From e7ef94c47efc3456957f39261a71909d3ee324e5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lvaro=20Brey?= Date: Sat, 25 Feb 2017 00:53:22 +0100 Subject: Remove alipay/ifaa packages and permissions --- device.mk | 7 --- org.ifaa.android.manager/Android.mk | 26 --------- .../src/org/ifaa/android/manager/IFAAManager.java | 23 -------- .../ifaa/android/manager/IFAAManagerFactory.java | 64 --------------------- rootdir/init.qcom.rc | 8 +-- sepolicy/alipay_app.te | 65 ---------------------- sepolicy/file_contexts | 1 - sepolicy/ifaadaemon.te | 29 ---------- sepolicy/mac_permissions.xml | 18 ------ sepolicy/seapp_contexts | 2 - sepolicy/service.te | 1 - sepolicy/service_contexts | 1 - sepolicy/servicemanager.te | 3 - 13 files changed, 1 insertion(+), 247 deletions(-) delete mode 100644 org.ifaa.android.manager/Android.mk delete mode 100644 org.ifaa.android.manager/src/org/ifaa/android/manager/IFAAManager.java delete mode 100644 org.ifaa.android.manager/src/org/ifaa/android/manager/IFAAManagerFactory.java delete mode 100644 sepolicy/alipay_app.te delete mode 100644 sepolicy/ifaadaemon.te delete mode 100644 sepolicy/mac_permissions.xml delete mode 100644 sepolicy/seapp_contexts delete mode 100644 sepolicy/service.te delete mode 100644 sepolicy/service_contexts delete mode 100644 sepolicy/servicemanager.te diff --git a/device.mk b/device.mk index eb0b4fd..4bebb18 100755 --- a/device.mk +++ b/device.mk @@ -30,13 +30,6 @@ $(call inherit-product-if-exists, vendor/zuk/z2_plus/z2_plus-vendor.mk) # Overlays DEVICE_PACKAGE_OVERLAYS += $(LOCAL_PATH)/overlay -# Alipay -PRODUCT_PACKAGES += \ - org.ifaa.android.manager - -PRODUCT_BOOT_JARS += \ - org.ifaa.android.manager - # Device was launched with M PRODUCT_PROPERTY_OVERRIDES += \ ro.product.first_api_level=23 diff --git a/org.ifaa.android.manager/Android.mk b/org.ifaa.android.manager/Android.mk deleted file mode 100644 index 5818bb7..0000000 --- a/org.ifaa.android.manager/Android.mk +++ /dev/null @@ -1,26 +0,0 @@ -# -# Copyright (C) 2016 The CyanogenMod Project -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -LOCAL_PATH := $(call my-dir) - -include $(CLEAR_VARS) - -LOCAL_SRC_FILES := $(call all-java-files-under, src) - -LOCAL_MODULE := org.ifaa.android.manager -LOCAL_MODULE_TAGS := optional - -include $(BUILD_JAVA_LIBRARY) diff --git a/org.ifaa.android.manager/src/org/ifaa/android/manager/IFAAManager.java b/org.ifaa.android.manager/src/org/ifaa/android/manager/IFAAManager.java deleted file mode 100644 index 5a945c3..0000000 --- a/org.ifaa.android.manager/src/org/ifaa/android/manager/IFAAManager.java +++ /dev/null @@ -1,23 +0,0 @@ -package org.ifaa.android.manager; - -import android.content.Context; -import android.hardware.fingerprint.FingerprintManager; -import android.os.Build; - -public abstract class IFAAManager -{ - static - { - System.loadLibrary("ifaa_jni"); - } - - public abstract String getDeviceModel(); - - public abstract int getSupportBIOTypes(Context paramContext); - - public abstract int getVersion(); - - public native byte[] processCmd(Context paramContext, byte[] paramArrayOfByte); - - public abstract int startBIOManager(Context paramContext, int paramInt); -} diff --git a/org.ifaa.android.manager/src/org/ifaa/android/manager/IFAAManagerFactory.java b/org.ifaa.android.manager/src/org/ifaa/android/manager/IFAAManagerFactory.java deleted file mode 100644 index a747b13..0000000 --- a/org.ifaa.android.manager/src/org/ifaa/android/manager/IFAAManagerFactory.java +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Copyright (C) 2016 The CyanogenMod Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.ifaa.android.manager; - -import android.content.ActivityNotFoundException; -import android.content.ComponentName; -import android.content.Context; -import android.content.Intent; - -public class IFAAManagerFactory extends IFAAManager { - private static final int ACTIVITY_START_FAILED = -1; - private static final int ACTIVITY_START_SUCCESS = 0; - private static final int BIOTypeFingerprint = 1; - private static final int BIOTypeIris = 2; - private static final String TAG = "IFAAManagerFactory"; - public static IFAAManagerFactory mIFAAManagerFactory = null; - - public int getSupportBIOTypes(Context context) { - return BIOTypeFingerprint; - } - - public int startBIOManager(Context context, int authType) { - try { - Intent intent = new Intent(); - intent.addFlags(Intent.FLAG_RECEIVER_FOREGROUND); - intent.setComponent(new ComponentName("com.android.settings", "com.android.settings.Settings$SecuritySettingsActivity")); - context.startActivity(intent); - } catch (ActivityNotFoundException e) { - e.printStackTrace(); - } catch (Throwable th) { - } - return ACTIVITY_START_SUCCESS; - } - - public String getDeviceModel() { - return "ZUK-Z2131"; - } - - public int getVersion() { - return BIOTypeFingerprint; - } - - public static IFAAManager getIFAAManager(Context context, int authType) { - if (mIFAAManagerFactory != null) { - return mIFAAManagerFactory; - } - mIFAAManagerFactory = new IFAAManagerFactory(); - return mIFAAManagerFactory; - } -} diff --git a/rootdir/init.qcom.rc b/rootdir/init.qcom.rc index e2ad207..af0e279 100755 --- a/rootdir/init.qcom.rc +++ b/rootdir/init.qcom.rc @@ -142,7 +142,7 @@ on boot #added touch gesture wake node permission chown system system /sys/devices/virtual/touch/tp_dev/gesture_on chmod 0660 /sys/devices/virtual/touch/tp_dev/gesture_on - + # USB chown system system /sys/module/dwc3/parameters/usb30_disabled chmod 0660 /sys/module/dwc3/parameters/usb30_disabled @@ -1300,9 +1300,3 @@ service seemp_healthd /system/vendor/bin/seemp_healthd class late_start user system group system - -#IFAA service -service ifaad /system/bin/ifaad - class late_start - user system - group system diff --git a/sepolicy/alipay_app.te b/sepolicy/alipay_app.te deleted file mode 100644 index 1570108..0000000 --- a/sepolicy/alipay_app.te +++ /dev/null @@ -1,65 +0,0 @@ -# Generally based on untrusted_app.te - -type alipay_app, domain; -app_domain(alipay_app) -net_domain(alipay_app) -bluetooth_domain(alipay_app) - -# Some apps ship with shared libraries and binaries that they write out -# to their sandbox directory and then execute. -allow alipay_app app_data_file:file { rx_file_perms execmod }; - -# Used by Finsky / Android "Verify Apps" functionality when -# running "adb install foo.apk". -# TODO: Long term, we don't want apps probing into shell data files. -# Figure out a way to remove these rules. -allow alipay_app shell_data_file:file r_file_perms; -allow alipay_app shell_data_file:dir r_dir_perms; - -# Read and write system app data files passed over Binder. -# Motivating case was /data/data/com.android.settings/cache/*.jpg for -# cropping or taking user photos. -allow alipay_app system_app_data_file:file { read write getattr }; - -# -# Rules migrated from old app domains coalesced into alipay_app. -# This includes what used to be media_app, shared_app, and release_app. -# - -# Access to /data/media. -allow alipay_app media_rw_data_file:dir create_dir_perms; -allow alipay_app media_rw_data_file:file create_file_perms; - -# Traverse into /mnt/media_rw for bypassing FUSE daemon -# TODO: narrow this to just MediaProvider -allow alipay_app mnt_media_rw_file:dir search; - -# Write to /cache. -allow alipay_app cache_file:dir create_dir_perms; -allow alipay_app cache_file:file create_file_perms; - -allow alipay_app audioserver_service:service_manager find; -allow alipay_app battery_service:service_manager find; -allow alipay_app cameraserver_service:service_manager find; -allow alipay_app drmserver_service:service_manager find; -allow alipay_app ifaadaemon_service:service_manager find; -allow alipay_app mediaserver_service:service_manager find; -allow alipay_app mediaextractor_service:service_manager find; -allow alipay_app mediacodec_service:service_manager find; -allow alipay_app mediadrmserver_service:service_manager find; -allow alipay_app nfc_service:service_manager find; -allow alipay_app radio_service:service_manager find; -allow alipay_app surfaceflinger_service:service_manager find; -allow alipay_app app_api_service:service_manager find; - -# Programs routinely attempt to scan through /system, looking -# for files. Suppress the denials when they occur. -dontaudit alipay_app exec_type:file getattr; - -# TODO: switch to meminfo service -allow alipay_app proc_meminfo:file r_file_perms; - -# https://code.google.com/p/chromium/issues/detail?id=586021 -allow alipay_app proc:file r_file_perms; -# access /proc/net/xt_qtguid/stats -r_dir_file(alipay_app, proc_net) diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index c1dd5ed..844cbaf 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -27,7 +27,6 @@ /sys/kernel/debug/rmt_storage/rmts u:object_r:debugfs_rmts:s0 -/system/bin/ifaadaemon u:object_r:ifaadaemon_exec:s0 /system/bin/readmac u:object_r:readmac_exec:s0 # Data files diff --git a/sepolicy/ifaadaemon.te b/sepolicy/ifaadaemon.te deleted file mode 100644 index 91671e2..0000000 --- a/sepolicy/ifaadaemon.te +++ /dev/null @@ -1,29 +0,0 @@ -type ifaadaemon, domain; -type ifaadaemon_exec, exec_type, file_type; - -#Allow for transition from init domain to ifaadaemon -init_daemon_domain(ifaadaemon) - -#Allow ifaadaemon to use Binder IPC -binder_use(ifaadaemon) - -#Allow servicemanager to interact with ifaadaemon -binder_call(ifaadaemon, servicemanager) - -#Allow alipay_app to interact with ifaadaemon -binder_call(ifaadaemon, alipay_app) - -#Mark ifaadaemon as a Binder service domain -binder_service(ifaadaemon) - -#Allow ifaadaemon to be registered with service manager -allow ifaadaemon ifaadaemon_service:service_manager add; - -#Allow access to tee device -allow ifaadaemon tee_device:chr_file rw_file_perms; - -#Allow access to ion device -allow ifaadaemon ion_device:chr_file r_file_perms; - -#Allow access to firmware -r_dir_file(ifaadaemon, firmware_file) diff --git a/sepolicy/mac_permissions.xml b/sepolicy/mac_permissions.xml deleted file mode 100644 index a025144..0000000 --- a/sepolicy/mac_permissions.xml +++ /dev/null @@ -1,18 +0,0 @@ - - - - - - - - - - - - - - - - - - diff --git a/sepolicy/seapp_contexts b/sepolicy/seapp_contexts deleted file mode 100644 index c69f557..0000000 --- a/sepolicy/seapp_contexts +++ /dev/null @@ -1,2 +0,0 @@ -user=_app seinfo=alipay name=com.eg.android.AlipayGphone* domain=alipay_app type=app_data_file -user=_app seinfo=taobao name=com.taobao.taobao* domain=alipay_app type=app_data_file diff --git a/sepolicy/service.te b/sepolicy/service.te deleted file mode 100644 index 86f3627..0000000 --- a/sepolicy/service.te +++ /dev/null @@ -1 +0,0 @@ -type ifaadaemon_service, service_manager_type; diff --git a/sepolicy/service_contexts b/sepolicy/service_contexts deleted file mode 100644 index 5b71d70..0000000 --- a/sepolicy/service_contexts +++ /dev/null @@ -1 +0,0 @@ -ifaadaemon u:object_r:ifaadaemon_service:s0 diff --git a/sepolicy/servicemanager.te b/sepolicy/servicemanager.te deleted file mode 100644 index caf3d25..0000000 --- a/sepolicy/servicemanager.te +++ /dev/null @@ -1,3 +0,0 @@ -allow servicemanager ifaadaemon:dir r_dir_perms; -allow servicemanager ifaadaemon:file r_file_perms; -allow servicemanager ifaadaemon:process getattr; -- cgit v1.2.3