sanders: init: cleanup
* Remove some proprietary scripts * Should help for sepolicy rules
This commit is contained in:
Vachounet
@@ -35,7 +35,6 @@ type netmgr_data_file, file_type, data_file_type;
|
||||
type sysfs_adsp, fs_type, sysfs_type;
|
||||
type sysfs_homebutton, fs_type, sysfs_type, mlstrustedobject;
|
||||
type sysfs_mmi_fp, fs_type, sysfs_type;
|
||||
type sysfs_mmi_touch, fs_type, sysfs_type;
|
||||
|
||||
type sysfs_capsense, fs_type, sysfs_type;
|
||||
type sysfs_batt, fs_type, sysfs_type;
|
||||
|
||||
@@ -10,8 +10,6 @@
|
||||
/system/bin/charge_only_mode u:object_r:charge_only_exec:s0
|
||||
/system/bin/hci_qcomm_init u:object_r:config_bluetooth_exec:s0
|
||||
/system/bin/init\.mmi\.boot\.sh u:object_r:mmi_boot_exec:s0
|
||||
/system/bin/init\.mmi\.touch\.sh u:object_r:mmi_touch_sh_exec:s0
|
||||
/system/bin/init\.oem\.hw\.sh u:object_r:oem-hw-sh_exec:s0
|
||||
/system/bin/wlan_carrier_bin\.sh u:object_r:init_wifi_exec:s0
|
||||
/system/bin/motosh u:object_r:sensor_hub_exec:s0
|
||||
/system/bin/akmd09912 u:object_r:akmd_exec:s0
|
||||
@@ -30,9 +28,6 @@
|
||||
|
||||
/sys/devices/soc/7af8000.spi/spi_master/spi8/spi8.0(/.*)? u:object_r:sysfs_fpc:s0
|
||||
|
||||
# mmi_touch related /sys files
|
||||
/sys/devices/soc/78b7000\.i2c/i2c-3/3-0020(/.*)? u:object_r:sysfs_mmi_touch:s0
|
||||
|
||||
# Modem
|
||||
/persist/mdm(/.*)? u:object_r:persist_modem_file:s0
|
||||
|
||||
|
||||
@@ -1,27 +0,0 @@
|
||||
type mmi_touch_sh, domain;
|
||||
type mmi_touch_sh_exec, exec_type, file_type;
|
||||
init_daemon_domain(mmi_touch_sh)
|
||||
|
||||
# shell scripts need to execute /system/bin/sh
|
||||
allow mmi_touch_sh shell_exec:file rx_file_perms;
|
||||
allow mmi_touch_sh toolbox_exec:file rx_file_perms;
|
||||
|
||||
# Logs to /dev/kmsg
|
||||
allow mmi_touch_sh kmsg_device:chr_file w_file_perms;
|
||||
|
||||
# Write to /sys/path/to/firmware/forcereflash
|
||||
# Read from /sys/path/to/firmware/poweron (and others)
|
||||
allow mmi_touch_sh sysfs_mmi_touch:file rw_file_perms;
|
||||
allow mmi_touch_sh sysfs_mmi_touch:file setattr;
|
||||
allow mmi_touch_sh sysfs_mmi_touch:dir search;
|
||||
allow mmi_touch_sh system_file:dir r_file_perms;
|
||||
allow mmi_touch_sh self:capability chown;
|
||||
|
||||
# WRONG
|
||||
allow mmi_touch_sh sysfs:dir r_dir_perms;
|
||||
allow mmi_touch_sh sysfs:file rw_file_perms;
|
||||
allow mmi_touch_sh sysfs:file setattr;
|
||||
allow mmi_touch_sh sysfs:lnk_file getattr;
|
||||
|
||||
set_prop(mmi_touch_sh, touch_prop);
|
||||
set_prop(mmi_touch_sh, hw_rev_prop);
|
||||
@@ -1,17 +0,0 @@
|
||||
type oem-hw-sh, domain;
|
||||
type oem-hw-sh_exec, exec_type, file_type;
|
||||
init_daemon_domain(oem-hw-sh)
|
||||
|
||||
allow oem-hw-sh hw_block_device:blk_file { open read write };
|
||||
allow oem-hw-sh init:unix_stream_socket connectto;
|
||||
allow oem-hw-sh kmsg_device:chr_file { write open };
|
||||
allow oem-hw-sh proc:file { write getattr open read };
|
||||
allow oem-hw-sh property_socket:sock_file write;
|
||||
allow oem-hw-sh rootfs:file {entrypoint read open };
|
||||
allow oem-hw-sh self:capability dac_override;
|
||||
allow oem-hw-sh shell_exec:file { entrypoint read getattr };
|
||||
allow oem-hw-sh system_file:file execute_no_trans;
|
||||
allow oem-hw-sh system_prop:property_service set;
|
||||
allow oem-hw-sh toolbox_exec:file { execute execute_no_trans getattr open read };
|
||||
allow oem-hw-sh touch_prop:file { getattr open read };
|
||||
allow oem-hw-sh touch_prop:property_service set;
|
||||
@@ -1,6 +1,4 @@
|
||||
allow ueventd sysfs_mmi_fp:file w_file_perms;
|
||||
allow ueventd sysfs_mmi_touch:file w_file_perms;
|
||||
allow ueventd sysfs_mmi_touch:dir search;
|
||||
|
||||
allow ueventd synaptics_rmi_device:chr_file { rw_file_perms relabelfrom relabelto};
|
||||
allow ueventd sysfs_fpc:file rw_file_perms;
|
||||
|
||||
Reference in New Issue
Block a user