From d918c8df783e05908e8215a21862afbf3f9d3ac7 Mon Sep 17 00:00:00 2001 From: Tri Vo Date: Fri, 9 Nov 2018 15:45:05 -0800 Subject: [PATCH] Remove redundant cgroup type/labelings. cgroup is labeled from genfs_contexts. Also, cgroup filesystems can't be context mounted, i.e. it's not possible to mount them with a label other than "cgroup". Bug: 110962171 Test: m selinux_policy Test: boot aosp_walleye Change-Id: I8319b10136c42a42d1edaee47b77ad1698e87f2c --- private/compat/28.0/28.0.cil | 1 + private/file_contexts | 2 -- public/device.te | 1 - public/init.te | 1 - public/postinstall_dexopt.te | 2 -- 5 files changed, 1 insertion(+), 6 deletions(-) diff --git a/private/compat/28.0/28.0.cil b/private/compat/28.0/28.0.cil index 4e653b20a..f7a0c3756 100644 --- a/private/compat/28.0/28.0.cil +++ b/private/compat/28.0/28.0.cil @@ -2,6 +2,7 @@ (type audio_seq_device) (type audio_timer_device) (type commontime_management_service) +(type cpuctl_device) (type fingerprint_vendor_data_file) (type full_device) (type i2c_device) diff --git a/private/file_contexts b/private/file_contexts index 32e56e0a7..dd957a74e 100644 --- a/private/file_contexts +++ b/private/file_contexts @@ -83,8 +83,6 @@ /dev/block/zram[0-9]* u:object_r:ram_device:s0 /dev/bus/usb(.*)? u:object_r:usb_device:s0 /dev/console u:object_r:console_device:s0 -/dev/cpuctl(/.*)? u:object_r:cpuctl_device:s0 -/dev/memcg(/.*)? u:object_r:cgroup:s0 /dev/device-mapper u:object_r:dm_device:s0 /dev/eac u:object_r:audio_device:s0 /dev/event-log-tags u:object_r:runtime_event_log_tags_file:s0 diff --git a/public/device.te b/public/device.te index a4f7f01fe..e55c86d87 100644 --- a/public/device.te +++ b/public/device.te @@ -18,7 +18,6 @@ type ram_device, dev_type; type rtc_device, dev_type; type vold_device, dev_type; type console_device, dev_type; -type cpuctl_device, dev_type; type fscklogs, dev_type; # GPU (used by most UI apps) type gpu_device, dev_type, mlstrustedobject; diff --git a/public/init.te b/public/init.te index 770922a1b..2a8036a8b 100644 --- a/public/init.te +++ b/public/init.te @@ -94,7 +94,6 @@ allow init tmpfs:dir create_dir_perms; allow init tmpfs:dir mounton; allow init cgroup:dir create_dir_perms; allow init cgroup:file rw_file_perms; -allow init cpuctl_device:dir { create mounton }; # /config allow init configfs:dir mounton; diff --git a/public/postinstall_dexopt.te b/public/postinstall_dexopt.te index 8b6d6cc17..0ccd16809 100644 --- a/public/postinstall_dexopt.te +++ b/public/postinstall_dexopt.te @@ -55,5 +55,3 @@ allow postinstall_dexopt postinstall:process sigchld; # Allow otapreopt to use file descriptors from otapreopt_chroot. # TODO: Probably we can actually close file descriptors... allow postinstall_dexopt otapreopt_chroot:fd use; - -allow postinstall_dexopt cpuctl_device:dir search;