Remove world writable sysfs files

Test: build
Change-Id: I9d18d31a9a65f785cf4bc69f011990e9f8182228
This commit is contained in:
Jeff Vander Stoep 2017-10-05 14:50:17 -07:00
parent 34eba95e8a
commit bb7ece439b
3 changed files with 0 additions and 5 deletions

View file

@ -1,6 +1,3 @@
# For /sys/qemu_trace files in the emulator.
allow domain sysfs_writable:dir search;
allow domain sysfs_writable:file rw_file_perms;
allow domain qemu_device:chr_file rw_file_perms; allow domain qemu_device:chr_file rw_file_perms;
get_prop(domain, qemu_prop) get_prop(domain, qemu_prop)

View file

@ -1 +0,0 @@
type sysfs_writable, fs_type, sysfs_type, mlstrustedobject;

View file

@ -15,7 +15,6 @@
/dev/qemu_.* u:object_r:qemu_device:s0 /dev/qemu_.* u:object_r:qemu_device:s0
/dev/ttyGF[0-9]* u:object_r:serial_device:s0 /dev/ttyGF[0-9]* u:object_r:serial_device:s0
/dev/ttyS2 u:object_r:console_device:s0 /dev/ttyS2 u:object_r:console_device:s0
/sys/qemu_trace(/.*)? u:object_r:sysfs_writable:s0
/vendor/bin/init\.ranchu-core\.sh u:object_r:goldfish_setup_exec:s0 /vendor/bin/init\.ranchu-core\.sh u:object_r:goldfish_setup_exec:s0
/vendor/bin/init\.ranchu-net\.sh u:object_r:goldfish_setup_exec:s0 /vendor/bin/init\.ranchu-net\.sh u:object_r:goldfish_setup_exec:s0
/vendor/bin/qemu-props u:object_r:qemu_props_exec:s0 /vendor/bin/qemu-props u:object_r:qemu_props_exec:s0