tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Revert "Add pm.archiving.enabled system property"" into main

Browse source
This commit is contained in:
Treehugger Robot 2024-04-11 00:12:11 +00:00 committed by Gerrit Code Review
commit 808a734c09
15 changed files with 0 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
prebuilts/api/202404/private/compat/34.0/34.0.ignore.cil
View file

@ -27,7 +27,6 @@
virtual_camera_service virtual_camera_service
ot_daemon_service ot_daemon_service
ot_daemon_socket ot_daemon_socket
pm_archiving_enabled_prop
remote_auth_service remote_auth_service
security_state_service security_state_service
sensitive_content_protection_service sensitive_content_protection_service

3
prebuilts/api/202404/private/priv_app.te
View file

@ -296,6 +296,3 @@ neverallow priv_app *:{
# Allow priv apps to report off body events to keystore2. # Allow priv apps to report off body events to keystore2.
allow priv_app keystore:keystore2 report_off_body; allow priv_app keystore:keystore2 report_off_body;
# Allow priv_apps to check if archiving is enabled
get_prop(priv_app, pm_archiving_enabled_prop)

7
prebuilts/api/202404/private/property.te
View file

@ -750,10 +750,3 @@ neverallow {
-system_app -system_app
-device_as_webcam -device_as_webcam
} usb_uvc_enabled_prop:file no_rw_file_perms; } usb_uvc_enabled_prop:file no_rw_file_perms;
neverallow {
domain
-init
-vendor_init
} pm_archiving_enabled_prop:property_service set;

3
prebuilts/api/202404/private/property_contexts
View file

@ -1642,9 +1642,6 @@ sensors.aosp_low_power_sensor_fusion.maximum_rate u:object_r:sensors_config_prop
# Properties for game manager service # Properties for game manager service
persist.graphics.game_default_frame_rate.enabled u:object_r:game_manager_config_prop:s0 exact bool persist.graphics.game_default_frame_rate.enabled u:object_r:game_manager_config_prop:s0 exact bool
# Properties for app archiving
pm.archiving.enabled u:object_r:pm_archiving_enabled_prop:s0 exact bool
# Properties for ThreadNetworkService # Properties for ThreadNetworkService
threadnetwork.country_code u:object_r:threadnetwork_config_prop:s0 exact string threadnetwork.country_code u:object_r:threadnetwork_config_prop:s0 exact string

3
prebuilts/api/202404/private/system_app.te
View file

@ -174,9 +174,6 @@ get_prop(system_app, oem_unlock_prop)
# Settings app reads ro.usb.uvc.enabled # Settings app reads ro.usb.uvc.enabled
get_prop(system_app, usb_uvc_enabled_prop) get_prop(system_app, usb_uvc_enabled_prop)
# Settings and Launcher apps read pm.archiving.enabled
get_prop(system_app, pm_archiving_enabled_prop)
### ###
### Neverallow rules ### Neverallow rules
### ###

4
prebuilts/api/202404/private/system_server.te
View file

@ -1602,10 +1602,6 @@ neverallow {
-system_server -system_server
} threadnetwork_config_prop:file no_rw_file_perms; } threadnetwork_config_prop:file no_rw_file_perms;
# Allow system server to read pm.archiving.enabled prop
# TODO(azilio): Remove system property after archiving testing is completed.
get_prop(system_server, pm_archiving_enabled_prop)
# Do not allow any domain other than init or system server to get or set the property # Do not allow any domain other than init or system server to get or set the property
neverallow { domain -init -system_server } crashrecovery_prop:property_service set; neverallow { domain -init -system_server } crashrecovery_prop:property_service set;
neverallow { domain -init -dumpstate -system_server } crashrecovery_prop:file no_rw_file_perms; neverallow { domain -init -dumpstate -system_server } crashrecovery_prop:file no_rw_file_perms;

1
prebuilts/api/202404/public/property.te
View file

@ -200,7 +200,6 @@ system_vendor_config_prop(dck_prop)
system_vendor_config_prop(tuner_config_prop) system_vendor_config_prop(tuner_config_prop)
system_vendor_config_prop(usb_uvc_enabled_prop) system_vendor_config_prop(usb_uvc_enabled_prop)
system_vendor_config_prop(setupwizard_mode_prop) system_vendor_config_prop(setupwizard_mode_prop)
system_vendor_config_prop(pm_archiving_enabled_prop)
# Properties with no restrictions # Properties with no restrictions
system_public_prop(adbd_config_prop) system_public_prop(adbd_config_prop)

2
private/compat/202404/202404.cil
View file

@ -813,7 +813,6 @@
(expandtypeattribute (pipefs_202404) true) (expandtypeattribute (pipefs_202404) true)
(expandtypeattribute (platform_app_202404) true) (expandtypeattribute (platform_app_202404) true)
(expandtypeattribute (platform_compat_service_202404) true) (expandtypeattribute (platform_compat_service_202404) true)
(expandtypeattribute (pm_archiving_enabled_prop_202404) true)
(expandtypeattribute (pmsg_device_202404) true) (expandtypeattribute (pmsg_device_202404) true)
(expandtypeattribute (port_202404) true) (expandtypeattribute (port_202404) true)
(expandtypeattribute (port_device_202404) true) (expandtypeattribute (port_device_202404) true)
@ -2205,7 +2204,6 @@
(typeattributeset pipefs_202404 (pipefs)) (typeattributeset pipefs_202404 (pipefs))
(typeattributeset platform_app_202404 (platform_app)) (typeattributeset platform_app_202404 (platform_app))
(typeattributeset platform_compat_service_202404 (platform_compat_service)) (typeattributeset platform_compat_service_202404 (platform_compat_service))
(typeattributeset pm_archiving_enabled_prop_202404 (pm_archiving_enabled_prop))
(typeattributeset pmsg_device_202404 (pmsg_device)) (typeattributeset pmsg_device_202404 (pmsg_device))
(typeattributeset port_202404 (port)) (typeattributeset port_202404 (port))
(typeattributeset port_device_202404 (port_device)) (typeattributeset port_device_202404 (port_device))

1
private/compat/34.0/34.0.ignore.cil
View file

@ -27,7 +27,6 @@
virtual_camera_service virtual_camera_service
ot_daemon_service ot_daemon_service
ot_daemon_socket ot_daemon_socket
pm_archiving_enabled_prop
remote_auth_service remote_auth_service
security_state_service security_state_service
sensitive_content_protection_service sensitive_content_protection_service

3
private/priv_app.te
View file

@ -293,6 +293,3 @@ neverallow priv_app *:{
bluetooth_socket iucv_socket rxrpc_socket isdn_socket phonet_socket ieee802154_socket caif_socket bluetooth_socket iucv_socket rxrpc_socket isdn_socket phonet_socket ieee802154_socket caif_socket
alg_socket nfc_socket kcm_socket qipcrtr_socket smc_socket xdp_socket alg_socket nfc_socket kcm_socket qipcrtr_socket smc_socket xdp_socket
} *; } *;
# Allow priv_apps to check if archiving is enabled
get_prop(priv_app, pm_archiving_enabled_prop)

6
private/property.te
View file

@ -798,9 +798,3 @@ neverallow {
-system_app -system_app
-device_as_webcam -device_as_webcam
} usb_uvc_enabled_prop:file no_rw_file_perms; } usb_uvc_enabled_prop:file no_rw_file_perms;
neverallow {
domain
-init
-vendor_init
} pm_archiving_enabled_prop:property_service set;

3
private/property_contexts
View file

@ -1656,9 +1656,6 @@ sensors.aosp_low_power_sensor_fusion.maximum_rate u:object_r:sensors_config_prop
# Properties for game manager service # Properties for game manager service
persist.graphics.game_default_frame_rate.enabled u:object_r:game_manager_config_prop:s0 exact bool persist.graphics.game_default_frame_rate.enabled u:object_r:game_manager_config_prop:s0 exact bool
# Properties for app archiving
pm.archiving.enabled u:object_r:pm_archiving_enabled_prop:s0 exact bool
# Properties for ThreadNetworkService # Properties for ThreadNetworkService
threadnetwork.country_code u:object_r:threadnetwork_config_prop:s0 exact string threadnetwork.country_code u:object_r:threadnetwork_config_prop:s0 exact string

3
private/system_app.te
View file

@ -174,9 +174,6 @@ get_prop(system_app, oem_unlock_prop)
# Settings app reads ro.usb.uvc.enabled # Settings app reads ro.usb.uvc.enabled
get_prop(system_app, usb_uvc_enabled_prop) get_prop(system_app, usb_uvc_enabled_prop)
# Settings and Launcher apps read pm.archiving.enabled
get_prop(system_app, pm_archiving_enabled_prop)
# Settings app reads and writes the wifi blob database # Settings app reads and writes the wifi blob database
allow system_app connectivityblob_data_file:dir rw_dir_perms; allow system_app connectivityblob_data_file:dir rw_dir_perms;
allow system_app connectivityblob_data_file:file create_file_perms; allow system_app connectivityblob_data_file:file create_file_perms;

4
private/system_server.te
View file

@ -1629,10 +1629,6 @@ neverallow {
-system_server -system_server
} threadnetwork_config_prop:file no_rw_file_perms; } threadnetwork_config_prop:file no_rw_file_perms;
# Allow system server to read pm.archiving.enabled prop
# TODO(azilio): Remove system property after archiving testing is completed.
get_prop(system_server, pm_archiving_enabled_prop)
# Allow accessing /mnt/pre_reboot_dexopt/chroot, to load the new service-art.jar # Allow accessing /mnt/pre_reboot_dexopt/chroot, to load the new service-art.jar
# in Pre-reboot Dexopt. # in Pre-reboot Dexopt.
allow system_server pre_reboot_dexopt_file:dir { getattr search }; allow system_server pre_reboot_dexopt_file:dir { getattr search };

1
public/property.te
View file

@ -202,7 +202,6 @@ system_vendor_config_prop(dck_prop)
system_vendor_config_prop(tuner_config_prop) system_vendor_config_prop(tuner_config_prop)
system_vendor_config_prop(usb_uvc_enabled_prop) system_vendor_config_prop(usb_uvc_enabled_prop)
system_vendor_config_prop(setupwizard_mode_prop) system_vendor_config_prop(setupwizard_mode_prop)
system_vendor_config_prop(pm_archiving_enabled_prop)
# Properties with no restrictions # Properties with no restrictions
system_public_prop(adbd_config_prop) system_public_prop(adbd_config_prop)