Merge adf_device into graphics_device
As of sepolicy commit a16a59e2c7
(https://android-review.googlesource.com/94580), adf_device
and graphics_device have the exact same security properties.
Merge them into one type to avoid a proliferation of SELinux
types.
Change-Id: Ib1a24f5d880798600e103b9e14934e41abb1ef95
This commit is contained in:
Nick Kralevich
parent
6f6c425563
commit
84ed890aeb
5 changed files with 4 additions and 12 deletions
5
app.te
5
app.te
|
|
@ -194,10 +194,7 @@ neverallow { appdomain -unconfineddomain } {
|
|||
}:chr_file { read write };
|
||||
|
||||
# Note: Try expanding list of app domains in the future.
|
||||
neverallow { untrusted_app isolated_app shell -unconfineddomain } {
|
||||
adf_device
|
||||
graphics_device
|
||||
}:chr_file { read write };
|
||||
neverallow { untrusted_app isolated_app shell -unconfineddomain } graphics_device:chr_file { read write };
|
||||
|
||||
neverallow { appdomain -nfc -unconfineddomain } nfc_device:chr_file
|
||||
{ read write };
|
||||
|
|
|
|||
|
|
@ -2,7 +2,6 @@
|
|||
type device, dev_type, fs_type;
|
||||
type alarm_device, dev_type, mlstrustedobject;
|
||||
type adb_device, dev_type;
|
||||
type adf_device, dev_type;
|
||||
type ashmem_device, dev_type, mlstrustedobject;
|
||||
type audio_device, dev_type;
|
||||
type binder_device, dev_type, mlstrustedobject;
|
||||
|
|
|
|||
|
|
@ -31,9 +31,9 @@
|
|||
/dev(/.*)? u:object_r:device:s0
|
||||
/dev/akm8973.* u:object_r:sensors_device:s0
|
||||
/dev/accelerometer u:object_r:sensors_device:s0
|
||||
/dev/adf[0-9]* u:object_r:adf_device:s0
|
||||
/dev/adf-interface[0-9]*\.[0-9]* u:object_r:adf_device:s0
|
||||
/dev/adf-overlay-engine[0-9]*\.[0-9]* u:object_r:adf_device:s0
|
||||
/dev/adf[0-9]* u:object_r:graphics_device:s0
|
||||
/dev/adf-interface[0-9]*\.[0-9]* u:object_r:graphics_device:s0
|
||||
/dev/adf-overlay-engine[0-9]*\.[0-9]* u:object_r:graphics_device:s0
|
||||
/dev/alarm u:object_r:alarm_device:s0
|
||||
/dev/android_adb.* u:object_r:adb_device:s0
|
||||
/dev/ashmem u:object_r:ashmem_device:s0
|
||||
|
|
|
|||
|
|
@ -23,7 +23,6 @@ allow healthd sysfs:file write;
|
|||
### healthd: charger mode
|
||||
###
|
||||
|
||||
allow healthd adf_device:chr_file rw_file_perms;
|
||||
allow healthd graphics_device:dir r_dir_perms;
|
||||
allow healthd graphics_device:chr_file rw_file_perms;
|
||||
allow healthd input_device:dir r_dir_perms;
|
||||
|
|
|
|||
|
|
@ -29,9 +29,6 @@ allow surfaceflinger gpu_device:chr_file rw_file_perms;
|
|||
allow surfaceflinger graphics_device:dir search;
|
||||
allow surfaceflinger graphics_device:chr_file rw_file_perms;
|
||||
|
||||
# Access ADF device nodes.
|
||||
allow surfaceflinger adf_device:chr_file rw_file_perms;
|
||||
|
||||
# Access /dev/video1.
|
||||
allow surfaceflinger video_device:dir r_dir_perms;
|
||||
allow surfaceflinger video_device:chr_file rw_file_perms;
|
||||
|
|
|
|||
Loading…
Reference in a new issue