-allow hal_drm_default media_data_file:dir create_dir_perms;
-allow hal_drm_default media_data_file:file create_file_perms;
diff --git a/sepolicy/hal_fingerprint_default.te b/sepolicy/hal_fingerprint_default.te
index cccf8a6..3f3d799 100644
--- a/sepolicy/hal_fingerprint_default.te
+++ b/sepolicy/hal_fingerprint_default.te
@@ -12,5 +12,3 @@ allow hal_fingerprint_default { fpc_data_file system_data_file }:dir create_dir_
allow hal_fingerprint_default fpc_data_file:sock_file { create setattr unlink };
allow hal_fingerprint_default fingerprintd_data_file:dir rw_dir_perms;
allow hal_fingerprint_default fingerprintd_data_file:file create_file_perms;
-allow hal_fingerprint_default vfat:dir { read search };
-allow hal_fingerprint_default vfat:file { getattr open read setattr };
diff --git a/sepolicy/hal_health_default.te b/sepolicy/hal_health_default.te
deleted file mode 100644
index 64e4b19..0000000
--- a/sepolicy/hal_health_default.te
+++ /dev/null
@@ -1 +0,0 @@
-allow hal_health_default sysfs:file { getattr open read };
diff --git a/sepolicy/hal_light_default.te b/sepolicy/hal_light_default.te
deleted file mode 100644
index 8c63d4c..0000000
--- a/sepolicy/hal_light_default.te
+++ /dev/null
@@ -1 +0,0 @@
-allow hal_light_default sysfs:file rw_file_perms;
diff --git a/sepolicy/hal_perf_default.te b/sepolicy/hal_perf_default.te
index 10fe797..83c9892 100644
--- a/sepolicy/hal_perf_default.te
+++ b/sepolicy/hal_perf_default.te
@@ -1,3 +1,2 @@
set_prop(hal_perf_default, freq_prop)
-allow hal_perf_default hal_graphics_composer_default:process signull;
dontaudit hal_perf_default { hal_perf_default self }:capability { dac_override dac_read_search };
diff --git a/sepolicy/hal_power_default.te b/sepolicy/hal_power_default.te
index c6a2a02..9618dac 100644
--- a/sepolicy/hal_power_default.te
+++ b/sepolicy/hal_power_default.te
@@ -1,6 +1,6 @@
-allow hal_power_default sysfs:file rw_file_perms;
allow hal_power_default sysfs_kgsl:lnk_file { open read write };
allow hal_power_default sysfs_devfreq:dir search;
allow hal_power_default sysfs_devfreq:file { open write };
allow hal_power_default sysfs_kgsl:file { open write };
allow hal_power_default device_latency:chr_file { open write };
+allow hal_power_default sysfs_doubletap:file { open write };
diff --git a/sepolicy/hal_vibrator_default.te b/sepolicy/hal_vibrator_default.te
deleted file mode 100644
index 1a81647..0000000
--- a/sepolicy/hal_vibrator_default.te
+++ /dev/null
@@ -1 +0,0 @@
-allow hal_vibrator_default sysfs:file { read write };
diff --git a/sepolicy/hwservicemanager.te b/sepolicy/hwservicemanager.te
index 7eaf0e4..fe3d17b 100644
--- a/sepolicy/hwservicemanager.te
+++ b/sepolicy/hwservicemanager.te
@@ -1,3 +1,2 @@
allow hwservicemanager init:dir search;
allow hwservicemanager init:file r_file_perms;
-allow hwservicemanager init:process getattr;
diff --git a/sepolicy/ims.te b/sepolicy/ims.te
deleted file mode 100644
index d3fdc76..0000000
--- a/sepolicy/ims.te
+++ /dev/null
@@ -1 +0,0 @@
-allow ims ctl_default_prop:property_service set;
diff --git a/sepolicy/init.te b/sepolicy/init.te
index 8b4e30e..5f80ca1 100644
--- a/sepolicy/init.te
+++ b/sepolicy/init.te
@@ -1,9 +1,7 @@
allow init { ion_device tee_device }:chr_file ioctl;
allow init hidl_base_hwservice:hwservice_manager add;
allow init sysfs_fingerprint:file { open read setattr write };
-allow init sysfs:file setattr;
allow init tee_device:chr_file write;
allow init hidl_base_hwservice:hwservice_manager add;
allow init sysfs_graphics:lnk_file read;
-allow init system_file:file mounton;
-allow init hal_vibrator_default:process noatsecure;
+allow init adsprpcd_file:filesystem { mount relabelfrom relabelto };
diff --git a/sepolicy/installd.te b/sepolicy/installd.te
deleted file mode 100644
index 0195b22..0000000
--- a/sepolicy/installd.te
+++ /dev/null
@@ -1 +0,0 @@
-allow installd adsprpcd_file:filesystem quotaget;
diff --git a/sepolicy/kernel.te b/sepolicy/kernel.te
deleted file mode 100644
index ba628d5..0000000
--- a/sepolicy/kernel.te
+++ /dev/null
@@ -1,2 +0,0 @@
-allow kernel vfat:dir search;
-allow kernel vfat:file open;
diff --git a/sepolicy/location.te b/sepolicy/location.te
deleted file mode 100644
index 642c588..0000000
--- a/sepolicy/location.te
+++ /dev/null
@@ -1 +0,0 @@
-allow location location_data_file:sock_file unlink;
diff --git a/sepolicy/mediaextractor.te b/sepolicy/mediaextractor.te
deleted file mode 100644
index 3e22092..0000000
--- a/sepolicy/mediaextractor.te
+++ /dev/null
@@ -1 +0,0 @@
-allow mediaextractor sdcardfs:file r_file_perms;
diff --git a/sepolicy/mediaprovider.te b/sepolicy/mediaprovider.te
deleted file mode 100644
index cd1717a..0000000
--- a/sepolicy/mediaprovider.te
+++ /dev/null
@@ -1 +0,0 @@
-allow mediaprovider{ cache_private_backup_file cache_recovery_file }:dir r_dir_perms;
diff --git a/sepolicy/mm-qcamerad.te b/sepolicy/mm-qcamerad.te
index f79c7e4..1100a7b 100644
--- a/sepolicy/mm-qcamerad.te
+++ b/sepolicy/mm-qcamerad.te
@@ -2,4 +2,3 @@ typeattribute mm-qcamerad data_between_core_and_vendor_violators;
allow mm-qcamerad camera_data_file:dir create_dir_perms;
allow mm-qcamerad camera_data_file:file create_file_perms;
-allow mm-qcamerad vfat:dir search;
diff --git a/sepolicy/netd.te b/sepolicy/netd.te
index 3df4322..7196642 100644
--- a/sepolicy/netd.te
+++ b/sepolicy/netd.te
@@ -1,2 +1 @@
-allow netd self:capability sys_resource;
allow netd sysfs_net:file rw_file_perms;
diff --git a/sepolicy/netutils_wrapper.te b/sepolicy/netutils_wrapper.te
new file mode 100644
index 0000000..c5233ee
--- /dev/null
+++ b/sepolicy/netutils_wrapper.te
@@ -0,0 +1 @@
+allow netutils_wrapper netmgrd:socket { read write };
diff --git a/sepolicy/peripheral_manager.te b/sepolicy/peripheral_manager.te
deleted file mode 100644
index af7f4bf..0000000
--- a/sepolicy/peripheral_manager.te
+++ /dev/null
@@ -1,2 +0,0 @@
-allow vendor_per_mgr vfat:dir search;
-allow vendor_per_mgr vfat:file { open read };
diff --git a/sepolicy/priv_app.te b/sepolicy/priv_app.te
deleted file mode 100644
index cc763ca..0000000
--- a/sepolicy/priv_app.te
+++ /dev/null
@@ -1,12 +0,0 @@
-allow priv_app adsprpcd_file:filesystem getattr;
-allow priv_app { asec_apk_file bt_firmware_file cache_private_backup_file cgroup configfs mnt_media_rw_file radio_data_file }:dir r_dir_perms;
-allow priv_app { file_contexts_file firmware_file hwservice_contexts_file keylayout_file mac_perms_file nonplat_service_contexts_file proc_interrupts proc_modules proc_stat seapp_contexts_file sepolicy_file service_contexts_file vendor_file vndservice_contexts_file }:file r_file_perms;
-allow priv_app hal_memtrack_hwservice:hwservice_manager find;
-allow priv_app device:dir open;
-
-binder_call(priv_app, hal_memtrack_default);
-
-# Clean up logspam
-dontaudit priv_app device:dir read;
-dontaudit priv_app proc_interrupts:file read;
-dontaudit priv_app proc_modules:file read;
diff --git a/sepolicy/qti_init_shell.te b/sepolicy/qti_init_shell.te
index 64ab2bc..cc3ba68 100644
--- a/sepolicy/qti_init_shell.te
+++ b/sepolicy/qti_init_shell.te
@@ -1,7 +1,4 @@
-allow qti_init_shell sysfs:file write;
allow qti_init_shell vendor_radio_data_file:dir { getattr open read search setattr };
-allow qti_init_shell vfat:file { getattr open read setattr };
-allow qti_init_shell vfat:dir { open read search };
allow qti_init_shell file_contexts_file:file { getattr open read };
# Allow qti_init_shell to fully access wlan_mac.bin persist file
diff --git a/sepolicy/rmt_storage.te b/sepolicy/rmt_storage.te
deleted file mode 100644
index 69b2634..0000000
--- a/sepolicy/rmt_storage.te
+++ /dev/null
@@ -1,2 +0,0 @@
-allow rmt_storage debugfs_rmt:dir search;
-allow rmt_storage debugfs_rmt:file rw_file_perms;
diff --git a/sepolicy/system_app.te b/sepolicy/system_app.te
index c0c4408..5fe4bd9 100644
--- a/sepolicy/system_app.te
+++ b/sepolicy/system_app.te
@@ -3,6 +3,3 @@ allow system_app sysfs_fingerprint:dir search;
allow system_app shell_prop:property_service set;
binder_call(system_app, wificond);
-
-dontaudit system_app netd_service:service_manager find;
-dontaudit system_app installd_service:service_manager find;
diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
index 6784b22..6d95c6d 100644
--- a/sepolicy/system_server.te
+++ b/sepolicy/system_server.te
@@ -1,6 +1,4 @@
allow system_server vendor_alarm_boot_prop:file r_file_perms;
-allow system_server install_data_file:file getattr;
-allow system_server zygote:process getpgid;
allow system_server sysfs_vibrator:file read;
# /vendor/usr/keylayout
diff --git a/sepolicy/ueventd.te b/sepolicy/ueventd.te
deleted file mode 100644
index 39b21e5..0000000
--- a/sepolicy/ueventd.te
+++ /dev/null
@@ -1,2 +0,0 @@
-allow ueventd vfat:dir search;
-allow ueventd vfat:file r_file_perms;
diff --git a/sepolicy/untrusted_app.te b/sepolicy/untrusted_app.te
deleted file mode 100644
index 8aeb709..0000000
--- a/sepolicy/untrusted_app.te
+++ /dev/null
@@ -1,2 +0,0 @@
-dontaudit untrusted_app_all sysfs_zram:dir search;
-dontaudit untrusted_app_all sysfs_zram:file r_file_perms;
diff --git a/sepolicy/vendor_init.te b/sepolicy/vendor_init.te
index 8042ec2..d64d798 100644
--- a/sepolicy/vendor_init.te
+++ b/sepolicy/vendor_init.te
@@ -2,17 +2,12 @@ typeattribute vendor_init data_between_core_and_vendor_violators;
allow vendor_init {
camera_data_file
- cnd_data_file
fpc_data_file
media_rw_data_file
- rootfs
system_data_file
time_data_file
thermal_data_file
tombstone_data_file
}:dir create_dir_perms;
-allow vendor_init media_rw_data_file:{ dir file } getattr;
-allow vendor_init media_rw_data_file:file relabelfrom;
allow vendor_init device:file create_file_perms;
-allow vendor_init sysfs:file write;
diff --git a/sepolicy/wcnss_service.te b/sepolicy/wcnss_service.te
index 340658d..35908ad 100644
--- a/sepolicy/wcnss_service.te
+++ b/sepolicy/wcnss_service.te
@@ -1,4 +1,2 @@
-allow wcnss_service sysfs_pcie:dir search;
-allow wcnss_service sysfs_pcie:file rw_file_perms;
-allow wcnss_service sysfs_wifi:dir search;
-allow wcnss_service sysfs_wifi:file rw_file_perms;
+allow wcnss_service { sysfs_pcie sysfs_wifi }:dir search;
+allow wcnss_service { sysfs_pcie sysfs_wifi }:file rw_file_perms;
diff --git a/sepolicy/webview_zygote.te b/sepolicy/webview_zygote.te
deleted file mode 100644
index c8a7ec2..0000000
--- a/sepolicy/webview_zygote.te
+++ /dev/null
@@ -1 +0,0 @@
-allow webview_zygote zygote:unix_dgram_socket write;
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-19 23:29:04 +0000