diff options
| author | Davide Garberi <dade.garberi@gmail.com> | 2018-12-27 15:27:54 +0100 |
|---|---|---|
| committer | Davide Garberi <dade.garberi@gmail.com> | 2018-12-27 13:55:07 +0100 |
| commit | cceb82e2ae844a2635cef394af0d35bcb8d73342 (patch) | |
| tree | ee78cd22242b348399a8f6ddaf6185e80f40881a /sepolicy | |
| parent | b2a4d69f8779f741801c1d2ff1b371dfad01219c (diff) | |
msm8996-common: sepolicy: Remove most neverallows
Change-Id: Ie5569ba587b47e23aab07108cf5bb483d7177f50
Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
Diffstat (limited to 'sepolicy')
| -rw-r--r-- | sepolicy/cnd.te | 2 | ||||
| -rw-r--r-- | sepolicy/hwservice.te | 1 | ||||
| -rw-r--r-- | sepolicy/hwservice_contexts | 2 | ||||
| -rw-r--r-- | sepolicy/neverallows.te | 24 |
4 files changed, 5 insertions, 24 deletions
diff --git a/sepolicy/cnd.te b/sepolicy/cnd.te index 99ea2df..e52c40b 100644 --- a/sepolicy/cnd.te +++ b/sepolicy/cnd.te @@ -2,3 +2,5 @@ allow cnd { sysfs_msm_subsys sysfs_soc }:dir search; allow cnd sysfs_msm_subsys:file { getattr open read setattr }; allow cnd system_data_file:dir read; allow cnd system_data_file:file { getattr ioctl open read }; + +add_hwservice(cnd, hal_cne_hwservice) diff --git a/sepolicy/hwservice.te b/sepolicy/hwservice.te new file mode 100644 index 0000000..2b74a92 --- /dev/null +++ b/sepolicy/hwservice.te @@ -0,0 +1 @@ +type hal_cne_hwservice, hwservice_manager_type; diff --git a/sepolicy/hwservice_contexts b/sepolicy/hwservice_contexts new file mode 100644 index 0000000..3dbdf29 --- /dev/null +++ b/sepolicy/hwservice_contexts @@ -0,0 +1,2 @@ +com.quicinc.cne.api::IApiService u:object_r:hal_cne_hwservice:s0 +com.quicinc.cne.server::IServer u:object_r:hal_cne_hwservice:s0 diff --git a/sepolicy/neverallows.te b/sepolicy/neverallows.te index ddf1d48..ac95576 100644 --- a/sepolicy/neverallows.te +++ b/sepolicy/neverallows.te @@ -3,29 +3,5 @@ allow charger mnt_vendor_file:dir create_dir_perms; allow charger mnt_vendor_file:file create_file_perms; allow charger self:capability dac_override; -# CND -allow cnd default_android_hwservice:hwservice_manager add; - -# Dataservice -allow dataservice_app default_android_hwservice:hwservice_manager find; - -# IMS -allow ims default_android_hwservice:hwservice_manager find; - -# Init -binder_call(init, system_server); -allow init sysfs:file { open read write }; -allow init sysfs_scsi_devices_0000:file { open setattr write }; - -# Netmgrd -allow netmgrd vendor_xlat_prop:property_service set; - -# Perf -binder_call(system_app, perfprofd); - # ReadMac allow readmac self:capability dac_override; - -# SystemServer -allow system_server dalvikcache_data_file:file { execute write }; -allow system_server vendor_camera_prop:file { getattr open read }; |