diff --git a/legacy/vendor/common/clatd.te b/legacy/vendor/common/clatd.te index 4951e811..8ca1e975 100644 --- a/legacy/vendor/common/clatd.te +++ b/legacy/vendor/common/clatd.te @@ -25,4 +25,4 @@ #OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN #IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -allow clatd clatd:packet_socket map; +#allow clatd clatd:packet_socket map; diff --git a/legacy/vendor/common/dtseagleservice.te b/legacy/vendor/common/dtseagleservice.te index 1f4f876e..952c0f7b 100644 --- a/legacy/vendor/common/dtseagleservice.te +++ b/legacy/vendor/common/dtseagleservice.te @@ -42,7 +42,7 @@ binder_call(dtseagleservice, system_app) #binder_service(dtseagleservice) #Allow dtseagleservice to be registered with service manager -allow dtseagleservice dtseagleservice_service:service_manager add; +#allow dtseagleservice dtseagleservice_service:service_manager add; #Allow access to audio drivers allow dtseagleservice audio_device:dir r_dir_perms; diff --git a/legacy/vendor/common/fidodaemon.te b/legacy/vendor/common/fidodaemon.te index 762b60b3..eebc14b1 100644 --- a/legacy/vendor/common/fidodaemon.te +++ b/legacy/vendor/common/fidodaemon.te @@ -42,7 +42,7 @@ binder_call(fidodaemon, system_app) #binder_service(fidodaemon) #Allow fidodaemon to be registered with service manager -allow fidodaemon fidodaemon_service:service_manager add; +#allow fidodaemon fidodaemon_service:service_manager add; #Allow communication with init over property server unix_socket_connect(fidodaemon, property, init); diff --git a/legacy/vendor/common/init_shell.te b/legacy/vendor/common/init_shell.te index 0c09fd61..75eaf5d7 100644 --- a/legacy/vendor/common/init_shell.te +++ b/legacy/vendor/common/init_shell.te @@ -87,7 +87,7 @@ set_prop(qti_init_shell, vendor_ipacm_prop) set_prop(qti_init_shell, vendor_ipacm-diag_prop) set_prop(qti_init_shell, vendor_dataqti_prop) set_prop(qti_init_shell, vendor_dataadpl_prop) -set_prop(qti_init_shell, ctl_rildaemon_prop) +#set_prop(qti_init_shell, ctl_rildaemon_prop) set_prop(qti_init_shell, ctl_qcrild_prop) set_prop(qti_init_shell, ctl_vendor_rild_prop) set_prop(qti_init_shell, ctl_vendor_qmuxd_prop) @@ -104,7 +104,7 @@ set_prop(qti_init_shell, vendor_audio_prop) set_prop(qti_init_shell, vendor_video_prop) userdebug_or_eng(` # Needed for starting console in userdebug mode -set_prop(qti_init_shell, ctl_console_prop) +#set_prop(qti_init_shell, ctl_console_prop) set_prop(qti_init_shell, vendor_coresight_prop) set_prop(qti_init_shell, vendor_audio_debug_prop) ') diff --git a/legacy/vendor/common/location_app.te b/legacy/vendor/common/location_app.te index 772777f4..82df910c 100644 --- a/legacy/vendor/common/location_app.te +++ b/legacy/vendor/common/location_app.te @@ -55,4 +55,4 @@ allowxperm vendor_location_app self:socket ioctl msm_sock_ipc_ioctls; allow vendor_location_app self:qipcrtr_socket create_socket_perms_no_ioctl; allow vendor_location_app sysfs_data:file r_file_perms; unix_socket_connect(vendor_location_app, vendor_dpmtcm, vendor_dpmd) -allow location_app sysfs_kgsl_gpu_model:file r_file_perms; \ No newline at end of file +#allow location_app sysfs_kgsl_gpu_model:file r_file_perms; diff --git a/legacy/vendor/common/perfdump_app.te b/legacy/vendor/common/perfdump_app.te index 1762beae..fb226020 100644 --- a/legacy/vendor/common/perfdump_app.te +++ b/legacy/vendor/common/perfdump_app.te @@ -56,7 +56,7 @@ allow perfdump_app mediaserver_service:service_manager find; binder_call(perfdump_app, system_server) # dumpstate -set_prop(perfdump_app, ctl_dumpstate_prop) +#set_prop(perfdump_app, ctl_dumpstate_prop) unix_socket_connect(perfdump_app, dumpstate, dumpstate) dontaudit perfdump_app service_manager_type:service_manager *; diff --git a/legacy/vendor/common/qti_logkit_app.te b/legacy/vendor/common/qti_logkit_app.te index 1ce9c05d..0e1e00a2 100644 --- a/legacy/vendor/common/qti_logkit_app.te +++ b/legacy/vendor/common/qti_logkit_app.te @@ -70,7 +70,7 @@ allow qti_logkit_app qti_logkit_pub_data_file:file create_file_perms; allow qti_logkit_app wcnss_service_exec:file rx_file_perms; # bugreport -allow qti_logkit_app ctl_dumpstate_prop:property_service set; +#allow qti_logkit_app ctl_dumpstate_prop:property_service set; unix_socket_connect(qti_logkit_app, dumpstate, dumpstate) # ANR diff --git a/legacy/vendor/common/radio.te b/legacy/vendor/common/radio.te index a5a6cff7..348c02f1 100644 --- a/legacy/vendor/common/radio.te +++ b/legacy/vendor/common/radio.te @@ -28,7 +28,7 @@ # IMS needs permission to use avtimer allow radio avtimer_device:chr_file r_file_perms; -allow radio { cameraserver_service mediaextractor_service mediacodec_service }:service_manager find; +#allow radio { cameraserver_service mediaextractor_service mediacodec_service }:service_manager find; #diag userdebug_or_eng(` diag_use(radio) diff --git a/legacy/vendor/common/secotad.te b/legacy/vendor/common/secotad.te index bbd062d6..68dad177 100644 --- a/legacy/vendor/common/secotad.te +++ b/legacy/vendor/common/secotad.te @@ -42,10 +42,10 @@ binder_call(secotad, system_app) #binder_service(secotad) #Allow secotad to be registered with service manager -allow secotad secotad_service:service_manager add; +#allow secotad secotad_service:service_manager add; #Allow access to tee device allow secotad tee_device:chr_file rw_file_perms; #Allow access to firmware -r_dir_file(secotad, firmware_file) \ No newline at end of file +r_dir_file(secotad, firmware_file) diff --git a/legacy/vendor/common/seemp_health_daemon.te b/legacy/vendor/common/seemp_health_daemon.te index 839e5771..e669df3d 100644 --- a/legacy/vendor/common/seemp_health_daemon.te +++ b/legacy/vendor/common/seemp_health_daemon.te @@ -42,7 +42,7 @@ binder_call(seemp_health_daemon, system_app) #binder_service(seemp_health_daemon) #Allow seemp_health_daemon to be registered with service manager -allow seemp_health_daemon seemp_health_daemon_service:service_manager add; +#allow seemp_health_daemon seemp_health_daemon_service:service_manager add; #Allow access to tee device allow seemp_health_daemon tee_device:chr_file rw_file_perms; diff --git a/legacy/vendor/common/system_app.te b/legacy/vendor/common/system_app.te index a0ca4a27..5615e00c 100644 --- a/legacy/vendor/common/system_app.te +++ b/legacy/vendor/common/system_app.te @@ -109,7 +109,7 @@ allow system_app qti_logkit_priv_socket:dir r_dir_perms; #allow system_app qti_logkit_priv_socket:sock_file r_file_perms; # bugreport -allow system_app ctl_dumpstate_prop:property_service set; +#allow system_app ctl_dumpstate_prop:property_service set; unix_socket_connect(system_app, dumpstate, dumpstate) # allow gba auth service to add itself as system service diff --git a/legacy/vendor/test/fidotest.te b/legacy/vendor/test/fidotest.te index d4bb8c4e..c0b8a750 100644 --- a/legacy/vendor/test/fidotest.te +++ b/legacy/vendor/test/fidotest.te @@ -42,7 +42,7 @@ userdebug_or_eng(` #binder_service(fidotest) #Allow fido test daemons to be registered with service manager - allow fidotest fidotest_service:service_manager add; + #allow fidotest fidotest_service:service_manager add; # Allow communication with init over property server unix_socket_connect(fidotest, property, init); diff --git a/legacy/vendor/test/qseeproxysample.te b/legacy/vendor/test/qseeproxysample.te index 1e71b7f7..a21e83dc 100644 --- a/legacy/vendor/test/qseeproxysample.te +++ b/legacy/vendor/test/qseeproxysample.te @@ -40,7 +40,7 @@ userdebug_or_eng(` #binder_service(qseeproxysample) #Allow test daemon to be registered with service manager - allow qseeproxysample qseeproxysample_service:service_manager add; + #allow qseeproxysample qseeproxysample_service:service_manager add; #Allow test daemon to use system_server via binder to check caller identity binder_call(qseeproxysample, system_server) diff --git a/legacy/vendor/test/seapp_contexts b/legacy/vendor/test/seapp_contexts index 961f1cfa..648273ee 100644 --- a/legacy/vendor/test/seapp_contexts +++ b/legacy/vendor/test/seapp_contexts @@ -25,10 +25,10 @@ # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -user=_app seinfo=platform name=com.qualcomm.qct.dlt levelfrom=all domain=location_app type=app_data_file -user=_app seinfo=platform name=com.qualcomm.qti.qlogcat levelfrom=all domain=location_app type=app_data_file -user=_app seinfo=platform name=com.qualcomm.qti.pdrtesttool levelfrom=all domain=location_app type=app_data_file -user=_app seinfo=platform name=com.qualcomm.qti.magcaltool levelfrom=all domain=location_app type=app_data_file +#user=_app seinfo=platform name=com.qualcomm.qct.dlt levelfrom=all domain=location_app type=app_data_file +#user=_app seinfo=platform name=com.qualcomm.qti.qlogcat levelfrom=all domain=location_app type=app_data_file +#user=_app seinfo=platform name=com.qualcomm.qti.pdrtesttool levelfrom=all domain=location_app type=app_data_file +#user=_app seinfo=platform name=com.qualcomm.qti.magcaltool levelfrom=all domain=location_app type=app_data_file #Add new domain for QSEE sample services user=system seinfo=platform name=com.qualcomm.qti.auth.securesampleauthservice domain=qsee_svc_app type=system_app_data_file diff --git a/legacy/vendor/test/ustaservice_app.te b/legacy/vendor/test/ustaservice_app.te index b23f3a97..5e5c7484 100644 --- a/legacy/vendor/test/ustaservice_app.te +++ b/legacy/vendor/test/ustaservice_app.te @@ -27,7 +27,7 @@ type ustaservice_app, domain; app_domain(ustaservice_app) -allow ustaservice_app vendor_usta_app_service:service_manager add; +#allow ustaservice_app vendor_usta_app_service:service_manager add; allow ustaservice_app vendor_usta_app_service:service_manager find; allow ustaservice_app activity_service:service_manager find; allow ustaservice_app app_api_service:service_manager find;