tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Remove vr_wm service selinux policy" into oc-dev am: 0181f5f1f9

Browse source 
am: 3ab87927f1

Change-Id: Ief090c68370515300a1a38ba9abc4d2a3ed391cb
This commit is contained in:
Daniel Nicoara 2017-05-05 15:05:02 +00:00 committed by android-build-merger
commit 458bc84cf7
8 changed files with 2 additions and 42 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
private/file_contexts
View file

@ -249,7 +249,6 @@
/system/bin/webview_zygote32 u:object_r:webview_zygote_exec:s0 /system/bin/webview_zygote32 u:object_r:webview_zygote_exec:s0
/system/bin/webview_zygote64 u:object_r:webview_zygote_exec:s0 /system/bin/webview_zygote64 u:object_r:webview_zygote_exec:s0
/system/bin/virtual_touchpad u:object_r:virtual_touchpad_exec:s0 /system/bin/virtual_touchpad u:object_r:virtual_touchpad_exec:s0
/system/bin/vr_wm u:object_r:vr_wm_exec:s0
/system/bin/hw/android\.hidl\.allocator@1\.0-service u:object_r:hal_allocator_default_exec:s0 /system/bin/hw/android\.hidl\.allocator@1\.0-service u:object_r:hal_allocator_default_exec:s0
/system/etc/selinux/mapping/[0-9]+\.[0-9]+\.cil u:object_r:sepolicy_file:s0 /system/etc/selinux/mapping/[0-9]+\.[0-9]+\.cil u:object_r:sepolicy_file:s0
/system/etc/selinux/plat_mac_permissions\.xml u:object_r:mac_perms_file:s0 /system/etc/selinux/plat_mac_permissions\.xml u:object_r:mac_perms_file:s0

1
private/service_contexts
View file

@ -159,7 +159,6 @@ user u:object_r:user_service:s0
vibrator u:object_r:vibrator_service:s0 vibrator u:object_r:vibrator_service:s0
virtual_touchpad u:object_r:virtual_touchpad_service:s0 virtual_touchpad u:object_r:virtual_touchpad_service:s0
voiceinteraction u:object_r:voiceinteraction_service:s0 voiceinteraction u:object_r:voiceinteraction_service:s0
vr_window_manager u:object_r:vr_window_manager_service:s0
vr_hwc u:object_r:vr_hwc_service:s0 vr_hwc u:object_r:vr_hwc_service:s0
vrmanager u:object_r:vr_manager_service:s0 vrmanager u:object_r:vr_manager_service:s0
wallpaper u:object_r:wallpaper_service:s0 wallpaper u:object_r:wallpaper_service:s0

2
private/system_server.te
View file

@ -540,8 +540,6 @@ allow system_server netd_service:service_manager find;
allow system_server nfc_service:service_manager find; allow system_server nfc_service:service_manager find;
allow system_server radio_service:service_manager find; allow system_server radio_service:service_manager find;
allow system_server surfaceflinger_service:service_manager find; allow system_server surfaceflinger_service:service_manager find;
# TODO(b/36506799): move vr_wm code to VrCore and remove this:
allow system_server vr_window_manager_service:service_manager find;
allow system_server wificond_service:service_manager find; allow system_server wificond_service:service_manager find;
allow system_server keystore:keystore_key { allow system_server keystore:keystore_key {

5
private/vr_wm.te
View file

@ -1,5 +0,0 @@
# vr_wm - VR Window Manager
typeattribute vr_wm coredomain;
# The vr_wm is started by init.
init_daemon_domain(vr_wm)

4
public/performanced.te
View file

@ -10,9 +10,9 @@ allow performanced self:capability { setuid setgid sys_nice };
# Access /proc to validate we're only affecting threads in the same thread group. # Access /proc to validate we're only affecting threads in the same thread group.
# Performanced also shields unbound kernel threads. It scans every task in the # Performanced also shields unbound kernel threads. It scans every task in the
# root cpu set, but only affects the kernel threads. # root cpu set, but only affects the kernel threads.
r_dir_file(performanced, { appdomain bufferhubd kernel sensord surfaceflinger vr_wm }) r_dir_file(performanced, { appdomain bufferhubd kernel sensord surfaceflinger })
dontaudit performanced domain:dir read; dontaudit performanced domain:dir read;
allow performanced { appdomain bufferhubd kernel sensord surfaceflinger vr_wm }:process setsched; allow performanced { appdomain bufferhubd kernel sensord surfaceflinger }:process setsched;
# Access /dev/cpuset/cpuset.cpus # Access /dev/cpuset/cpuset.cpus
r_dir_file(performanced, cgroup) r_dir_file(performanced, cgroup)

1
public/service.te
View file

@ -27,7 +27,6 @@ type surfaceflinger_service, service_manager_type;
type system_app_service, service_manager_type; type system_app_service, service_manager_type;
type update_engine_service, service_manager_type; type update_engine_service, service_manager_type;
type virtual_touchpad_service, service_manager_type; type virtual_touchpad_service, service_manager_type;
type vr_window_manager_service, service_manager_type;
type vr_hwc_service, service_manager_type; type vr_hwc_service, service_manager_type;
# system_server_services broken down # system_server_services broken down

2
public/vr_hwc.te
View file

@ -10,8 +10,6 @@ binder_service(vr_hwc)
binder_call(vr_hwc, surfaceflinger) binder_call(vr_hwc, surfaceflinger)
# Needed to check for app permissions. # Needed to check for app permissions.
binder_call(vr_hwc, system_server) binder_call(vr_hwc, system_server)
# TODO(dnicoara): Remove once vr_wm is disabled.
binder_call(vr_hwc, vr_wm)
add_service(vr_hwc, vr_hwc_service) add_service(vr_hwc, vr_hwc_service)

28
public/vr_wm.te
View file

@ -1,28 +0,0 @@
type vr_wm, domain;
type vr_wm_exec, exec_type, file_type;
hal_client_domain(vr_wm, hal_graphics_allocator)
binder_use(vr_wm)
binder_call(vr_wm, virtual_touchpad)
binder_call(vr_wm, vr_hwc)
allow vr_wm virtual_touchpad_service:service_manager find;
allow vr_wm vr_hwc_service:service_manager find;
binder_service(vr_wm)
add_service(vr_wm, vr_window_manager_service)
# Load vendor libraries.
allow vr_wm system_file:dir r_dir_perms;
allow vr_wm gpu_device:chr_file rw_file_perms;
allow vr_wm ion_device:chr_file r_file_perms;
# Get buffer metadata.
allow vr_wm hal_graphics_allocator:fd use;
use_pdx(vr_wm, bufferhubd)
use_pdx(vr_wm, sensord)
use_pdx(vr_wm, surfaceflinger)
use_pdx(vr_wm, performanced)