msm8996-common: neverallows: Nuke priv-app and qti denials

Change-Id: Ifc66eb447953aaa312b7c3a9230a72b70fb78ea7
Signed-off-by: Davide Garberi <dade.garberi@gmail.com>

2 files changed, 1 insertions, 12 deletions

diff --git a/sepolicy/neverallows.te b/sepolicy/neverallows.te
index 5823a48..9cf76d8 100644
--- a/sepolicy/neverallows.te
+++ b/sepolicy/neverallows.te
@@ -17,18 +17,6 @@ allow netmgrd vendor_xlat_prop:property_service set;
 # Perf
 binder_call(system_app, perfprofd);
 
-# Priv-app
-allow priv_app device:dir open;
-allow priv_app proc:file { getattr open };
-allow priv_app proc_interrupts:file open;
-allow priv_app proc_modules:file { getattr open };
-
-# Qti init
-allow qti_init_shell self:capability { dac_override dac_read_search };
-allow qti_init_shell system_data_file:dir { add_name write remove_name };
-allow qti_init_shell system_data_file:file { create getattr open read rename setattr unlink write };
-allow qti_init_shell file_contexts_file:file { getattr open read };
-
 # ReadMac
 allow readmac self:capability dac_override;
 
diff --git a/sepolicy/qti_init_shell.te b/sepolicy/qti_init_shell.te
index a5ec8a4..1841019 100644
--- a/sepolicy/qti_init_shell.te
+++ b/sepolicy/qti_init_shell.te
@@ -2,3 +2,4 @@ allow qti_init_shell sysfs:file write;
 allow qti_init_shell vendor_radio_data_file:dir { getattr open read search setattr };
 allow qti_init_shell vfat:file { getattr open read setattr };
 allow qti_init_shell vfat:dir { open read search };
+allow qti_init_shell file_contexts_file:file { getattr open read };