summaryrefslogtreecommitdiffstats
path: root/target/board/generic_x86/sepolicy
diff options
context:
space:
mode:
authorStephen Smalley <sds@tycho.nsa.gov>2014-06-16 12:36:49 -0400
committerStephen Smalley <sds@tycho.nsa.gov>2014-06-17 09:35:56 -0400
commita49411f49bbfc05923776acee4fa4d9acc4d4b0b (patch)
tree75970d83d374c105f845a6ee54a6792f6d1ff2fd /target/board/generic_x86/sepolicy
parent78eee96a7215c24e46dee6affe209bf9562767d5 (diff)
downloadbuild-a49411f49bbfc05923776acee4fa4d9acc4d4b0b.zip
build-a49411f49bbfc05923776acee4fa4d9acc4d4b0b.tar.gz
build-a49411f49bbfc05923776acee4fa4d9acc4d4b0b.tar.bz2
Coalesce generic_x86 and generic sepolicy where possible.
We originally forked a complete copy of generic/sepolicy into generic_x86/sepolicy, but we can instead inherit from it and merely add rules as needed under generic_x86/sepolicy. Change-Id: I21e1a1425ce08676a8ea69685a4761db3bfde628 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Diffstat (limited to 'target/board/generic_x86/sepolicy')
-rw-r--r--target/board/generic_x86/sepolicy/device.te1
-rw-r--r--target/board/generic_x86/sepolicy/domain.te3
-rw-r--r--target/board/generic_x86/sepolicy/file.te1
-rw-r--r--target/board/generic_x86/sepolicy/file_contexts4
-rw-r--r--target/board/generic_x86/sepolicy/qemud.te6
-rw-r--r--target/board/generic_x86/sepolicy/rild.te1
-rw-r--r--target/board/generic_x86/sepolicy/shell.te1
-rw-r--r--target/board/generic_x86/sepolicy/system_server.te1
8 files changed, 0 insertions, 18 deletions
diff --git a/target/board/generic_x86/sepolicy/device.te b/target/board/generic_x86/sepolicy/device.te
deleted file mode 100644
index e4af13c..0000000
--- a/target/board/generic_x86/sepolicy/device.te
+++ /dev/null
@@ -1 +0,0 @@
-type qemu_device, dev_type;
diff --git a/target/board/generic_x86/sepolicy/domain.te b/target/board/generic_x86/sepolicy/domain.te
index c3161b3..0bc8d87 100644
--- a/target/board/generic_x86/sepolicy/domain.te
+++ b/target/board/generic_x86/sepolicy/domain.te
@@ -1,4 +1 @@
-# For /sys/qemu_trace files in the emulator.
-allow domain sysfs_writable:file rw_file_perms;
allow domain cpuctl_device:dir search;
-allow domain qemu_device:chr_file rw_file_perms;
diff --git a/target/board/generic_x86/sepolicy/file.te b/target/board/generic_x86/sepolicy/file.te
deleted file mode 100644
index 6fad80a..0000000
--- a/target/board/generic_x86/sepolicy/file.te
+++ /dev/null
@@ -1 +0,0 @@
-type qemud_socket, file_type;
diff --git a/target/board/generic_x86/sepolicy/file_contexts b/target/board/generic_x86/sepolicy/file_contexts
deleted file mode 100644
index f204cde..0000000
--- a/target/board/generic_x86/sepolicy/file_contexts
+++ /dev/null
@@ -1,4 +0,0 @@
-/dev/qemu_.* u:object_r:qemu_device:s0
-/dev/socket/qemud u:object_r:qemud_socket:s0
-/system/bin/qemud u:object_r:qemud_exec:s0
-/sys/qemu_trace(/.*)? -- u:object_r:sysfs_writable:s0
diff --git a/target/board/generic_x86/sepolicy/qemud.te b/target/board/generic_x86/sepolicy/qemud.te
deleted file mode 100644
index 4ff02ec..0000000
--- a/target/board/generic_x86/sepolicy/qemud.te
+++ /dev/null
@@ -1,6 +0,0 @@
-# qemu support daemon
-type qemud, domain;
-type qemud_exec, exec_type, file_type;
-
-init_daemon_domain(qemud)
-unconfined_domain(qemud)
diff --git a/target/board/generic_x86/sepolicy/rild.te b/target/board/generic_x86/sepolicy/rild.te
deleted file mode 100644
index e148b6c..0000000
--- a/target/board/generic_x86/sepolicy/rild.te
+++ /dev/null
@@ -1 +0,0 @@
-unix_socket_connect(rild, qemud, qemud)
diff --git a/target/board/generic_x86/sepolicy/shell.te b/target/board/generic_x86/sepolicy/shell.te
deleted file mode 100644
index b246d7e..0000000
--- a/target/board/generic_x86/sepolicy/shell.te
+++ /dev/null
@@ -1 +0,0 @@
-allow shell serial_device:chr_file rw_file_perms;
diff --git a/target/board/generic_x86/sepolicy/system_server.te b/target/board/generic_x86/sepolicy/system_server.te
index 0ede971..5d98a14 100644
--- a/target/board/generic_x86/sepolicy/system_server.te
+++ b/target/board/generic_x86/sepolicy/system_server.te
@@ -1,2 +1 @@
allow system_server self:process execmem;
-unix_socket_connect(system_server, qemud, qemud)