tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Remove now-unused permissions"

Browse source
This commit is contained in:
Treehugger Robot 2022-02-23 11:23:25 +00:00 committed by Gerrit Code Review
commit 383b946787
2 changed files with 1 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
microdroid/system/private/compos.te
View file

@ -7,13 +7,8 @@ allow compos self:vsock_socket { create_socket_perms_no_ioctl listen accept };
# Allow using various binder services
binder_use(compos);
allow compos {
authfs_binder_service
dice_node_service
}:service_manager find;
allow compos authfs_binder_service:service_manager find;
binder_call(compos, authfs_service);
binder_call(compos, diced);
allow compos diced:diced { get_attestation_chain derive };
# Read artifacts created by odrefresh and create signature files.
allow compos authfs_fuse:dir rw_dir_perms;

4
private/odsign.te
View file

@ -44,10 +44,6 @@ allow odsign apex_module_data_file:dir { getattr search };
allow odsign apex_art_data_file:dir { rw_dir_perms rmdir rename };
allow odsign apex_art_data_file:file { rw_file_perms unlink };
# For CompOS instance & key files
allow odsign apex_compos_data_file:dir { getattr search };
allow odsign apex_compos_data_file:file r_file_perms;
# Run odrefresh to refresh ART artifacts
domain_auto_trans(odsign, odrefresh_exec, odrefresh)