sanders: Update to match new qcom sepolicy

Change-Id: If6e58161489790ea7736dc1ec1fe11f2e2841b6c Signed-off-by: Erfan Abdi <erfangplus@gmail.com> Signed-off-by: therootlord <igor_cestari@hotmail.com>
2018-09-14 00:21:33 +04:30
parent a589c5e853
commit 2f35f4fbb1
12 changed files with 6 additions and 24 deletions
--- a/rootdir/etc/init.qcom.rc
+++ b/rootdir/etc/init.qcom.rc
@@ -684,7 +684,7 @@ service vendor.per_proxy /vendor/bin/pm-proxy
    disabled
    writepid /dev/cpuset/system-background/tasks

-on property:init.svc.per_mgr=running
+on property:init.svc.vendor.per_mgr=running
    start vendor.per_proxy

 on property:sys.shutdown.requested=*
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
@@ -105,7 +105,6 @@
 /dev/l3g4200d                                            u:object_r:sensors_device:s0
 /dev/stml0xx_ms                                          u:object_r:sensors_device:s0
 /dev/stml0xx_as                                          u:object_r:sensors_device:s0
-/data/misc/sensor(/.*)?                                  u:object_r:sensors_data_file:s0

 # WCNSS
 /sys/module/wcnsscore/parameters(/.*)?                   u:object_r:sysfs_wcnsscore:s0
@@ -113,7 +112,6 @@
 /data/misc/perfd(/.*)?                                          u:object_r:perfd_data_file:s0
 /data/system/perfd(/.*)?                                        u:object_r:perfd_data_file:s0
 /data/oemnvitems(/.*)?                                          u:object_r:nv_data_file:s0
-/data/vendor/time(/.*)?                                         u:object_r:time_data_file:s0

 /system/vendor/bin/perfd           u:object_r:perfd_exec:s0
 /system/vendor/bin/hw/android\.hardware\.power@1\.1-service-qti          u:object_r:hal_power_default_exec:s0
@@ -123,8 +121,6 @@

 /sys/kernel/debug/rmt_storage(/.*)? u:object_r:debugfs_rmt_storage:s0

-/data/vendor/nfc(/.*)? u:object_r:nfc_data_file:s0
-
 # Fingerprint custom hal
 /(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service_32 u:object_r:hal_fingerprint_default_exec:s0

--- a/sepolicy/vendor/hal_camera_default.te
+++ b/sepolicy/vendor/hal_camera_default.te
@@ -1,4 +1,4 @@
 allow hal_camera_default gpu_device:dir r_dir_perms;
 allow hal_camera_default gpu_device:file r_file_perms;
 allow hal_camera_default hal_configstore_ISurfaceFlingerConfigs:hwservice_manager find;
-allow hal_camera_default hal_configstore_default:binder call;
+allow hal_camera_default hal_configstore_default:binder call;
--- a/sepolicy/vendor/per_mgr.te
+++ b/sepolicy/vendor/per_mgr.te
@@ -1 +1 @@
-allow per_mgr self:capability net_raw;
+allow vendor_per_mgr self:capability net_raw;
--- a/sepolicy/vendor/peripheral_manager.te
+++ b/sepolicy/vendor/peripheral_manager.te
@@ -1,5 +0,0 @@
-# binder_call(per_mgr, servicemanager);
-allow per_mgr self:capability net_raw;
-# allow per_mgr per_mgr_service_old:service_manager { add find };
-# allow per_mgr servicemanager:binder { call transfer };
-
--- a/sepolicy/vendor/platform_app.te
+++ b/sepolicy/vendor/platform_app.te
@@ -1,10 +1,7 @@
 get_prop(platform_app, camera_prop);
-get_prop(platform_app, qemu_hw_mainkeys_prop);
 binder_call(platform_app, hal_sensors_default);

 allow platform_app rootfs:dir getattr;

 allow platform_app init:unix_stream_socket { read write };
 allow platform_app hal_sensors_default:unix_stream_socket { read write };
-
-allow platform_app qemu_hw_mainkeys_prop:file {getattr open read};
--- a/sepolicy/vendor/priv_app.te
+++ b/sepolicy/vendor/priv_app.te
@@ -3,4 +3,3 @@ allow priv_app persist_file:filesystem getattr;
 allow priv_app proc_interrupts:file { open read getattr };
 allow priv_app proc_modules:file { open read getattr };
 get_prop(priv_app, adspd_prop);
-get_prop(priv_app, qemu_hw_mainkeys_prop);
--- a/sepolicy/vendor/servicemanager.te
+++ b/sepolicy/vendor/servicemanager.te
@@ -26,9 +26,9 @@ allow servicemanager esepmdaemon:dir search;
 allow servicemanager esepmdaemon:file { open read };
 allow servicemanager esepmdaemon:process getattr;

-allow servicemanager per_mgr:dir search;
-allow servicemanager per_mgr:file { open read };
-allow servicemanager per_mgr:process getattr;
+allow servicemanager vendor_per_mgr:dir search;
+allow servicemanager vendor_per_mgr:file { open read };
+allow servicemanager vendor_per_mgr:process getattr;
 allow servicemanager wcnss_service:process getattr;

 allow servicemanager hal_gnss_qti:dir search;
--- a/sepolicy/vendor/system_app.te
+++ b/sepolicy/vendor/system_app.te
@@ -12,7 +12,6 @@ allow system_app init:unix_stream_socket { read write };
 allow system_app sysfs_homebutton:file write;

 get_prop(system_app, diag_prop);
-get_prop(system_app, qemu_hw_mainkeys_prop);
 binder_call(system_app, qtitetherservice_service);
 binder_call(system_app, wificond);

--- a/sepolicy/vendor/system_server.te
+++ b/sepolicy/vendor/system_server.te
@@ -16,5 +16,3 @@ allow system_server init:unix_stream_socket write;
 allow system_server sensors_device:chr_file { ioctl open read };

 allow system_server vendor_file:file { getattr open read execute };
-
-get_prop(system_server, alarm_boot_prop)
--- a/sepolicy/vendor/toolbox.te
+++ b/sepolicy/vendor/toolbox.te
@@ -1,7 +1,6 @@
 set_prop(toolbox, diag_prop);
 set_prop(toolbox, hw_rev_prop);
 set_prop(toolbox, touch_prop);
-get_prop(toolbox rmnet_mux_prop);
 allow toolbox init:fifo_file { write getattr };

 allow toolbox self:capability { chown dac_override };
--- a/sepolicy/vendor/untrusted_app_25.te
+++ b/sepolicy/vendor/untrusted_app_25.te
@@ -5,6 +5,5 @@
 allow untrusted_app_25 init:unix_stream_socket { read write };

 allow untrusted_app_25 proc_stat:file read;
-allow untrusted_app_25 qemu_hw_mainkeys_prop:file read;
 allow untrusted_app_25 self:udp_socket ioctl;
 allow untrusted_app_25 vold_exec:file read;