[dice] Remove all the sepolicy relating the hal service dice
As the service is not used anywhere for now and in the near future. Bug: 268322533 Test: m Change-Id: I0350f5e7e0d025de8069a9116662fee5ce1d5150
This commit is contained in:
Alice Wang
parent
a5df438a2a
commit
5e94b1698c
18 changed files with 5 additions and 57 deletions
|
|
@ -746,16 +746,6 @@ class keystore2_key
|
|||
use_dev_id
|
||||
}
|
||||
|
||||
class diced
|
||||
{
|
||||
demote
|
||||
demote_self
|
||||
derive
|
||||
get_attestation_chain
|
||||
use_seal
|
||||
use_sign
|
||||
}
|
||||
|
||||
class drmservice {
|
||||
consumeRights
|
||||
setPlaybackStatus
|
||||
|
|
|
|||
|
|
@ -163,8 +163,5 @@ class keystore2 # userspace
|
|||
# Keystore 2.0 key permissions
|
||||
class keystore2_key # userspace
|
||||
|
||||
# Diced permissions
|
||||
class diced # userspace
|
||||
|
||||
class drmservice # userspace
|
||||
# FLASK
|
||||
|
|
|
|||
|
|
@ -139,9 +139,6 @@ attribute halserverdomain;
|
|||
attribute halclientdomain;
|
||||
expandattribute halclientdomain true;
|
||||
|
||||
# HALs
|
||||
hal_attribute(dice);
|
||||
|
||||
# All types used for DMA-BUF heaps
|
||||
attribute dmabuf_heap_device_type;
|
||||
expandattribute dmabuf_heap_device_type false;
|
||||
|
|
|
|||
|
|
@ -1,4 +1,9 @@
|
|||
;; types removed from current policy
|
||||
(type dice_maintenance_service)
|
||||
(type dice_node_service)
|
||||
(type diced)
|
||||
(type diced_exec)
|
||||
(type hal_dice_service)
|
||||
(type iorap_inode2filename)
|
||||
(type iorap_inode2filename_exec)
|
||||
(type iorap_inode2filename_tmpfs)
|
||||
|
|
|
|||
|
|
@ -8,7 +8,6 @@ allow crash_dump {
|
|||
-apexd
|
||||
-bpfloader
|
||||
-crash_dump
|
||||
-diced
|
||||
-init
|
||||
-kernel
|
||||
-keystore
|
||||
|
|
@ -43,7 +42,6 @@ neverallow crash_dump {
|
|||
apexd
|
||||
userdebug_or_eng(`-apexd')
|
||||
bpfloader
|
||||
diced
|
||||
init
|
||||
kernel
|
||||
keystore
|
||||
|
|
|
|||
|
|
@ -1,6 +0,0 @@
|
|||
typeattribute diced coredomain;
|
||||
|
||||
init_daemon_domain(diced)
|
||||
|
||||
# Talk to dice HAL.
|
||||
hal_client_domain(diced, hal_dice)
|
||||
|
|
@ -18,7 +18,6 @@ define(`dumpable_domain',`{
|
|||
-bpfloader
|
||||
-crash_dump
|
||||
-crosvm # TODO(b/236672526): Remove exception for crosvm
|
||||
-diced
|
||||
-init
|
||||
-kernel
|
||||
-keystore
|
||||
|
|
|
|||
|
|
@ -290,7 +290,6 @@
|
|||
/system/bin/credstore u:object_r:credstore_exec:s0
|
||||
/system/bin/keystore u:object_r:keystore_exec:s0
|
||||
/system/bin/keystore2 u:object_r:keystore_exec:s0
|
||||
/system/bin/diced u:object_r:diced_exec:s0
|
||||
/system/bin/fingerprintd u:object_r:fingerprintd_exec:s0
|
||||
/system/bin/gatekeeperd u:object_r:gatekeeperd_exec:s0
|
||||
/system/bin/tombstoned u:object_r:tombstoned_exec:s0
|
||||
|
|
|
|||
|
|
@ -52,7 +52,6 @@ never_profile_heap(`{
|
|||
apexd
|
||||
app_zygote
|
||||
bpfloader
|
||||
diced
|
||||
hal_configstore_server
|
||||
init
|
||||
kernel
|
||||
|
|
|
|||
|
|
@ -23,7 +23,6 @@ userdebug_or_eng(`
|
|||
allow llkd {
|
||||
domain
|
||||
-apexd
|
||||
-diced
|
||||
-kernel
|
||||
-keystore
|
||||
-init
|
||||
|
|
|
|||
|
|
@ -84,7 +84,6 @@ android.hardware.radio.voice.IRadioVoice/slot1 u:object_r:
|
|||
android.hardware.radio.voice.IRadioVoice/slot2 u:object_r:hal_radio_service:s0
|
||||
android.hardware.radio.voice.IRadioVoice/slot3 u:object_r:hal_radio_service:s0
|
||||
android.hardware.rebootescrow.IRebootEscrow/default u:object_r:hal_rebootescrow_service:s0
|
||||
android.hardware.security.dice.IDiceDevice/default u:object_r:hal_dice_service:s0
|
||||
android.hardware.security.keymint.IKeyMintDevice/default u:object_r:hal_keymint_service:s0
|
||||
android.hardware.security.keymint.IRemotelyProvisionedComponent/default u:object_r:hal_remotelyprovisionedcomponent_service:s0
|
||||
android.hardware.gatekeeper.IGatekeeper/default u:object_r:hal_gatekeeper_service:s0
|
||||
|
|
@ -136,8 +135,6 @@ android.frameworks.automotive.display.ICarDisplayProxy/default u:object_r:fwk_au
|
|||
android.security.apc u:object_r:apc_service:s0
|
||||
android.security.authorization u:object_r:authorization_service:s0
|
||||
android.security.compat u:object_r:keystore_compat_hal_service:s0
|
||||
android.security.dice.IDiceMaintenance u:object_r:dice_maintenance_service:s0
|
||||
android.security.dice.IDiceNode u:object_r:dice_node_service:s0
|
||||
android.security.identity u:object_r:credstore_service:s0
|
||||
android.security.keystore u:object_r:keystore_service:s0
|
||||
android.security.legacykeystore u:object_r:legacykeystore_service:s0
|
||||
|
|
|
|||
|
|
@ -66,7 +66,6 @@ never_profile_perf(`{
|
|||
apexd
|
||||
app_zygote
|
||||
bpfloader
|
||||
diced
|
||||
hal_configstore_server
|
||||
init
|
||||
kernel
|
||||
|
|
|
|||
|
|
@ -336,7 +336,6 @@ hal_attribute(codec2);
|
|||
hal_attribute(configstore);
|
||||
hal_attribute(confirmationui);
|
||||
hal_attribute(contexthub);
|
||||
hal_attribute(dice);
|
||||
hal_attribute(drm);
|
||||
hal_attribute(dumpstate);
|
||||
hal_attribute(evs);
|
||||
|
|
|
|||
|
|
@ -1,11 +0,0 @@
|
|||
type diced, domain;
|
||||
type diced_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
binder_use(diced)
|
||||
binder_service(diced)
|
||||
|
||||
add_service(diced, dice_node_service)
|
||||
add_service(diced, dice_maintenance_service)
|
||||
|
||||
# Check SELinux permissions.
|
||||
selinux_check_access(diced)
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
binder_call(hal_dice_client, hal_dice_server)
|
||||
|
||||
hal_attribute_service(hal_dice, hal_dice_service)
|
||||
binder_call(hal_dice_server, servicemanager)
|
||||
|
|
@ -10,8 +10,6 @@ type cameraserver_service, service_manager_type;
|
|||
type fwk_camera_service, service_manager_type;
|
||||
type default_android_service, service_manager_type;
|
||||
type device_config_updatable_service, system_api_service, system_server_service,service_manager_type;
|
||||
type dice_maintenance_service, service_manager_type;
|
||||
type dice_node_service, service_manager_type;
|
||||
type dnsresolver_service, service_manager_type;
|
||||
type drmserver_service, service_manager_type;
|
||||
type dumpstate_service, service_manager_type;
|
||||
|
|
@ -285,7 +283,6 @@ type hal_can_controller_service, protected_service, hal_service_type, service_ma
|
|||
type hal_cas_service, hal_service_type, service_manager_type;
|
||||
type hal_confirmationui_service, protected_service, hal_service_type, service_manager_type;
|
||||
type hal_contexthub_service, protected_service, hal_service_type, service_manager_type;
|
||||
type hal_dice_service, protected_service, hal_service_type, service_manager_type;
|
||||
type hal_drm_service, hal_service_type, service_manager_type;
|
||||
type hal_dumpstate_service, protected_service, hal_service_type, service_manager_type;
|
||||
type hal_evs_service, protected_service, hal_service_type, service_manager_type;
|
||||
|
|
|
|||
1
vendor/file_contexts
vendored
1
vendor/file_contexts
vendored
|
|
@ -95,7 +95,6 @@
|
|||
/(vendor|system/vendor)/bin/hw/android\.hardware\.sensors-service(\.multihal)? u:object_r:hal_sensors_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element@1\.0-service u:object_r:hal_secure_element_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element-service.example u:object_r:hal_secure_element_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.security\.dice-service\.non-secure-software u:object_r:hal_dice_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.security\.keymint-service u:object_r:hal_keymint_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/rild u:object_r:rild_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.tetheroffload-service\.example u:object_r:hal_tetheroffload_default_exec:s0
|
||||
|
|
|
|||
5
vendor/hal_dice_default.te
vendored
5
vendor/hal_dice_default.te
vendored
|
|
@ -1,5 +0,0 @@
|
|||
type hal_dice_default, domain;
|
||||
hal_server_domain(hal_dice_default, hal_dice)
|
||||
|
||||
type hal_dice_default_exec, exec_type, vendor_file_type, file_type;
|
||||
init_daemon_domain(hal_dice_default)
|
||||
Loading…
Reference in a new issue