diff options
author | RGIB <gibellini.roberto@gmail.com> | 2016-10-03 18:48:42 +0200 |
---|---|---|
committer | RGIB <gibellini.roberto@gmail.com> | 2016-10-03 18:51:35 +0200 |
commit | 1519eb5d5cb3189ab6c5e32fe4dfd985784cb915 (patch) | |
tree | 9e173b2284ba721af4caf623572c6f4a59fe9800 | |
parent | 0ae9c2be96aac1557c29f035ec8d07710364dbe4 (diff) | |
download | device_samsung_kona-common-1519eb5d5cb3189ab6c5e32fe4dfd985784cb915.zip device_samsung_kona-common-1519eb5d5cb3189ab6c5e32fe4dfd985784cb915.tar.gz device_samsung_kona-common-1519eb5d5cb3189ab6c5e32fe4dfd985784cb915.tar.bz2 |
kona : remove useless policies
Change-Id: I99fbb84ec77b8d03dd7508f2f6d6933c6056a597
-rw-r--r-- | selinux/DR-daemon.te | 11 | ||||
-rw-r--r-- | selinux/SMD-daemon.te | 6 | ||||
-rw-r--r-- | selinux/at_distributor.te | 32 | ||||
-rw-r--r-- | selinux/diag_uart_log.te | 7 | ||||
-rw-r--r-- | selinux/file_contexts | 4 | ||||
-rw-r--r-- | selinux/rild.te | 2 | ||||
-rw-r--r-- | selinux/servicemanager.te | 3 | ||||
-rw-r--r-- | selinux/system_server.te | 1 |
8 files changed, 0 insertions, 66 deletions
diff --git a/selinux/DR-daemon.te b/selinux/DR-daemon.te deleted file mode 100644 index c031d3f..0000000 --- a/selinux/DR-daemon.te +++ /dev/null @@ -1,11 +0,0 @@ -type DR-daemon, domain; -type DR-daemon_exec, exec_type, file_type; -init_daemon_domain(DR-daemon) -domain_trans(init, rootfs, DR-daemon) - -allow DR-daemon radio_data_file:sock_file unlink; -allow DR-daemon self:capability setuid; -allow DR-daemon serial_device:chr_file { read write ioctl open }; -allow DR-daemon system_data_file:dir { write remove_name }; -allow DR-daemon system_data_file:dir add_name; -allow DR-daemon system_data_file:sock_file create; diff --git a/selinux/SMD-daemon.te b/selinux/SMD-daemon.te deleted file mode 100644 index 36cfb12..0000000 --- a/selinux/SMD-daemon.te +++ /dev/null @@ -1,6 +0,0 @@ -type SMD-daemon, domain; -type SMD-daemon_exec, exec_type, file_type; -init_daemon_domain(SMD-daemon) -domain_trans(init, rootfs, SMD-daemon) - -allow SMD-daemon self:capability setuid; diff --git a/selinux/at_distributor.te b/selinux/at_distributor.te deleted file mode 100644 index 039b540..0000000 --- a/selinux/at_distributor.te +++ /dev/null @@ -1,32 +0,0 @@ -type at_distributor, domain; -type at_distributor_exec, exec_type, file_type; -init_daemon_domain(at_distributor) -domain_trans(init, rootfs, at_distributor) - -allow at_distributor DR-daemon:unix_stream_socket connectto; -allow at_distributor property_socket:sock_file write; -allow at_distributor radio_data_file:file { write create read getattr open }; -allow at_distributor radio_prop:property_service set; -allow at_distributor rild:unix_stream_socket connectto; -allow at_distributor self:capability dac_override; -allow at_distributor serial_device:chr_file { read write ioctl open }; -allow at_distributor sysfs_wake_lock:file { read write open }; -allow at_distributor system_data_file:sock_file write; -allow at_distributor efs_file:file getattr; -allow at_distributor init:unix_stream_socket connectto; -allow at_distributor efs_file:file { read open setattr }; -allow at_distributor self:capability { setuid fowner chown fsetid }; -allow at_distributor efs_file:dir search; -allow at_distributor radio_data_file:dir { search add_name write }; -allow at_distributor efs_file:dir { search getattr }; -allow at_distributor radio_data_file:file setattr; -allow at_distributor servicemanager:binder call; -allow at_distributor shell_exec:file { read execute open }; -allow at_distributor system_file:file execute_no_trans; -allow at_distributor zygote_exec:file { read getattr open execute execute_no_trans }; -allow at_distributor system_server:binder { transfer call }; -allow at_distributor diag_uart_log_exec:file getattr; -allow at_distributor gps_device:chr_file { read write ioctl open }; -allow at_distributor shell_exec:file execute_no_trans; -allow at_distributor radio_data_file:dir search; -allow at_distributor radio_data_file:file { read getattr open setattr }; diff --git a/selinux/diag_uart_log.te b/selinux/diag_uart_log.te deleted file mode 100644 index 38429db..0000000 --- a/selinux/diag_uart_log.te +++ /dev/null @@ -1,7 +0,0 @@ -type diag_uart_log, domain; -type diag_uart_log_exec, exec_type, file_type; -init_daemon_domain(diag_uart_log) -domain_trans(init, rootfs, diag_uart_log) - -allow diag_uart_log at_distributor:unix_stream_socket connectto; -allow diag_uart_log self:capability setuid; diff --git a/selinux/file_contexts b/selinux/file_contexts index 9c776ee..79c22e8 100644 --- a/selinux/file_contexts +++ b/selinux/file_contexts @@ -1,12 +1,8 @@ /system/bin/cbd u:object_r:cpboot-daemon_exec:s0 /system/bin/gpsd u:object_r:gpsd_exec:s0 -/system/bin/at_distributor u:object_r:at_distributor_exec:s0 -/system/bin/smdexe u:object_r:SMD-daemon_exec:s0 -/system/bin/ddexe u:object_r:DR-daemon_exec:s0 /system/bin/orientationd u:object_r:orientationd_exec:s0 /system/bin/geomagneticd u:object_r:geomagneticd_exec:s0 -/system/bin/diag_uart_log u:object_r:diag_uart_log_exec:s0 /system/bin/qcks u:object_r:qc_kickstart_exec:s0 /system/bin/ks u:object_r:qc_kickstart_exec:s0 /system/bin/efsks u:object_r:qc_kickstart_exec:s0 diff --git a/selinux/rild.te b/selinux/rild.te index d999b16..4205645 100644 --- a/selinux/rild.te +++ b/selinux/rild.te @@ -1,5 +1,3 @@ -allow rild at_distributor:dir search; -allow rild at_distributor:file { read getattr open }; allow rild gpsd:dir search; allow rild gpsd:file { read getattr open }; allow rild proc_net:file write; diff --git a/selinux/servicemanager.te b/selinux/servicemanager.te index 8d1d17e..d3f44a8 100644 --- a/selinux/servicemanager.te +++ b/selinux/servicemanager.te @@ -1,6 +1,3 @@ allow servicemanager gpsd:dir search; -allow servicemanager at_distributor:dir search; -allow servicemanager at_distributor:file { read open }; -allow servicemanager at_distributor:process getattr; allow servicemanager gpsd:file { read open }; allow servicemanager gpsd:process getattr; diff --git a/selinux/system_server.te b/selinux/system_server.te index b5e88e0..2926495 100644 --- a/selinux/system_server.te +++ b/selinux/system_server.te @@ -4,7 +4,6 @@ allow system_server efs_file:dir search; allow system_server efs_file:file { read write open }; allow system_server gps_data_file:file setattr; allow system_server gps_data_file:dir { search write add_name }; -allow system_server at_distributor:binder call; allow system_server socket_device:dir write; allow system_server qmuxd:unix_stream_socket connectto; allow system_server socket_device:dir add_name; |