sanders: update to sepolicy

Signed-off-by: ronaxdevil <pratabidya.007@gmail.com>
2019-10-25 18:22:45 +05:30
parent 9bac46e294
commit 3957741440
6 changed files with 11 additions and 11 deletions
--- a/sepolicy/vendor/cameraserver.te
+++ b/sepolicy/vendor/cameraserver.te
@@ -25,7 +25,7 @@ allow cameraserver media_rw_data_file:file { create read write open };
 allow cameraserver cameraserver:process { execmem };
 ####
-allow cameraserver debug_prop:file { r_file_perms };
+#allow cameraserver debug_prop:file { r_file_perms };
 allow cameraserver debug_prop:property_service set;
 #######
--- a/sepolicy/vendor/fingerprintd.te
+++ b/sepolicy/vendor/fingerprintd.te
@@ -8,5 +8,5 @@ allow fingerprintd sysfs_mmi_fp:file rw_file_perms;
 allow fingerprintd system_data_file:sock_file unlink;
 allow fingerprintd sysfs_fpc:dir r_dir_perms;
 allow fingerprintd sysfs_fpc:file rw_file_perms;
-allow fingerprintd tee_device:chr_file { ioctl open read write };
+#allow fingerprintd tee_device:chr_file { ioctl open read write };
 allow fingerprintd uhid_device:chr_file rw_file_perms;
--- a/sepolicy/vendor/hal_camera_default.te
+++ b/sepolicy/vendor/hal_camera_default.te
@@ -1,4 +1,4 @@
-allow hal_camera_default gpu_device:dir r_dir_perms;
+#allow hal_camera_default gpu_device:dir r_dir_perms;
-allow hal_camera_default gpu_device:file r_file_perms;
+#allow hal_camera_default gpu_device:file r_file_perms;
-allow hal_camera_default hal_configstore_ISurfaceFlingerConfigs:hwservice_manager find;
+#allow hal_camera_default hal_configstore_ISurfaceFlingerConfigs:hwservice_manager find;
-allow hal_camera_default hal_configstore_default:binder call;
+#allow hal_camera_default hal_configstore_default:binder call;
--- a/sepolicy/vendor/init.te
+++ b/sepolicy/vendor/init.te
@@ -12,7 +12,7 @@ allow init system_data_file:file lock;
 allow init audio_device:chr_file { write ioctl };
 allow init input_device:chr_file rw_file_perms;
 allow init sensors_device:chr_file { write ioctl };
-allow init tee_device:chr_file { write ioctl };
+#allow init tee_device:chr_file { write ioctl };
 allow init servicemanager:binder { transfer call };
 allow init system_server:binder { transfer call };
@@ -44,9 +44,9 @@ allow init self:netlink_route_socket { bind create getopt nlmsg_read read setopt
 allow init self:capability2 { block_suspend };
-allow init hal_sensors_hwservice:hwservice_manager find;
+#allow init hal_sensors_hwservice:hwservice_manager find;
-allow init { domain -lmkd -crash_dump }:process noatsecure;
+#allow init { domain -lmkd -crash_dump }:process noatsecure;
 #allow init hal_perf_hwservice:hwservice_manager find;
 allow init hidl_base_hwservice:hwservice_manager add;
--- a/sepolicy/vendor/radio.te
+++ b/sepolicy/vendor/radio.te
@@ -1,3 +1,3 @@
 allow radio system_app_data_file:dir getattr;
 #allow radio qmuxd_socket:sock_file write;
-allow radio vendor_file:file { getattr open read };
+#allow radio vendor_file:file { getattr open read };
--- a/sepolicy/vendor/system_server.te
+++ b/sepolicy/vendor/system_server.te
@@ -12,7 +12,7 @@ allow system_server init:unix_stream_socket write;
 allow system_server sensors_device:chr_file { ioctl open read };
-allow system_server vendor_file:file { getattr read };
+#allow system_server vendor_file:file { getattr read };
 allow system_server sysfs:file getattr;
 allow system_server thermal_service:service_manager find;