diff options
| author | Abhisek Devkota <ciwrl@cyanogenmod.com> | 2016-11-23 19:54:58 -0800 |
|---|---|---|
| committer | Abhisek Devkota <ciwrl@cyanogenmod.com> | 2016-11-23 19:54:58 -0800 |
| commit | c948c9985a6b13a4ab2c89ae37f7e9a2c332e3cc (patch) | |
| tree | e8af7a2647d5e01d1e3cd98d238890f5069c9e92 | |
| parent | c6cc357893beed60478f1f176e054b69e710ee74 (diff) | |
Drop neverallow sepolicy items
Change-Id: I07126f07a53de8f0316fc2cb051858344e20ac17
| -rw-r--r-- | sepolicy/camera.te | 2 | ||||
| -rw-r--r-- | sepolicy/mediaserver.te | 3 | ||||
| -rw-r--r-- | sepolicy/surfaceflinger.te | 2 |
3 files changed, 0 insertions, 7 deletions
diff --git a/sepolicy/camera.te b/sepolicy/camera.te index 17d5c5d..060f772 100644 --- a/sepolicy/camera.te +++ b/sepolicy/camera.te @@ -5,8 +5,6 @@ type camera_exec, exec_type, file_type; # Started by init init_daemon_domain(camera) -allow camera system_file:file execmod; - # Interact with other media devices allow camera camera_device:dir search; allow camera { video_device camera_device }:chr_file rw_file_perms; diff --git a/sepolicy/mediaserver.te b/sepolicy/mediaserver.te index f24f990..f82f16d 100644 --- a/sepolicy/mediaserver.te +++ b/sepolicy/mediaserver.te @@ -7,6 +7,3 @@ unix_socket_send(mediaserver, mpdecision, mpdecision) # Permit mediaserver to create sockets with no specific SELinux class. # TODO: Investigate the specific type of socket. allow mediaserver self:socket create_socket_perms; - -# For text relocations in /system/vendor/lib/libmmjpeg.so -allow mediaserver system_file:file execmod; diff --git a/sepolicy/surfaceflinger.te b/sepolicy/surfaceflinger.te index 881b311..aca5928 100644 --- a/sepolicy/surfaceflinger.te +++ b/sepolicy/surfaceflinger.te @@ -1,3 +1 @@ -allow surfaceflinger shell_data_file:dir search; -allow surfaceflinger shell_data_file:file { open getattr read }; allow surfaceflinger sysfs:file rw_file_perms; |