Merge "[sepolicy] remove vendor_incremental_module from global sepolicy rules" into rvc-dev

This commit is contained in:
Songchun Fan 2020-03-09 01:40:27 +00:00 committed by Android (Google) Code Review
commit 3daa20f14f
5 changed files with 1 additions and 10 deletions

View file

@ -105,7 +105,6 @@
tv_tuner_resource_mgr_service tv_tuner_resource_mgr_service
vendor_apex_file vendor_apex_file
vendor_boringssl_self_test vendor_boringssl_self_test
vendor_incremental_module
vendor_install_recovery vendor_install_recovery
vendor_install_recovery_exec vendor_install_recovery_exec
vendor_socket_hook_prop vendor_socket_hook_prop

View file

@ -374,7 +374,6 @@
/(vendor|system/vendor)/apex(/[^/]+){0,2} u:object_r:vendor_apex_file:s0 /(vendor|system/vendor)/apex(/[^/]+){0,2} u:object_r:vendor_apex_file:s0
/(vendor|system/vendor)/bin/misc_writer u:object_r:vendor_misc_writer_exec:s0 /(vendor|system/vendor)/bin/misc_writer u:object_r:vendor_misc_writer_exec:s0
/(vendor|system/vendor)/bin/boringssl_self_test(32|64) u:object_r:vendor_boringssl_self_test_exec:s0 /(vendor|system/vendor)/bin/boringssl_self_test(32|64) u:object_r:vendor_boringssl_self_test_exec:s0
(/vendor|system/vendor)/lib(64)?/modules/incrementalfs\.ko u:object_r:vendor_incremental_module:s0
# HAL location # HAL location
/(vendor|system/vendor)/lib(64)?/hw u:object_r:vendor_hal_file:s0 /(vendor|system/vendor)/lib(64)?/hw u:object_r:vendor_hal_file:s0

View file

@ -996,6 +996,7 @@ full_treble_only(`
-system_executes_vendor_violators -system_executes_vendor_violators
-traced_perf # library/binary access for symbolization -traced_perf # library/binary access for symbolization
-ueventd # reads /vendor/ueventd.rc -ueventd # reads /vendor/ueventd.rc
-vold # loads incremental fs driver
} { } {
vendor_file_type vendor_file_type
-same_process_hal_file -same_process_hal_file
@ -1009,7 +1010,6 @@ full_treble_only(`
-vendor_overlay_file -vendor_overlay_file
-vendor_public_lib_file -vendor_public_lib_file
-vendor_task_profiles_file -vendor_task_profiles_file
-vendor_incremental_module
-vndk_sp_file -vndk_sp_file
}:file *; }:file *;
') ')

View file

@ -210,8 +210,6 @@ type vendor_overlay_file, vendor_file_type, file_type;
# Type for all vendor public libraries. These libs should only be exposed to # Type for all vendor public libraries. These libs should only be exposed to
# apps. ABI stability of these libs is vendor's responsibility. # apps. ABI stability of these libs is vendor's responsibility.
type vendor_public_lib_file, vendor_file_type, file_type; type vendor_public_lib_file, vendor_file_type, file_type;
# Default type for incremental file system driver
type vendor_incremental_module, vendor_file_type, file_type;
# Input configuration # Input configuration
type vendor_keylayout_file, vendor_file_type, file_type; type vendor_keylayout_file, vendor_file_type, file_type;

View file

@ -52,11 +52,6 @@ allowxperm vold data_file_type:dir ioctl {
FS_IOC_REMOVE_ENCRYPTION_KEY FS_IOC_REMOVE_ENCRYPTION_KEY
}; };
# Allow to load incremental file system driver
allow vold self:capability sys_module;
allow vold vendor_incremental_module:file r_file_perms;
allow vold vendor_incremental_module:system module_load;
# Only vold and init should ever set file-based encryption policies. # Only vold and init should ever set file-based encryption policies.
neverallowxperm { neverallowxperm {
domain domain