aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--rootdir/etc/init.qcom.rc6
-rw-r--r--sepolicy/bluetooth.te2
-rw-r--r--sepolicy/cnd.te3
-rw-r--r--sepolicy/file_contexts4
-rw-r--r--sepolicy/healthd.te1
-rw-r--r--sepolicy/init.te1
-rw-r--r--sepolicy/neverallows.te5
-rw-r--r--sepolicy/priv_app.te3
-rw-r--r--sepolicy/tee.te3
-rw-r--r--sepolicy/time_daemon.te2
10 files changed, 3 insertions, 27 deletions
diff --git a/rootdir/etc/init.qcom.rc b/rootdir/etc/init.qcom.rc
index f2168e8..5e8dd1e 100644
--- a/rootdir/etc/init.qcom.rc
+++ b/rootdir/etc/init.qcom.rc
@@ -91,12 +91,6 @@ on post-fs-data
# Create directory used by media clients
mkdir /data/vendor/media 0770 mediacodec media
- # Create directories for fingerprint
- mkdir /data/misc/stargate 0770 system system
- mkdir /data/misc/stargate/bg_estimation 0770 system system
- mkdir /data/misc/stargate/calib_test 0770 system system
- mkdir /data/misc/stargate/database 0770 system system
-
# Create directories for tombstones
mkdir /data/tombstones/modem 0771 system system
mkdir /data/tombstones/lpass 0771 system system
diff --git a/sepolicy/bluetooth.te b/sepolicy/bluetooth.te
index 78d0e78..158a941 100644
--- a/sepolicy/bluetooth.te
+++ b/sepolicy/bluetooth.te
@@ -1,3 +1,3 @@
# Bluetooth app depend on /vendor/lib64/libaptX_encoder.so
-allow bluetooth vendor_file:file rx_file_perms;
+allow bluetooth vendor_file:file r_file_perms;
diff --git a/sepolicy/cnd.te b/sepolicy/cnd.te
index e52c40b..6e24fc6 100644
--- a/sepolicy/cnd.te
+++ b/sepolicy/cnd.te
@@ -1,6 +1,5 @@
allow cnd { sysfs_msm_subsys sysfs_soc }:dir search;
allow cnd sysfs_msm_subsys:file { getattr open read setattr };
-allow cnd system_data_file:dir read;
-allow cnd system_data_file:file { getattr ioctl open read };
+allow cnd system_data_file:file { getattr ioctl read };
add_hwservice(cnd, hal_cne_hwservice)
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 9d75a23..215c5f1 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -1,9 +1,6 @@
# Partitions
/dev/block/platform/soc/(624000\.ufshc|7464900\.sdhci)/by-name/persist u:object_r:persist_block_device:s0
-# CNE
-/data/connectivity(/.*)? u:object_r:cnd_data_file:s0
-
# Devices
/dev/fpc1020 u:object_r:fpc1020_device:s0
/dev/tfa9890 u:object_r:audio_device:s0
@@ -12,7 +9,6 @@
# Data files
/data/fpc(/.*)? u:object_r:fpc_data_file:s0
/data/decrypt\.txt u:object_r:thermal_data_file:s0
-/data/misc/stargate(/.*)? u:object_r:qfp-daemon_data_file:s0
# Binaries
/vendor/bin/readmac u:object_r:readmac_exec:s0
diff --git a/sepolicy/healthd.te b/sepolicy/healthd.te
deleted file mode 100644
index 93d2673..0000000
--- a/sepolicy/healthd.te
+++ /dev/null
@@ -1 +0,0 @@
-allow healthd sysfs:file { getattr open read };
diff --git a/sepolicy/init.te b/sepolicy/init.te
index 06725f7..eee43ed 100644
--- a/sepolicy/init.te
+++ b/sepolicy/init.te
@@ -4,7 +4,6 @@ allow init adsprpcd_file:filesystem { mount relabelfrom relabelto };
allow init debugfs_ipc:dir relabelfrom;
allow init debugfs_ipc:file relabelfrom;
allow init proc_kernel_sched:file write;
-allow init proc:file { getattr open read setattr };
allow init { ion_device tee_device }:chr_file ioctl;
allow init hidl_base_hwservice:hwservice_manager add;
allow init sysfs_fingerprint:file { open read setattr write };
diff --git a/sepolicy/neverallows.te b/sepolicy/neverallows.te
deleted file mode 100644
index 9687789..0000000
--- a/sepolicy/neverallows.te
+++ /dev/null
@@ -1,5 +0,0 @@
-# Healthd
-allow healthd healthd:capability dac_override;
-
-# ReadMac
-allow readmac self:capability dac_override;
diff --git a/sepolicy/priv_app.te b/sepolicy/priv_app.te
index 9439899..cc763ca 100644
--- a/sepolicy/priv_app.te
+++ b/sepolicy/priv_app.te
@@ -1,10 +1,9 @@
allow priv_app adsprpcd_file:filesystem getattr;
allow priv_app { asec_apk_file bt_firmware_file cache_private_backup_file cgroup configfs mnt_media_rw_file radio_data_file }:dir r_dir_perms;
-allow priv_app { configfs file_contexts_file firmware_file hwservice_contexts_file keylayout_file mac_perms_file nonplat_service_contexts_file proc proc_interrupts proc_modules proc_stat seapp_contexts_file sepolicy_file service_contexts_file vendor_file vndservice_contexts_file }:file r_file_perms;
+allow priv_app { file_contexts_file firmware_file hwservice_contexts_file keylayout_file mac_perms_file nonplat_service_contexts_file proc_interrupts proc_modules proc_stat seapp_contexts_file sepolicy_file service_contexts_file vendor_file vndservice_contexts_file }:file r_file_perms;
allow priv_app hal_memtrack_hwservice:hwservice_manager find;
allow priv_app device:dir open;
-r_dir_file(priv_app, sysfs_type);
binder_call(priv_app, hal_memtrack_default);
# Clean up logspam
diff --git a/sepolicy/tee.te b/sepolicy/tee.te
deleted file mode 100644
index 7664bc4..0000000
--- a/sepolicy/tee.te
+++ /dev/null
@@ -1,3 +0,0 @@
-allow tee fingerprintd_data_file:file create_file_perms;
-allow tee fingerprintd_data_file:dir rw_dir_perms;
-allow tee system_data_file:dir r_dir_perms;
diff --git a/sepolicy/time_daemon.te b/sepolicy/time_daemon.te
index d8a8394..ea3cdec 100644
--- a/sepolicy/time_daemon.te
+++ b/sepolicy/time_daemon.te
@@ -1,5 +1,3 @@
allow time_daemon sysfs_msm_subsys:dir search;
allow time_daemon sysfs_msm_subsys:file { getattr open read setattr };
allow time_daemon sysfs_soc:dir search;
-allow time_daemon time_data_file:file create_file_perms;
-allow time_daemon time_data_file:dir rw_dir_perms;
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-19 22:49:50 +0000