aboutsummaryrefslogtreecommitdiff
path: root/sepolicy
diff options
context:
space:
mode:
authorÁlvaro Brey <alvaro.brv@gmail.com>2017-02-25 00:53:22 +0100
committerdavidevinavil <davidevinavil@gmail.com>2017-04-07 13:20:21 +0200
commite7ef94c47efc3456957f39261a71909d3ee324e5 (patch)
treed389582e36da1da8c70326a031a9edff9f78da5a /sepolicy
parentb9d8148262179edca8b624e2993f3f345ea526ca (diff)
Remove alipay/ifaa packages and permissions
Diffstat (limited to 'sepolicy')
-rw-r--r--sepolicy/alipay_app.te65
-rw-r--r--sepolicy/file_contexts1
-rw-r--r--sepolicy/ifaadaemon.te29
-rw-r--r--sepolicy/mac_permissions.xml18
-rw-r--r--sepolicy/seapp_contexts2
-rw-r--r--sepolicy/service.te1
-rw-r--r--sepolicy/service_contexts1
-rw-r--r--sepolicy/servicemanager.te3
8 files changed, 0 insertions, 120 deletions
diff --git a/sepolicy/alipay_app.te b/sepolicy/alipay_app.te
deleted file mode 100644
index 1570108..0000000
--- a/sepolicy/alipay_app.te
+++ /dev/null
@@ -1,65 +0,0 @@
-# Generally based on untrusted_app.te
-
-type alipay_app, domain;
-app_domain(alipay_app)
-net_domain(alipay_app)
-bluetooth_domain(alipay_app)
-
-# Some apps ship with shared libraries and binaries that they write out
-# to their sandbox directory and then execute.
-allow alipay_app app_data_file:file { rx_file_perms execmod };
-
-# Used by Finsky / Android "Verify Apps" functionality when
-# running "adb install foo.apk".
-# TODO: Long term, we don't want apps probing into shell data files.
-# Figure out a way to remove these rules.
-allow alipay_app shell_data_file:file r_file_perms;
-allow alipay_app shell_data_file:dir r_dir_perms;
-
-# Read and write system app data files passed over Binder.
-# Motivating case was /data/data/com.android.settings/cache/*.jpg for
-# cropping or taking user photos.
-allow alipay_app system_app_data_file:file { read write getattr };
-
-#
-# Rules migrated from old app domains coalesced into alipay_app.
-# This includes what used to be media_app, shared_app, and release_app.
-#
-
-# Access to /data/media.
-allow alipay_app media_rw_data_file:dir create_dir_perms;
-allow alipay_app media_rw_data_file:file create_file_perms;
-
-# Traverse into /mnt/media_rw for bypassing FUSE daemon
-# TODO: narrow this to just MediaProvider
-allow alipay_app mnt_media_rw_file:dir search;
-
-# Write to /cache.
-allow alipay_app cache_file:dir create_dir_perms;
-allow alipay_app cache_file:file create_file_perms;
-
-allow alipay_app audioserver_service:service_manager find;
-allow alipay_app battery_service:service_manager find;
-allow alipay_app cameraserver_service:service_manager find;
-allow alipay_app drmserver_service:service_manager find;
-allow alipay_app ifaadaemon_service:service_manager find;
-allow alipay_app mediaserver_service:service_manager find;
-allow alipay_app mediaextractor_service:service_manager find;
-allow alipay_app mediacodec_service:service_manager find;
-allow alipay_app mediadrmserver_service:service_manager find;
-allow alipay_app nfc_service:service_manager find;
-allow alipay_app radio_service:service_manager find;
-allow alipay_app surfaceflinger_service:service_manager find;
-allow alipay_app app_api_service:service_manager find;
-
-# Programs routinely attempt to scan through /system, looking
-# for files. Suppress the denials when they occur.
-dontaudit alipay_app exec_type:file getattr;
-
-# TODO: switch to meminfo service
-allow alipay_app proc_meminfo:file r_file_perms;
-
-# https://code.google.com/p/chromium/issues/detail?id=586021
-allow alipay_app proc:file r_file_perms;
-# access /proc/net/xt_qtguid/stats
-r_dir_file(alipay_app, proc_net)
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index c1dd5ed..844cbaf 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -27,7 +27,6 @@
/sys/kernel/debug/rmt_storage/rmts u:object_r:debugfs_rmts:s0
-/system/bin/ifaadaemon u:object_r:ifaadaemon_exec:s0
/system/bin/readmac u:object_r:readmac_exec:s0
# Data files
diff --git a/sepolicy/ifaadaemon.te b/sepolicy/ifaadaemon.te
deleted file mode 100644
index 91671e2..0000000
--- a/sepolicy/ifaadaemon.te
+++ /dev/null
@@ -1,29 +0,0 @@
-type ifaadaemon, domain;
-type ifaadaemon_exec, exec_type, file_type;
-
-#Allow for transition from init domain to ifaadaemon
-init_daemon_domain(ifaadaemon)
-
-#Allow ifaadaemon to use Binder IPC
-binder_use(ifaadaemon)
-
-#Allow servicemanager to interact with ifaadaemon
-binder_call(ifaadaemon, servicemanager)
-
-#Allow alipay_app to interact with ifaadaemon
-binder_call(ifaadaemon, alipay_app)
-
-#Mark ifaadaemon as a Binder service domain
-binder_service(ifaadaemon)
-
-#Allow ifaadaemon to be registered with service manager
-allow ifaadaemon ifaadaemon_service:service_manager add;
-
-#Allow access to tee device
-allow ifaadaemon tee_device:chr_file rw_file_perms;
-
-#Allow access to ion device
-allow ifaadaemon ion_device:chr_file r_file_perms;
-
-#Allow access to firmware
-r_dir_file(ifaadaemon, firmware_file)
diff --git a/sepolicy/mac_permissions.xml b/sepolicy/mac_permissions.xml
deleted file mode 100644
index a025144..0000000
--- a/sepolicy/mac_permissions.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<policy>
-
- <!-- Alipay -->
- <signer signature="30820244308201ad02044b28a3c9300d06092a864886f70d01010405003068310b300906035504061302636e3110300e060355040813076265696a696e673110300e060355040713076265696a696e67310f300d060355040a1306616c69706179310f300d060355040b1306616c69706179311330110603550403130a73686971756e2e7368693020170d3039313231363039303932395a180f32303531303131303039303932395a3068310b300906035504061302636e3110300e060355040813076265696a696e673110300e060355040713076265696a696e67310f300d060355040a1306616c69706179310f300d060355040b1306616c69706179311330110603550403130a73686971756e2e73686930819f300d06092a864886f70d010101050003818d0030818902818100b6cbad6cbd5ed0d209afc69ad3b7a617efaae9b3c47eabe0be42d924936fa78c8001b1fd74b079e5ff9690061dacfa4768e981a526b9ca77156ca36251cf2f906d105481374998a7e6e6e18f75ca98b8ed2eaf86ff402c874cca0a263053f22237858206867d210020daa38c48b20cc9dfd82b44a51aeb5db459b22794e2d6490203010001300d06092a864886f70d010104050003818100b6b5e3854b2d5daaa02d127195d13a1927991176047982feaa3d1625740788296443e9000fe14dfe6701d7e86be06b9282e68d4eff32b19d48555b8a0838a6e146238f048aca986715d7eab0fb445796bbd19360a7721b8d99ba04581af957a290c47302055f813862f3c40b840e95898e72a1de03b6257a1acad4b482cd815c">
- <package name="com.eg.android.AlipayGphone" >
- <seinfo value="alipay" />
- </package>
- </signer>
-
- <!-- Taobao -->
- <signer signature="30820243308201aca00302010202044c59152e300d06092a864886f70d01010505003066310b300906035504061302434e3111300f060355040813087a68656a69616e673111300f0603550407130868616e677a686f75310f300d060355040a130674616f62616f310f300d060355040b130674616f62616f310f300d0603550403130674616f62616f301e170d3130303830343037323232325a170d3337313232303037323232325a3066310b300906035504061302434e3111300f060355040813087a68656a69616e673111300f0603550407130868616e677a686f75310f300d060355040a130674616f62616f310f300d060355040b130674616f62616f310f300d0603550403130674616f62616f30819f300d06092a864886f70d010101050003818d00308189028181008406125f369fde2720f7264923a63dc48e1243c1d9783ed44d8c276602d2d570073d92c155b81d5899e9a8a97e06353ac4b044d07ca3e2333677d199e0969c96489f6323ed5368e1760731704402d0112c002ccd09a06d27946269a438fe4b0216b718b658eed9d165023f24c6ddaec0af6f47ada8306ad0c4f0fcd80d9b69110203010001300d06092a864886f70d01010505000381810053dc5a9acd6fed237c2ff2b81d502edb88bee1ea22ad0e2ad1bb8e2e2e1c20a08f3797af894f35e092c78178090acddf7e8333c8d819736380f2cc91656b684bd4b30b5bb467351bf5f494f4453768a079b4d76311654e20dea7edf106ab958d92040ab8379fca39a4cdd496571eb4e29ce83bbbe770166ba5a03fd7bf90dbcd">
- <package name="com.taobao.taobao" >
- <seinfo value="taobao" />
- </package>
- </signer>
-
-</policy>
diff --git a/sepolicy/seapp_contexts b/sepolicy/seapp_contexts
deleted file mode 100644
index c69f557..0000000
--- a/sepolicy/seapp_contexts
+++ /dev/null
@@ -1,2 +0,0 @@
-user=_app seinfo=alipay name=com.eg.android.AlipayGphone* domain=alipay_app type=app_data_file
-user=_app seinfo=taobao name=com.taobao.taobao* domain=alipay_app type=app_data_file
diff --git a/sepolicy/service.te b/sepolicy/service.te
deleted file mode 100644
index 86f3627..0000000
--- a/sepolicy/service.te
+++ /dev/null
@@ -1 +0,0 @@
-type ifaadaemon_service, service_manager_type;
diff --git a/sepolicy/service_contexts b/sepolicy/service_contexts
deleted file mode 100644
index 5b71d70..0000000
--- a/sepolicy/service_contexts
+++ /dev/null
@@ -1 +0,0 @@
-ifaadaemon u:object_r:ifaadaemon_service:s0
diff --git a/sepolicy/servicemanager.te b/sepolicy/servicemanager.te
deleted file mode 100644
index caf3d25..0000000
--- a/sepolicy/servicemanager.te
+++ /dev/null
@@ -1,3 +0,0 @@
-allow servicemanager ifaadaemon:dir r_dir_perms;
-allow servicemanager ifaadaemon:file r_file_perms;
-allow servicemanager ifaadaemon:process getattr;