tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Drop obsolete keystore_socket type and rules.

Browse source 
Change I6dacdc43bcc1a56e47655e37e825ee6a205eb56b switched
the keystore to using binder instead of a socket, so this
socket type and rules have been unused for a while.  The type
was only ever assigned to a /dev/socket socket file (tmpfs) so
there is no issue with removing the type (no persistent files
will have this xattr value).

Change-Id: Id584233c58f6276774c3432ea76878aca28d6280
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
Stephen Smalley 2014-02-25 13:22:01 -05:00 committed by Nick Kralevich
parent dc1cedf12c
commit 2c347e0a36
5 changed files with 0 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
app.te
View file

@ -11,9 +11,6 @@
allow appdomain self:process execmem;
allow appdomain ashmem_device:chr_file execute;
# Allow apps to connect to the keystore
unix_socket_connect(appdomain, keystore, keystore)
# Receive and use open file descriptors inherited from zygote.
allow appdomain zygote:fd use;

1
file.te
View file

@ -109,7 +109,6 @@ type dnsproxyd_socket, file_type, mlstrustedobject;
type dumpstate_socket, file_type;
type gps_socket, file_type;
type installd_socket, file_type;
type keystore_socket, file_type;
type lmkd_socket, file_type;
type logd_debug, file_type;
type logd_socket, file_type;

1
file_contexts
View file

@ -79,7 +79,6 @@
/dev/socket/dumpstate u:object_r:dumpstate_socket:s0
/dev/socket/gps u:object_r:gps_socket:s0
/dev/socket/installd u:object_r:installd_socket:s0
/dev/socket/keystore u:object_r:keystore_socket:s0
/dev/socket/lmkd u:object_r:lmkd_socket:s0
/dev/logd_debug u:object_r:logd_debug:s0
/dev/socket/logd u:object_r:logd_socket:s0

3
system_app.te
View file

@ -23,9 +23,6 @@ allow system_app wallpaper_file:file r_file_perms;
# Write to dalvikcache.
allow system_app dalvikcache_data_file:file { write setattr };
# Talk to keystore.
unix_socket_connect(system_app, keystore, keystore)
# Read SELinux enforcing status.
selinux_getenforce(system_app)

1
system_server.te
View file

@ -87,7 +87,6 @@ unix_socket_connect(system_server, lmkd, lmkd)
unix_socket_connect(system_server, netd, netd)
unix_socket_connect(system_server, vold, vold)
unix_socket_connect(system_server, zygote, zygote)
unix_socket_connect(system_server, keystore, keystore)
unix_socket_connect(system_server, gps, gpsd)
unix_socket_connect(system_server, racoon, racoon)
unix_socket_send(system_server, wpa, wpa)