From a49411f49bbfc05923776acee4fa4d9acc4d4b0b Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Mon, 16 Jun 2014 12:36:49 -0400
Subject: Coalesce generic_x86 and generic sepolicy where possible.

We originally forked a complete copy of generic/sepolicy into
generic_x86/sepolicy, but we can instead inherit from it and
merely add rules as needed under generic_x86/sepolicy.

Change-Id: I21e1a1425ce08676a8ea69685a4761db3bfde628
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 target/board/generic_x86/BoardConfig.mk            | 5 ++++-
 target/board/generic_x86/sepolicy/device.te        | 1 -
 target/board/generic_x86/sepolicy/domain.te        | 3 ---
 target/board/generic_x86/sepolicy/file.te          | 1 -
 target/board/generic_x86/sepolicy/file_contexts    | 4 ----
 target/board/generic_x86/sepolicy/qemud.te         | 6 ------
 target/board/generic_x86/sepolicy/rild.te          | 1 -
 target/board/generic_x86/sepolicy/shell.te         | 1 -
 target/board/generic_x86/sepolicy/system_server.te | 1 -
 9 files changed, 4 insertions(+), 19 deletions(-)
 delete mode 100644 target/board/generic_x86/sepolicy/device.te
 delete mode 100644 target/board/generic_x86/sepolicy/file.te
 delete mode 100644 target/board/generic_x86/sepolicy/file_contexts
 delete mode 100644 target/board/generic_x86/sepolicy/qemud.te
 delete mode 100644 target/board/generic_x86/sepolicy/rild.te
 delete mode 100644 target/board/generic_x86/sepolicy/shell.te

(limited to 'target/board')

diff --git a/target/board/generic_x86/BoardConfig.mk b/target/board/generic_x86/BoardConfig.mk
index 68309e4..5d091f5 100644
--- a/target/board/generic_x86/BoardConfig.mk
+++ b/target/board/generic_x86/BoardConfig.mk
@@ -42,7 +42,10 @@ BOARD_CACHEIMAGE_FILE_SYSTEM_TYPE := ext4
 BOARD_FLASH_BLOCK_SIZE := 512
 TARGET_USERIMAGES_SPARSE_EXT_DISABLED := true
 
-BOARD_SEPOLICY_DIRS += build/target/board/generic_x86/sepolicy
+BOARD_SEPOLICY_DIRS += \
+        build/target/board/generic/sepolicy \
+        build/target/board/generic_x86/sepolicy
+
 BOARD_SEPOLICY_UNION += \
         device.te \
         domain.te \
diff --git a/target/board/generic_x86/sepolicy/device.te b/target/board/generic_x86/sepolicy/device.te
deleted file mode 100644
index e4af13c..0000000
--- a/target/board/generic_x86/sepolicy/device.te
+++ /dev/null
@@ -1 +0,0 @@
-type qemu_device, dev_type;
diff --git a/target/board/generic_x86/sepolicy/domain.te b/target/board/generic_x86/sepolicy/domain.te
index c3161b3..0bc8d87 100644
--- a/target/board/generic_x86/sepolicy/domain.te
+++ b/target/board/generic_x86/sepolicy/domain.te
@@ -1,4 +1 @@
-# For /sys/qemu_trace files in the emulator.
-allow domain sysfs_writable:file rw_file_perms;
 allow domain cpuctl_device:dir search;
-allow domain qemu_device:chr_file rw_file_perms;
diff --git a/target/board/generic_x86/sepolicy/file.te b/target/board/generic_x86/sepolicy/file.te
deleted file mode 100644
index 6fad80a..0000000
--- a/target/board/generic_x86/sepolicy/file.te
+++ /dev/null
@@ -1 +0,0 @@
-type qemud_socket, file_type;
diff --git a/target/board/generic_x86/sepolicy/file_contexts b/target/board/generic_x86/sepolicy/file_contexts
deleted file mode 100644
index f204cde..0000000
--- a/target/board/generic_x86/sepolicy/file_contexts
+++ /dev/null
@@ -1,4 +0,0 @@
-/dev/qemu_.*		u:object_r:qemu_device:s0
-/dev/socket/qemud	u:object_r:qemud_socket:s0
-/system/bin/qemud	u:object_r:qemud_exec:s0
-/sys/qemu_trace(/.*)?	--	u:object_r:sysfs_writable:s0
diff --git a/target/board/generic_x86/sepolicy/qemud.te b/target/board/generic_x86/sepolicy/qemud.te
deleted file mode 100644
index 4ff02ec..0000000
--- a/target/board/generic_x86/sepolicy/qemud.te
+++ /dev/null
@@ -1,6 +0,0 @@
-# qemu support daemon
-type qemud, domain;
-type qemud_exec, exec_type, file_type;
-
-init_daemon_domain(qemud)
-unconfined_domain(qemud)
diff --git a/target/board/generic_x86/sepolicy/rild.te b/target/board/generic_x86/sepolicy/rild.te
deleted file mode 100644
index e148b6c..0000000
--- a/target/board/generic_x86/sepolicy/rild.te
+++ /dev/null
@@ -1 +0,0 @@
-unix_socket_connect(rild, qemud, qemud)
diff --git a/target/board/generic_x86/sepolicy/shell.te b/target/board/generic_x86/sepolicy/shell.te
deleted file mode 100644
index b246d7e..0000000
--- a/target/board/generic_x86/sepolicy/shell.te
+++ /dev/null
@@ -1 +0,0 @@
-allow shell serial_device:chr_file rw_file_perms;
diff --git a/target/board/generic_x86/sepolicy/system_server.te b/target/board/generic_x86/sepolicy/system_server.te
index 0ede971..5d98a14 100644
--- a/target/board/generic_x86/sepolicy/system_server.te
+++ b/target/board/generic_x86/sepolicy/system_server.te
@@ -1,2 +1 @@
 allow system_server self:process execmem;
-unix_socket_connect(system_server, qemud, qemud)
-- 
cgit v1.1