tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

selinux: remove sysfs_mac_address am: f1e71dc75c am: b5a4640f65 am: 65864dc2ea am: f089363182

Browse source 
am: 61d8fc9397

Change-Id: I8b0ab7e9a33092db427642426b37f6e5df6ba298
This commit is contained in:
Tri Vo 2019-08-24 01:29:04 -07:00 committed by android-build-merger
commit 07d10803e1
4 changed files with 1 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
private/app_neverallows.te
View file

@ -86,7 +86,6 @@ neverallow all_untrusted_apps mlstrustedsubject:process fork;
neverallow all_untrusted_apps file_type:file link;
# Do not allow untrusted apps to access network MAC address file
neverallow all_untrusted_apps sysfs_mac_address:file no_rw_file_perms;
neverallow all_untrusted_apps sysfs_net:file no_rw_file_perms;
# Do not allow any write access to files in /sys

1
private/compat/29.0/29.0.cil
View file

@ -2,6 +2,7 @@
(type hal_wifi_offload_hwservice)
(type perfprofd_data_file)
(type perfprofd_service)
(type sysfs_mac_address)
(expandtypeattribute (accessibility_service_29_0) true)
(expandtypeattribute (account_service_29_0) true)

4
private/system_server.te
View file

@ -318,7 +318,6 @@ r_dir_file(system_server, sysfs_switch)
r_dir_file(system_server, sysfs_wakeup_reasons)
allow system_server sysfs_nfc_power_writable:file rw_file_perms;
allow system_server sysfs_mac_address:file r_file_perms;
allow system_server sysfs_power:dir search;
allow system_server sysfs_power:file rw_file_perms;
allow system_server sysfs_thermal:dir search;
@ -776,9 +775,6 @@ allow system_server mnt_expand_file:dir r_dir_perms;
allow system_server fingerprintd_data_file:dir { r_dir_perms remove_name rmdir relabelto write };
allow system_server fingerprintd_data_file:file { getattr unlink };
# Allow system process to read network MAC address
allow system_server sysfs_mac_address:file r_file_perms;
userdebug_or_eng(`
# Allow system server to create and write method traces in /data/misc/trace.
allow system_server method_trace_data_file:dir w_dir_perms;

1
public/file.te
View file

@ -90,7 +90,6 @@ type sysfs_loop, fs_type, sysfs_type;
type sysfs_hwrandom, fs_type, sysfs_type;
type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject;
type sysfs_wake_lock, fs_type, sysfs_type;
type sysfs_mac_address, fs_type, sysfs_type;
type sysfs_net, fs_type, sysfs_type;
type sysfs_power, fs_type, sysfs_type;
type sysfs_rtc, fs_type, sysfs_type;