diff options
| author | Sultan Qasim Khan <sultanqasim@gmail.com> | 2015-12-05 21:34:57 -0500 |
|---|---|---|
| committer | Ashwin <ashwinr64@gmail.com> | 2015-12-15 17:08:05 +0530 |
| commit | 20ab10c25cbc5286eee9bbc3f159a46f388997f5 (patch) | |
| tree | 1a6f61007cc9009eb68ae9cc3df2651e7981d280 | |
| parent | fadc1a81e22a31798e417a7df4723bc5fd219021 (diff) | |
condor: commonize sepolicy
Change-Id: I256057f1d8a7c211700a7779f90abfe3c8fbf647
| -rw-r--r-- | sepolicy/atvc.te | 7 | ||||
| -rw-r--r-- | sepolicy/batt_health.te | 16 | ||||
| -rw-r--r-- | sepolicy/bootanim.te | 1 | ||||
| -rw-r--r-- | sepolicy/device.te | 6 | ||||
| -rw-r--r-- | sepolicy/file.te | 17 | ||||
| -rw-r--r-- | sepolicy/file_contexts | 48 | ||||
| -rw-r--r-- | sepolicy/hw_revs.te | 13 | ||||
| -rw-r--r-- | sepolicy/init.te | 7 | ||||
| -rw-r--r-- | sepolicy/init_shell.te | 3 | ||||
| -rw-r--r-- | sepolicy/keystore.te | 2 | ||||
| -rw-r--r-- | sepolicy/mediaserver.te | 1 | ||||
| -rw-r--r-- | sepolicy/mm-qcamerad.te | 7 | ||||
| -rw-r--r-- | sepolicy/mpdecision.te | 6 | ||||
| -rw-r--r-- | sepolicy/platform_app.te | 1 | ||||
| -rw-r--r-- | sepolicy/property.te | 3 | ||||
| -rw-r--r-- | sepolicy/property_contexts | 2 | ||||
| -rw-r--r-- | sepolicy/rild.te | 7 | ||||
| -rw-r--r-- | sepolicy/rmt_storage.te | 11 | ||||
| -rw-r--r-- | sepolicy/system_app.te | 1 | ||||
| -rw-r--r-- | sepolicy/system_init.te | 5 | ||||
| -rw-r--r-- | sepolicy/system_server.te | 3 | ||||
| -rw-r--r-- | sepolicy/thermal-engine.te | 2 | ||||
| -rw-r--r-- | sepolicy/ueventd.te | 3 | ||||
| -rw-r--r-- | sepolicy/vold.te | 3 |
24 files changed, 0 insertions, 175 deletions
diff --git a/sepolicy/atvc.te b/sepolicy/atvc.te deleted file mode 100644 index 3a55cf3..0000000 --- a/sepolicy/atvc.te +++ /dev/null @@ -1,7 +0,0 @@ -type atvc, domain; -type atvc_exec, exec_type, file_type; -init_daemon_domain(atvc) - -allow atvc atvc_prop:property_service set; -allow atvc pds_file:dir search; -unix_socket_connect(atvc, property, init) diff --git a/sepolicy/batt_health.te b/sepolicy/batt_health.te deleted file mode 100644 index 19ef6ed..0000000 --- a/sepolicy/batt_health.te +++ /dev/null @@ -1,16 +0,0 @@ -type batt_health, domain; -type batt_health_exec, exec_type, file_type; -init_daemon_domain(batt_health); - -allow batt_health batt_health_data_file:dir { search write add_name }; -allow batt_health batt_health_data_file:file { setattr open read write create append }; -allow batt_health pds_file:dir search; -allow batt_health pds_file:file { open read }; -allow batt_health self:capability { dac_override net_admin setuid chown fowner fsetid }; -allow batt_health self:netlink_kobject_uevent_socket { create bind setopt read }; -allow batt_health sysfs_batt_health:dir search; -allow batt_health sysfs_batt_health:file { open read write }; -allow batt_health sysfs_battery_supply:dir { search read }; -allow batt_health sysfs_battery_supply:file { open read }; -allow batt_health sysfs_usb_supply:dir { search read }; -allow batt_health sysfs_usb_supply:file { open read }; diff --git a/sepolicy/bootanim.te b/sepolicy/bootanim.te deleted file mode 100644 index 050d23c..0000000 --- a/sepolicy/bootanim.te +++ /dev/null @@ -1 +0,0 @@ -unix_socket_connect(bootanim, mpctl, mpdecision) diff --git a/sepolicy/device.te b/sepolicy/device.te deleted file mode 100644 index ff23be4..0000000 --- a/sepolicy/device.te +++ /dev/null @@ -1,6 +0,0 @@ -# Partitions -type cid_block_device, dev_type; -type clogo_block_device, dev_type; -type logs_block_device, dev_type; -type hob_block_device, dev_type; -type utags_block_device, dev_type; diff --git a/sepolicy/file.te b/sepolicy/file.te deleted file mode 100644 index 004c4b5..0000000 --- a/sepolicy/file.te +++ /dev/null @@ -1,17 +0,0 @@ -# Battery health -type batt_health_data_file, file_type, data_file_type; -type sysfs_batt_health, fs_type, sysfs_type; - -# hw_revs -type hw_revs_data_file, file_type, data_file_type; - -# CMHW -type display_sysfs, fs_type, sysfs_type; -type vibeamp_sysfs, fs_type, sysfs_type; - -# PDS -type pds_file, file_type; - -#fsg -type condor_firmware, file_type; -type fsg_file, fs_type, contextmount_type; diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index 2f99d26..3bd50eb 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -1,44 +1,3 @@ -# Binaries -/system/bin/batt_health u:object_r:batt_health_exec:s0 -/system/bin/dbvc_atvc_property_set u:object_r:atvc_exec:s0 -/system/bin/hardware_revisions.sh u:object_r:hw_revs_exec:s0 - -# Camera -/data/cam_socket([0-9])+ u:object_r:camera_socket:s0 - -# CMHW -/sys/devices/platform/kcal_ctrl\.0(/.*)? u:object_r:display_sysfs:s0 -/sys/devices/virtual/timed_output/vibrator/vtg_level u:object_r:vibeamp_sysfs:s0 - -# Motorola services -/data/power_supply_logger(/.*)? u:object_r:batt_health_data_file:s0 -/sys/module/qpnp_charger/parameters(/.*)? u:object_r:sysfs_batt_health:s0 - -# MPDecision -/data/system/default_values u:object_r:mpctl_data_file:s0 -/dev/socket/mpctl u:object_r:mpctl_socket:s0 -/dev/socket/mpdecision u:object_r:mpctl_socket:s0 - -# hw_revs -/data/hardware_revisions u:object_r:hw_revs_data_file:s0 -/data/hardware_revisions(/.*)? u:object_r:hw_revs_data_file:s0 - -# Partitions -/dev/block/bootdevice/by-name/boot u:object_r:boot_block_device:s0 -/dev/block/bootdevice/by-name/cache u:object_r:cache_block_device:s0 -/dev/block/bootdevice/by-name/cid u:object_r:cid_block_device:s0 -/dev/block/bootdevice/by-name/clogo u:object_r:clogo_block_device:s0 -/dev/block/bootdevice/by-name/dhob u:object_r:hob_block_device:s0 -/dev/block/bootdevice/by-name/hob u:object_r:hob_block_device:s0 -/dev/block/bootdevice/by-name/logs u:object_r:logs_block_device:s0 -/dev/block/bootdevice/by-name/recovery u:object_r:recovery_block_device:s0 -/dev/block/bootdevice/by-name/userdata u:object_r:userdata_block_device:s0 -/dev/block/bootdevice/by-name/utags u:object_r:utags_block_device:s0 -/dev/block/bootdevice/by-name/utagsBackup u:object_r:utags_block_device:s0 - -# PDS -/pds(/.*)? u:object_r:pds_file:s0 - # Firmware /fsg/condor_emea_dsds_5.img.gz u:object_r:condor_firmware:s0 /fsg/0.img.gz u:object_r:condor_firmware:s0 @@ -49,10 +8,3 @@ /dev/l3g4200d u:object_r:sensors_device:s0 /dev/lis3dh u:object_r:sensors_device:s0 /data/misc/akmd_set.txt u:object_r:sensors_data_file:s0 - -# Thermal -/sys/devices/fd510000.gpio/gpio/gpio13/active_low u:object_r:sysfs_thermal:s0 -/sys/devices/fd510000.gpio/gpio/gpio13/edge u:object_r:sysfs_thermal:s0 -/sys/devices/f9925000.i2c/i2c-3/3-0048/temp1_input u:object_r:sysfs_thermal:s0 -/sys/devices/f9925000.i2c/i2c-3/3-0048/temp1_max u:object_r:sysfs_thermal:s0 -/sys/devices/f9925000.i2c/i2c-3/3-0048/temp1_max_hyst u:object_r:sysfs_thermal:s0 diff --git a/sepolicy/hw_revs.te b/sepolicy/hw_revs.te deleted file mode 100644 index b421510..0000000 --- a/sepolicy/hw_revs.te +++ /dev/null @@ -1,13 +0,0 @@ -type hw_revs, domain; -type hw_revs_exec, exec_type, file_type; -file_type_auto_trans(hw_revs, system_data_file, hw_revs_data_file) -init_daemon_domain(hw_revs) - -allow hw_revs devpts:chr_file rw_file_perms; -allow hw_revs hw_revs_data_file:dir create_dir_perms; -allow hw_revs hw_revs_data_file:file create_file_perms; -allow hw_revs shell_exec:file r_file_perms; -allow hw_revs system_file:file x_file_perms; - -unix_socket_connect(hw_revs, property, init) -allow hw_revs hw_revs_prop:property_service set; diff --git a/sepolicy/init.te b/sepolicy/init.te deleted file mode 100644 index 43ab579..0000000 --- a/sepolicy/init.te +++ /dev/null @@ -1,7 +0,0 @@ -# Unsure what init is doing here -allow init app_data_file:dir setattr; -allow init cid_block_device:blk_file setattr; -allow init clogo_block_device:blk_file setattr; -allow init hob_block_device:blk_file setattr; -allow init logs_block_device:blk_file setattr; -allow init utags_block_device:blk_file setattr; diff --git a/sepolicy/init_shell.te b/sepolicy/init_shell.te deleted file mode 100644 index 85b8257..0000000 --- a/sepolicy/init_shell.te +++ /dev/null @@ -1,3 +0,0 @@ -# for init_falcon to read filesystem type -#allow init_shell userdata_block_device:blk_file { getattr open read ioctl }; -#allow init_shell utags_block_device:blk_file { open read }; diff --git a/sepolicy/keystore.te b/sepolicy/keystore.te deleted file mode 100644 index 2d212e5..0000000 --- a/sepolicy/keystore.te +++ /dev/null @@ -1,2 +0,0 @@ -allow keystore firmware_file:dir r_dir_perms; -allow keystore firmware_file:file r_file_perms; diff --git a/sepolicy/mediaserver.te b/sepolicy/mediaserver.te deleted file mode 100644 index 0c2f6a4..0000000 --- a/sepolicy/mediaserver.te +++ /dev/null @@ -1 +0,0 @@ -allow mediaserver shell_data_file:dir search; diff --git a/sepolicy/mm-qcamerad.te b/sepolicy/mm-qcamerad.te deleted file mode 100644 index 2b174e5..0000000 --- a/sepolicy/mm-qcamerad.te +++ /dev/null @@ -1,7 +0,0 @@ -allow mm-qcamerad system_server:unix_stream_socket { read write }; -allow servicemanager mm-qcamerad:dir search; -allow servicemanager mm-qcamerad:file { open read }; -allow servicemanager mm-qcamerad:process { getattr }; -binder_call(mm-qcamerad, servicemanager) -binder_call(mm-qcamerad, system_server) -unix_socket_connect(mm-qcamerad, mpctl, mpdecision) diff --git a/sepolicy/mpdecision.te b/sepolicy/mpdecision.te deleted file mode 100644 index 5a8e449..0000000 --- a/sepolicy/mpdecision.te +++ /dev/null @@ -1,6 +0,0 @@ -file_type_auto_trans(mpdecision, system_data_file, mpctl_data_file) -allow mpdecision mpctl_data_file:dir w_dir_perms; -allow mpdecision mpctl_data_file:file create_file_perms; -type_transition mpdecision system_data_file:file mpctl_data_file; -type_transition mpdecision socket_device:sock_file mpctl_socket; -allow mpdecision socket_device:sock_file create_file_perms; diff --git a/sepolicy/platform_app.te b/sepolicy/platform_app.te deleted file mode 100644 index 757015a..0000000 --- a/sepolicy/platform_app.te +++ /dev/null @@ -1 +0,0 @@ -allow platform_app time_daemon:unix_stream_socket connectto; diff --git a/sepolicy/property.te b/sepolicy/property.te deleted file mode 100644 index 6957d7f..0000000 --- a/sepolicy/property.te +++ /dev/null @@ -1,3 +0,0 @@ -# Motorola service properties -type atvc_prop, property_type; -type hw_revs_prop, property_type; diff --git a/sepolicy/property_contexts b/sepolicy/property_contexts deleted file mode 100644 index acec321..0000000 --- a/sepolicy/property_contexts +++ /dev/null @@ -1,2 +0,0 @@ -# Motorola service properties -persist.atvc u:object_r:atvc_prop:s0 diff --git a/sepolicy/rild.te b/sepolicy/rild.te deleted file mode 100644 index dc2d0ab..0000000 --- a/sepolicy/rild.te +++ /dev/null @@ -1,7 +0,0 @@ -allow rild sysfs_battery_supply:dir search; -allow rild sysfs_battery_supply:file { open read }; -allow rild sysfs_usb_supply:dir search; -allow rild sysfs_usb_supply:file { open read }; -allow rild fsg_file:dir search; -allow rild fsg_file:file r_file_perms; - diff --git a/sepolicy/rmt_storage.te b/sepolicy/rmt_storage.te deleted file mode 100644 index cf156b3..0000000 --- a/sepolicy/rmt_storage.te +++ /dev/null @@ -1,11 +0,0 @@ -typeattribute rmt_storage rmt_placeholder; - -allow rmt_storage firmware_file:dir r_dir_perms; -allow rmt_storage firmware_file:file r_file_perms; -allow rmt_storage kmem_device:chr_file rw_file_perms; -allow rmt_storage self:capability sys_rawio; -allow rmt_storage self:process execmem; -allow rmt_storage ssd_device:blk_file { read write open }; -allow rmt_storage condor_firmware:file r_file_perms; -allow rmt_storage fsg_file:dir search; -allow rmt_storage fsg_file:file r_file_perms; diff --git a/sepolicy/system_app.te b/sepolicy/system_app.te deleted file mode 100644 index 799df29..0000000 --- a/sepolicy/system_app.te +++ /dev/null @@ -1 +0,0 @@ -allow system_app shell_data_file:dir search; diff --git a/sepolicy/system_init.te b/sepolicy/system_init.te deleted file mode 100644 index 16c0e94..0000000 --- a/sepolicy/system_init.te +++ /dev/null @@ -1,5 +0,0 @@ -#============= sysinit ============== -allow sysinit self:capability dac_override; -allow sysinit userinit_exec:file { getattr execute }; -allow sysinit userinit_exec:file { read open execute_no_trans }; -allow sysinit userinit_exec:file { read open }; diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te deleted file mode 100644 index 12018f5..0000000 --- a/sepolicy/system_server.te +++ /dev/null @@ -1,3 +0,0 @@ -allow system_server display_sysfs:file { getattr open read write }; -allow system_server vibeamp_sysfs:file { getattr open read write }; -allow system_server time_daemon:unix_stream_socket connectto;
\ No newline at end of file diff --git a/sepolicy/thermal-engine.te b/sepolicy/thermal-engine.te deleted file mode 100644 index 9230119..0000000 --- a/sepolicy/thermal-engine.te +++ /dev/null @@ -1,2 +0,0 @@ -allow thermal-engine sysfs_battery_supply:dir search; -allow thermal-engine sysfs_battery_supply:file { open read write }; diff --git a/sepolicy/ueventd.te b/sepolicy/ueventd.te deleted file mode 100644 index 3599251..0000000 --- a/sepolicy/ueventd.te +++ /dev/null @@ -1,3 +0,0 @@ -#============= ueventd ============== -allow ueventd unlabeled:dir search; -allow ueventd unlabeled:file { read getattr open }; diff --git a/sepolicy/vold.te b/sepolicy/vold.te deleted file mode 100644 index 9b373b8..0000000 --- a/sepolicy/vold.te +++ /dev/null @@ -1,3 +0,0 @@ -#============= vold ============== -allow vold userdata_block_device:blk_file { read write ioctl open getattr }; - |