Merge "Stop using the bdev_type and sysfs_block_type SELinux attributes" am: 5e016c1721 am: df2c2457dc am: 46cbeedd02

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1875763

Change-Id: Iff051a9a266d6de9d63198686366fec0318d4fc8
This commit is contained in:
Bart Van Assche 2021-11-05 21:29:28 +00:00 committed by Automerger Merge Worker
commit 89a0a01910
7 changed files with 24 additions and 29 deletions

View file

@ -7,7 +7,7 @@
# in tools/checkfc.c
attribute dev_type;
# Attribute for block devices.
# TODO(b/202520796) Remove this attribute once the sc-dev branch stops using it.
attribute bdev_type;
# All types used for processes.

View file

@ -1,7 +1,7 @@
type ashmem_device, dev_type, mlstrustedobject;
type ashmem_libcutils_device, dev_type, mlstrustedobject;
type binder_device, dev_type, mlstrustedobject;
type block_device, dev_type, bdev_type;
type block_device, dev_type;
type console_device, dev_type;
type device, dev_type, fs_type;
type dm_device, dev_type;
@ -34,7 +34,7 @@ type tun_device, dev_type, mlstrustedobject;
type uhid_device, dev_type, mlstrustedobject;
type uio_device, dev_type;
type userdata_sysdev, dev_type;
type vd_device, dev_type, bdev_type;
type vd_device, dev_type;
type vndbinder_device, dev_type;
type vsock_device, dev_type;
type zero_device, dev_type, mlstrustedobject;

View file

@ -120,7 +120,6 @@ genfscon sysfs /devices/cs_etm u:object_r:sysfs_devices_cs_et
genfscon sysfs /devices/system/cpu u:object_r:sysfs_devices_system_cpu:s0
genfscon sysfs /class/android_usb u:object_r:sysfs_android_usb:s0
genfscon sysfs /class/extcon u:object_r:sysfs_extcon:s0
genfscon sysfs /class/block u:object_r:sysfs_block:s0
genfscon sysfs /class/leds u:object_r:sysfs_leds:s0
genfscon sysfs /class/net u:object_r:sysfs_net:s0
genfscon sysfs /class/rfkill/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0

View file

@ -7,7 +7,7 @@
# in tools/checkfc.c
attribute dev_type;
# Attribute for block devices.
# TODO(b/202520796) Remove this attribute once the sc-dev branch stops using it.
attribute bdev_type;
# All types used for processes.
@ -68,7 +68,7 @@ expandattribute proc_net_type true;
# All types used for sysfs files.
attribute sysfs_type;
# Attribute for /sys/class/block files.
# TODO(b/202520796) Remove this attribute once the sc-dev branch stops using it.
attribute sysfs_block_type;
# All types use for debugfs files.

View file

@ -6,18 +6,18 @@ type audio_device, dev_type;
type binder_device, dev_type, mlstrustedobject;
type hwbinder_device, dev_type, mlstrustedobject;
type vndbinder_device, dev_type;
type block_device, dev_type, bdev_type;
type block_device, dev_type;
type camera_device, dev_type;
type dm_device, dev_type, bdev_type;
type dm_user_device, dev_type, bdev_type;
type dm_device, dev_type;
type dm_user_device, dev_type;
type keychord_device, dev_type;
type loop_control_device, dev_type;
type loop_device, dev_type, bdev_type;
type loop_device, dev_type;
type pmsg_device, dev_type, mlstrustedobject;
type radio_device, dev_type;
type ram_device, dev_type, bdev_type;
type ram_device, dev_type;
type rtc_device, dev_type;
type vd_device, dev_type, bdev_type;
type vd_device, dev_type;
type vold_device, dev_type;
type console_device, dev_type;
type fscklogs, dev_type;
@ -73,51 +73,51 @@ type hci_attach_dev, dev_type;
type rpmsg_device, dev_type;
# Partition layout block device
type root_block_device, dev_type, bdev_type;
type root_block_device, dev_type;
# factory reset protection block device
type frp_block_device, dev_type, bdev_type;
type frp_block_device, dev_type;
# System block device mounted on /system.
# Documented at https://source.android.com/devices/bootloader/partitions-images
type system_block_device, dev_type, bdev_type;
type system_block_device, dev_type;
# Recovery block device.
# Documented at https://source.android.com/devices/bootloader/partitions-images
type recovery_block_device, dev_type, bdev_type;
type recovery_block_device, dev_type;
# boot block device.
# Documented at https://source.android.com/devices/bootloader/partitions-images
type boot_block_device, dev_type, bdev_type;
type boot_block_device, dev_type;
# Userdata block device mounted on /data.
# Documented at https://source.android.com/devices/bootloader/partitions-images
type userdata_block_device, dev_type, bdev_type;
type userdata_block_device, dev_type;
# Cache block device mounted on /cache.
# Documented at https://source.android.com/devices/bootloader/partitions-images
type cache_block_device, dev_type, bdev_type;
type cache_block_device, dev_type;
# Block device for any swap partition.
type swap_block_device, dev_type, bdev_type;
type swap_block_device, dev_type;
# Metadata block device used for encryption metadata.
# Assign this type to the partition specified by the encryptable=
# mount option in your fstab file in the entry for userdata.
# Documented at https://source.android.com/devices/bootloader/partitions-images
type metadata_block_device, dev_type, bdev_type;
type metadata_block_device, dev_type;
# The 'misc' partition used by recovery and A/B.
# Documented at https://source.android.com/devices/bootloader/partitions-images
type misc_block_device, dev_type, bdev_type;
type misc_block_device, dev_type;
# 'super' partition to be used for logical partitioning.
type super_block_device, super_block_device_type, dev_type, bdev_type;
type super_block_device, super_block_device_type, dev_type;
# sdcard devices; normally vold uses the vold_block_device label and creates a
# separate device node. gsid, however, accesses the original devide node
# created through uevents, so we use a separate label.
type sdcard_block_device, dev_type, bdev_type;
type sdcard_block_device, dev_type;
# Userdata device file for filesystem tunables
type userdata_sysdev, dev_type;

View file

@ -89,11 +89,10 @@ type sysfs, fs_type, sysfs_type, mlstrustedobject;
type sysfs_android_usb, fs_type, sysfs_type;
type sysfs_uio, sysfs_type, fs_type;
type sysfs_batteryinfo, fs_type, sysfs_type;
type sysfs_block, fs_type, sysfs_type, sysfs_block_type;
type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject;
type sysfs_devfreq_cur, fs_type, sysfs_type;
type sysfs_devfreq_dir, fs_type, sysfs_type;
type sysfs_devices_block, fs_type, sysfs_type, sysfs_block_type;
type sysfs_devices_block, fs_type, sysfs_type;
type sysfs_dm, fs_type, sysfs_type;
type sysfs_dm_verity, fs_type, sysfs_type;
type sysfs_dma_heap, fs_type, sysfs_type;

View file

@ -157,9 +157,6 @@ allow shell sysfs:dir r_dir_perms;
allow shell sysfs_batteryinfo:dir r_dir_perms;
allow shell sysfs_batteryinfo:file r_file_perms;
# allow shell to list /sys/class/block/ to get storage type for CTS
allow shell sysfs_block:dir r_dir_perms;
# Allow access to ion memory allocation device.
allow shell ion_device:chr_file rw_file_perms;