sanders: Update to match new qcom sepolicy

Change-Id: If6e58161489790ea7736dc1ec1fe11f2e2841b6c Signed-off-by: Erfan Abdi <erfangplus@gmail.com> Signed-off-by: therootlord <igor_cestari@hotmail.com>
2018-09-14 00:21:33 +04:30
parent a589c5e853
commit 2f35f4fbb1
12 changed files with 6 additions and 24 deletions
--- a/rootdir/etc/init.qcom.rc
+++ b/rootdir/etc/init.qcom.rc
@@ -684,7 +684,7 @@ service vendor.per_proxy /vendor/bin/pm-proxy
    disabled
    writepid /dev/cpuset/system-background/tasks
-on property:init.svc.per_mgr=running
+on property:init.svc.vendor.per_mgr=running
    start vendor.per_proxy
 on property:sys.shutdown.requested=*
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
@@ -105,7 +105,6 @@
 /dev/l3g4200d                                            u:object_r:sensors_device:s0
 /dev/stml0xx_ms                                          u:object_r:sensors_device:s0
 /dev/stml0xx_as                                          u:object_r:sensors_device:s0
 /data/misc/sensor(/.*)?                                  u:object_r:sensors_data_file:s0
 # WCNSS
 /sys/module/wcnsscore/parameters(/.*)?                   u:object_r:sysfs_wcnsscore:s0
@@ -113,7 +112,6 @@
 /data/misc/perfd(/.*)?                                          u:object_r:perfd_data_file:s0
 /data/system/perfd(/.*)?                                        u:object_r:perfd_data_file:s0
 /data/oemnvitems(/.*)?                                          u:object_r:nv_data_file:s0
 /data/vendor/time(/.*)?                                         u:object_r:time_data_file:s0
 /system/vendor/bin/perfd           u:object_r:perfd_exec:s0
 /system/vendor/bin/hw/android\.hardware\.power@1\.1-service-qti          u:object_r:hal_power_default_exec:s0
@@ -123,8 +121,6 @@
 /sys/kernel/debug/rmt_storage(/.*)? u:object_r:debugfs_rmt_storage:s0
 /data/vendor/nfc(/.*)? u:object_r:nfc_data_file:s0
 # Fingerprint custom hal
 /(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service_32 u:object_r:hal_fingerprint_default_exec:s0
--- a/sepolicy/vendor/hal_camera_default.te
+++ b/sepolicy/vendor/hal_camera_default.te
@@ -1,4 +1,4 @@
 allow hal_camera_default gpu_device:dir r_dir_perms;
 allow hal_camera_default gpu_device:file r_file_perms;
 allow hal_camera_default hal_configstore_ISurfaceFlingerConfigs:hwservice_manager find;
-allow hal_camera_default hal_configstore_default:binder call;
+allow hal_camera_default hal_configstore_default:binder call;
--- a/sepolicy/vendor/per_mgr.te
+++ b/sepolicy/vendor/per_mgr.te
@@ -1 +1 @@
-allow per_mgr self:capability net_raw;
+allow vendor_per_mgr self:capability net_raw;
--- a/sepolicy/vendor/peripheral_manager.te
+++ b/sepolicy/vendor/peripheral_manager.te
@@ -1,5 +0,0 @@
 # binder_call(per_mgr, servicemanager);
 allow per_mgr self:capability net_raw;
 # allow per_mgr per_mgr_service_old:service_manager { add find };
 # allow per_mgr servicemanager:binder { call transfer };
--- a/sepolicy/vendor/platform_app.te
+++ b/sepolicy/vendor/platform_app.te
@@ -1,10 +1,7 @@
 get_prop(platform_app, camera_prop);
 get_prop(platform_app, qemu_hw_mainkeys_prop);
 binder_call(platform_app, hal_sensors_default);
 allow platform_app rootfs:dir getattr;
 allow platform_app init:unix_stream_socket { read write };
 allow platform_app hal_sensors_default:unix_stream_socket { read write };
 allow platform_app qemu_hw_mainkeys_prop:file {getattr open read};
--- a/sepolicy/vendor/priv_app.te
+++ b/sepolicy/vendor/priv_app.te
@@ -3,4 +3,3 @@ allow priv_app persist_file:filesystem getattr;
 allow priv_app proc_interrupts:file { open read getattr };
 allow priv_app proc_modules:file { open read getattr };
 get_prop(priv_app, adspd_prop);
 get_prop(priv_app, qemu_hw_mainkeys_prop);
--- a/sepolicy/vendor/servicemanager.te
+++ b/sepolicy/vendor/servicemanager.te
@@ -26,9 +26,9 @@ allow servicemanager esepmdaemon:dir search;
 allow servicemanager esepmdaemon:file { open read };
 allow servicemanager esepmdaemon:process getattr;
-allow servicemanager per_mgr:dir search;
+allow servicemanager vendor_per_mgr:dir search;
-allow servicemanager per_mgr:file { open read };
+allow servicemanager vendor_per_mgr:file { open read };
-allow servicemanager per_mgr:process getattr;
+allow servicemanager vendor_per_mgr:process getattr;
 allow servicemanager wcnss_service:process getattr;
 allow servicemanager hal_gnss_qti:dir search;
--- a/sepolicy/vendor/system_app.te
+++ b/sepolicy/vendor/system_app.te
@@ -12,7 +12,6 @@ allow system_app init:unix_stream_socket { read write };
 allow system_app sysfs_homebutton:file write;
 get_prop(system_app, diag_prop);
 get_prop(system_app, qemu_hw_mainkeys_prop);
 binder_call(system_app, qtitetherservice_service);
 binder_call(system_app, wificond);
--- a/sepolicy/vendor/system_server.te
+++ b/sepolicy/vendor/system_server.te
@@ -16,5 +16,3 @@ allow system_server init:unix_stream_socket write;
 allow system_server sensors_device:chr_file { ioctl open read };
 allow system_server vendor_file:file { getattr open read execute };
 get_prop(system_server, alarm_boot_prop)
--- a/sepolicy/vendor/toolbox.te
+++ b/sepolicy/vendor/toolbox.te
@@ -1,7 +1,6 @@
 set_prop(toolbox, diag_prop);
 set_prop(toolbox, hw_rev_prop);
 set_prop(toolbox, touch_prop);
 get_prop(toolbox rmnet_mux_prop);
 allow toolbox init:fifo_file { write getattr };
 allow toolbox self:capability { chown dac_override };
--- a/sepolicy/vendor/untrusted_app_25.te
+++ b/sepolicy/vendor/untrusted_app_25.te
@@ -5,6 +5,5 @@
 allow untrusted_app_25 init:unix_stream_socket { read write };
 allow untrusted_app_25 proc_stat:file read;
 allow untrusted_app_25 qemu_hw_mainkeys_prop:file read;
 allow untrusted_app_25 self:udp_socket ioctl;
 allow untrusted_app_25 vold_exec:file read;
`@@ -1 +1 @@`
	`allow per_mgr self:capability net_raw;`	`allow vendor_per_mgr self:capability net_raw;`