From f098071ac73d9a019f3fc7646509ba97b4e2819a Mon Sep 17 00:00:00 2001 From: Jeff Vander Stoep Date: Fri, 5 Nov 2021 15:07:57 +0100 Subject: [PATCH] Remove references to nonplat sepolicy "nonplat" was renamed to "vendor" in Android Pie, but was retained here for Treble compatibility. We're now outside of the compatbility window for these devices so it can safely be removed. Test: atest treble_sepolicy_tests Change-Id: Iaa22af41a07b13adb7290f570db7a9d43b6e85cc --- private/compat/31.0/31.0.cil | 1 + private/file_contexts | 12 +----------- public/file.te | 3 --- public/servicemanager.te | 2 +- 4 files changed, 3 insertions(+), 15 deletions(-) diff --git a/private/compat/31.0/31.0.cil b/private/compat/31.0/31.0.cil index 35059a9b3..84d70c2c4 100644 --- a/private/compat/31.0/31.0.cil +++ b/private/compat/31.0/31.0.cil @@ -4,6 +4,7 @@ (type apex_scheduling_data_file) (type apex_wifi_data_file) (type healthd_exec) +(type nonplat_service_contexts_file) (type vr_hwc) (type vr_hwc_exec) diff --git a/private/file_contexts b/private/file_contexts index 14a56d558..3049bc681 100644 --- a/private/file_contexts +++ b/private/file_contexts @@ -48,29 +48,21 @@ # SELinux policy files /vendor_file_contexts u:object_r:file_contexts_file:s0 -/nonplat_file_contexts u:object_r:file_contexts_file:s0 /plat_file_contexts u:object_r:file_contexts_file:s0 /product_file_contexts u:object_r:file_contexts_file:s0 /mapping_sepolicy\.cil u:object_r:sepolicy_file:s0 -/nonplat_sepolicy\.cil u:object_r:sepolicy_file:s0 /plat_sepolicy\.cil u:object_r:sepolicy_file:s0 /plat_property_contexts u:object_r:property_contexts_file:s0 /product_property_contexts u:object_r:property_contexts_file:s0 -/nonplat_property_contexts u:object_r:property_contexts_file:s0 /vendor_property_contexts u:object_r:property_contexts_file:s0 /seapp_contexts u:object_r:seapp_contexts_file:s0 -/nonplat_seapp_contexts u:object_r:seapp_contexts_file:s0 /vendor_seapp_contexts u:object_r:seapp_contexts_file:s0 /plat_seapp_contexts u:object_r:seapp_contexts_file:s0 /sepolicy u:object_r:sepolicy_file:s0 /plat_service_contexts u:object_r:service_contexts_file:s0 /plat_hwservice_contexts u:object_r:hwservice_contexts_file:s0 /plat_keystore2_key_contexts u:object_r:keystore2_key_contexts_file:s0 -/nonplat_service_contexts u:object_r:nonplat_service_contexts_file:s0 -# Use nonplat_service_contexts_file to allow servicemanager to read it -# on non full-treble devices. -/vendor_service_contexts u:object_r:nonplat_service_contexts_file:s0 -/nonplat_hwservice_contexts u:object_r:hwservice_contexts_file:s0 +/vendor_service_contexts u:object_r:vendor_service_contexts_file:s0 /vendor_hwservice_contexts u:object_r:hwservice_contexts_file:s0 /vndservice_contexts u:object_r:vndservice_contexts_file:s0 @@ -402,8 +394,6 @@ # HAL location /(vendor|system/vendor)/lib(64)?/hw u:object_r:vendor_hal_file:s0 -/(vendor|system/vendor)/etc/selinux/nonplat_service_contexts u:object_r:nonplat_service_contexts_file:s0 - /(vendor|system/vendor)/etc/selinux/vendor_service_contexts u:object_r:vendor_service_contexts_file:s0 ############################# diff --git a/public/file.te b/public/file.te index 0b94e2ee7..559f864d2 100644 --- a/public/file.te +++ b/public/file.te @@ -565,9 +565,6 @@ type keystore2_key_contexts_file, system_file_type, file_type; # vendor service_contexts file type vendor_service_contexts_file, vendor_file_type, file_type; -# nonplat service_contexts file (only accessible on non full-treble devices) -type nonplat_service_contexts_file, vendor_file_type, file_type; - # hwservice_contexts file type hwservice_contexts_file, system_file_type, file_type; diff --git a/public/servicemanager.te b/public/servicemanager.te index 63fc2273a..a085a612c 100644 --- a/public/servicemanager.te +++ b/public/servicemanager.te @@ -22,7 +22,7 @@ allow servicemanager service_contexts_file:file r_file_perms; allow servicemanager vendor_service_contexts_file:file r_file_perms; # nonplat_service_contexts only accessible on non full-treble devices -not_full_treble(`allow servicemanager nonplat_service_contexts_file:file r_file_perms;') +not_full_treble(`allow servicemanager vendor_service_contexts_file:file r_file_perms;') add_service(servicemanager, service_manager_service) allow servicemanager dumpstate:fd use;