sepolicy : cleanup of duplicate rules #1

domain.te already had given access to r_dir_file({domain - isolated_app}, sysfs_soc); r_dir_file({domain - isolated_app}, sysfs_esoc); r_dir_file({domain - isolated_app}, sysfs_ssr); r_dir_file({domain - isolated_app}, sysfs_thermal); so removing all the duplicate rules covering this Change-Id: Ic74a8c62a81567dbe5bfc69f691bc2239565ba5f
2018-11-02 11:41:06 +05:30 · 2018-11-02 11:41:06 +05:30 · 59906d1904
commit 59906d1904
parent f90c624e54
25 changed files with 1 additions and 60 deletions
--- a/generic/vendor/common/atfwd.te
+++ b/generic/vendor/common/atfwd.te
@ -34,8 +34,6 @@ allowxperm atfwd self:socket ioctl msm_sock_ipc_ioctls;

 binder_call(atfwd, system_app);

-r_dir_file(atfwd, sysfs_ssr);
-r_dir_file(atfwd, sysfs_esoc);
 r_dir_file(atfwd, sysfs_data);

 set_prop(atfwd, vendor_radio_prop)
--- a/generic/vendor/common/audioserver.te
+++ b/generic/vendor/common/audioserver.te
@ -26,8 +26,6 @@
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 binder_call(audioserver, bootanim)

-allow audioserver sysfs_soc:file r_file_perms;
-allow audioserver sysfs_soc:dir search;
 # audio properties
 get_prop(audioserver, vendor_audio_prop)

--- a/generic/vendor/common/cnd.te
+++ b/generic/vendor/common/cnd.te
@ -51,7 +51,6 @@ allowxperm cnd self:udp_socket ioctl SIOCGIFMTU;

 allow cnd sysfs_timestamp_switch:file r_file_perms;
 allow cnd sysfs_data:file r_file_perms;
-r_dir_file(cnd, sysfs_soc)

 allow cnd proc_meminfo:file r_file_perms;

--- a/generic/vendor/common/hal_audio_default.te
+++ b/generic/vendor/common/hal_audio_default.te
@ -24,7 +24,6 @@
 # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-r_dir_file(hal_audio_default, sysfs_soc)

 userdebug_or_eng(`
  allow hal_audio diag_device:chr_file rw_file_perms;
@ -48,9 +47,6 @@ allow hal_audio proc_audiod:file r_file_perms;
 allow hal_audio_default vendor_audio_data_file:dir rw_dir_perms;
 allow hal_audio_default vendor_audio_data_file:file create_file_perms;

-# Allow hal_audio_default to read sysfs_thermal dir/files for speaker protection
-r_dir_file(hal_audio_default, sysfs_thermal)
-
 #Allow hal audio to use Binder IPC
 vndbinder_use(hal_audio)

--- a/generic/vendor/common/hal_gnss_qti.te
+++ b/generic/vendor/common/hal_gnss_qti.te
@ -35,9 +35,6 @@ allow hal_gnss sysfs_data:file r_file_perms;

 vndbinder_use(hal_gnss_qti)

-allow hal_gnss_qti sysfs_soc:dir r_dir_perms;
-allow hal_gnss_qti sysfs_soc:file r_file_perms;
-
 binder_call(hal_gnss_qti, vendor_per_mgr)
 allow hal_gnss_qti vendor_per_mgr_service:service_manager find;

--- a/generic/vendor/common/hal_imsrtp.te
+++ b/generic/vendor/common/hal_imsrtp.te
@ -50,7 +50,6 @@ allow hal_imsrtp sysfs_timestamp_switch:file r_file_perms;
 allow hal_imsrtp ion_device:chr_file r_file_perms;
 allow hal_imsrtp sysfs_data:file r_file_perms;
 r_dir_file(hal_imsrtp, sysfs_diag)
-r_dir_file(hal_imsrtp, sysfs_soc)

 get_prop(hal_imsrtp, ims_prop)
 binder_call(hal_imsrtp, radio)
--- a/generic/vendor/common/hal_power_default.te
+++ b/generic/vendor/common/hal_power_default.te
@ -24,8 +24,6 @@
 # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-allow hal_power_default sysfs_soc:dir r_dir_perms;
-allow hal_power_default sysfs_soc:file r_file_perms;

 allow hal_power_default hbtp_kernel_sysfs:file rw_file_perms;

--- a/generic/vendor/common/hal_rcsservice.te
+++ b/generic/vendor/common/hal_rcsservice.te
@ -43,7 +43,6 @@ get_prop(hal_rcsservice, hwservicemanager_prop)

 allow hal_rcsservice sysfs_timestamp_switch:file r_file_perms;
 allow hal_rcsservice sysfs_data:file r_file_perms;
-r_dir_file(hal_rcsservice, sysfs_soc)

 #required for socket creation
 unix_socket_connect(hal_rcsservice, ims, ims)
--- a/generic/vendor/common/hal_sensors_default.te
+++ b/generic/vendor/common/hal_sensors_default.te
@ -31,7 +31,6 @@ r_dir_file(hal_sensors_default, persist_sensors_file)
 # interact with the sensors low power island (SLPI) CPU
 allow hal_sensors_default self:socket { create ioctl read write };
 allowxperm hal_sensors_default self:socket ioctl msm_sock_ipc_ioctls;
-allow hal_sensors sysfs_soc:file r_file_perms;

 allow hal_sensors_default qdsp_device:chr_file r_file_perms;
 allow hal_sensors_default xdsp_device:chr_file r_file_perms;
--- a/generic/vendor/common/hal_thermal_default.te
+++ b/generic/vendor/common/hal_thermal_default.te
@ -24,7 +24,5 @@
 # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-allow hal_thermal_default sysfs_thermal:dir { open read search };
-allow hal_thermal_default sysfs_thermal:file { getattr open read };
 allow hal_thermal_default sysfs_thermal:lnk_file read;
 allow hal_thermal_default proc_stat:file { getattr open read };
--- a/generic/vendor/common/ims.te
+++ b/generic/vendor/common/ims.te
@ -36,8 +36,6 @@ get_prop(ims, ims_prop)

 unix_socket_connect(ims, netmgrd, netmgrd)

-allow ims sysfs_soc:dir search;
-allow ims sysfs_soc:file r_file_perms;
 allow ims sysfs_timestamp_switch:file r_file_perms;
 allow ims sysfs_data:file r_file_perms;

--- a/generic/vendor/common/init_shell.te
+++ b/generic/vendor/common/init_shell.te
@ -87,11 +87,9 @@ set_prop(qti_init_shell, vendor_gpu_prop)

 allow qti_init_shell {
    sysfs_devices_system_cpu
-    sysfs_thermal
    sysfs_lowmemorykiller
 }:file w_file_perms;

-r_dir_file(qti_init_shell, sysfs_thermal)
 r_dir_file(qti_init_shell, sysfs_type)
 r_dir_file(qti_init_shell, sysfs_devfreq)
 allow qti_init_shell sysfs_devfreq:file w_file_perms;
--- a/generic/vendor/common/mediacodec.te
+++ b/generic/vendor/common/mediacodec.te
@ -24,9 +24,6 @@
 # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-allow mediacodec sysfs_soc:file r_file_perms;
-allow mediacodec sysfs_soc:dir search;
-
 allow mediacodec system_file:dir r_dir_perms;

 userdebug_or_eng(`
--- a/generic/vendor/common/netmgrd.te
+++ b/generic/vendor/common/netmgrd.te
@ -45,8 +45,6 @@ allowxperm netmgrd self:udp_socket ioctl priv_sock_ioctls;

 allow netmgrd sysfs_net:dir r_dir_perms;
 allow netmgrd sysfs_net:file rw_file_perms;
-allow netmgrd sysfs_soc:dir search;
-allow netmgrd sysfs_soc:file r_file_perms;
 allow netmgrd sysfs_data:file r_file_perms;

 wakelock_use(netmgrd)
--- a/generic/vendor/common/per_proxy.te
+++ b/generic/vendor/common/per_proxy.te
@ -32,7 +32,5 @@ init_daemon_domain(vendor_per_proxy)

 allow vendor_per_proxy vendor_per_mgr_service:service_manager find;

-r_dir_file(vendor_per_proxy, sysfs_ssr)
-
 vndbinder_use(vendor_per_proxy)
 binder_call(vendor_per_proxy, vendor_per_mgr)
--- a/generic/vendor/common/peripheral_manager.te
+++ b/generic/vendor/common/peripheral_manager.te
@ -47,11 +47,7 @@ allow vendor_per_mgr self:socket create_socket_perms;
 allowxperm vendor_per_mgr self:socket ioctl msm_sock_ipc_ioctls;
 allow vendor_per_mgr ssr_device:chr_file { open read };

-# Needed by libmdmdetect to figure out the system configuration
-r_dir_file(vendor_per_mgr, sysfs_esoc)
-
 # Needed by libmdmdetect to get subsystem info and to check their states
-r_dir_file(vendor_per_mgr, sysfs_ssr)
 allow vendor_per_mgr sysfs_data:file r_file_perms;

 # Set the peripheral state property
--- a/generic/vendor/common/port-bridge.te
+++ b/generic/vendor/common/port-bridge.te
@ -32,9 +32,6 @@ init_daemon_domain(port-bridge)
 #access ipa sysfs node
 allow port-bridge sysfs_data:file r_file_perms;

-allow port-bridge sysfs_soc:dir search;
-allow port-bridge sysfs_soc:file r_file_perms;
-
 allow port-bridge at_device:chr_file rw_file_perms;

 allow port-bridge port_bridge_data_file:file create_file_perms;
--- a/generic/vendor/common/qti.te
+++ b/generic/vendor/common/qti.te
@ -30,9 +30,6 @@ type qti_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(qti)
 net_domain(qti)

-allow qti sysfs_soc:dir search;
-allow qti sysfs_soc:file r_file_perms;
-
 allow qti smd_device:chr_file rw_file_perms;
 allow qti rmnet_device:chr_file rw_file_perms;

--- a/generic/vendor/common/rmt_storage.te
+++ b/generic/vendor/common/rmt_storage.te
@ -52,6 +52,3 @@ allow rmt_storage {
    modem_efs_partition_device
    ssd_block_device
 }:blk_file rw_file_perms;
-
-#sysfs_ssr
-r_dir_file(rmt_storage, sysfs_ssr)
--- a/generic/vendor/common/sensors.te
+++ b/generic/vendor/common/sensors.te
@ -50,8 +50,7 @@ allow sensors system_file:dir r_dir_perms;
 allow sensors sensors_device:chr_file rw_file_perms;

 allow sensors sysfs:dir r_dir_perms;
-allow sensors sysfs_soc:dir r_dir_perms;
-allow sensors sysfs_soc:file rw_file_perms;
+allow sensors sysfs_soc:file w_file_perms;
 allow sensors sysfs_data:file r_file_perms;

 allow sensors ion_device:chr_file r_file_perms;
--- a/generic/vendor/common/ssr_setup.te
+++ b/generic/vendor/common/ssr_setup.te
@ -29,11 +29,7 @@ type vendor_ssr_setup_exec, exec_type, vendor_file_type, file_type;

 init_daemon_domain(vendor_ssr_setup);

-# Required to discover esoc's
-r_dir_file(vendor_ssr_setup, sysfs_esoc)
-
 # Required to enable/disable ssr
-r_dir_file(vendor_ssr_setup, sysfs_ssr)
 allow vendor_ssr_setup sysfs_ssr:lnk_file w_file_perms;
 allow vendor_ssr_setup sysfs_ssr_toggle:file rw_file_perms;
 allow vendor_ssr_setup sysfs_ssr:file rw_file_perms;
--- a/generic/vendor/common/thermal-engine.te
+++ b/generic/vendor/common/thermal-engine.te
@ -35,7 +35,6 @@ allow thermal-engine self:capability2 block_suspend;
 allow thermal-engine sysfs:dir r_dir_perms;

 # This is required for thermal sysfs access
-r_dir_file(thermal-engine, sysfs_thermal)
 allow thermal-engine sysfs_thermal:file w_file_perms;

 # Allow to read and write cpufreq sysfs
@ -58,7 +57,6 @@ allow thermal-engine sysfs_graphics:dir r_dir_perms;
 allow thermal-engine sysfs_graphics:file rw_file_perms;
 allow thermal-engine sysfs_graphics:lnk_file r_file_perms;

-r_dir_file(thermal-engine, sysfs_ssr);
 r_dir_file(thermal-engine, sysfs_leds)

 allow thermal-engine audio_device:chr_file rw_file_perms;
--- a/generic/vendor/common/time_daemon.te
+++ b/generic/vendor/common/time_daemon.te
@ -33,11 +33,6 @@ allow time_daemon self:capability { setgid setuid sys_time };

 allow time_daemon rtc_device:chr_file r_file_perms;

-r_dir_file(time_daemon, sysfs_esoc);
-
-allow time_daemon sysfs_soc:dir search;
-allow time_daemon sysfs_soc:file r_file_perms;
-
 allow time_daemon persist_time_file:dir w_dir_perms;
 allow time_daemon persist_time_file:file create_file_perms;
 allow time_daemon persist_time_file:dir search;
--- a/generic/vendor/common/ueventd.te
+++ b/generic/vendor/common/ueventd.te
@ -38,8 +38,6 @@ allow ueventd {
      sysfs_leds
      sysfs_net
      sysfs_scsi_host
-      sysfs_soc
-      sysfs_thermal
      sysfs_usbpd_device
      sysfs_usb_supply
 }:file w_file_perms;
--- a/generic/vendor/common/wcnss_service.te
+++ b/generic/vendor/common/wcnss_service.te
@ -50,8 +50,6 @@ allow wcnss_service self:netlink_socket create_socket_perms_no_ioctl;
 allow wcnss_service firmware_file:dir r_dir_perms;
 allow wcnss_service firmware_file:file r_file_perms;

-allow wcnss_service sysfs_soc:dir search;
-allow wcnss_service sysfs_soc:file r_file_perms;

 allow wcnss_service wpa_data_file:dir create_dir_perms;
 allow wcnss_service wpa_data_file:file create_file_perms;