exynos9610: sepolicy: Address the last outstanding denials

Change-Id: I1b6d2ed981974def5716dab29dc8c84fe1e4f93d

diff --git a/sepolicy/vendor/kernel.te b/sepolicy/vendor/kernel.te
index badcddb7f302fb13f91a6d2dfbdbb2990ad765af..bfdab66a18aed11abda22782e5ec85123b943565 100644 (file)
--- a/sepolicy/vendor/kernel.te
+++ b/sepolicy/vendor/kernel.te
@@ -1,4 +1,4 @@
-allow kernel self:capability mknod;
+allow kernel self:capability { kill mknod };
 
 # macros would grant too many perms which run into neverallows
 allow kernel device:chr_file { create getattr setattr unlink };

diff --git a/sepolicy/vendor/property.te b/sepolicy/vendor/property.te
index c1c102549a6eadd6ed6d923a9b5628393b5ab500..0e6df2d56993c6a6552980277ca01f4483e1e7c0 100644 (file)
--- a/sepolicy/vendor/property.te
+++ b/sepolicy/vendor/property.te
@@ -1,3 +1,5 @@
+vendor_public_prop(deprecated_soc_prop)
+dontaudit domain deprecated_soc_prop:file *;
 vendor_public_prop(vendor_audio_prop)
 vendor_public_prop(vendor_camera_prop)
 vendor_public_prop(vendor_ims_prop)

diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts
index b83686f03faf5701a203db844e19a5c5728113fd..0ebb814175954a567b42eb6e22d20c295d5c0e80 100644 (file)
--- a/sepolicy/vendor/property_contexts
+++ b/sepolicy/vendor/property_contexts
@@ -13,6 +13,9 @@ vendor.charon.route                 u:object_r:vendor_ims_prop:s0
 custom.charon.status                u:object_r:vendor_ims_prop:s0
 vendor.pktrouter                    u:object_r:vendor_ims_prop:s0
 
+# Chip
+ro.hardware.chipname                u:object_r:deprecated_soc_prop:s0 exact string
+
 # HWC
 ro.vendor.ddk.set.afbc              u:object_r:vendor_hwc_prop:s0
 ro.vendor.winupdate                 u:object_r:vendor_hwc_prop:s0