Use more macros following review

author Henrik Grimler <henrik@grimler.se>

Sat, 5 Sep 2020 07:25:08 +0000 (09:25 +0200)

committer Jan Altensen <info@stricted.net>

Sun, 18 Oct 2020 09:48:31 +0000 (11:48 +0200)
author Henrik Grimler <henrik@grimler.se>
Sat, 5 Sep 2020 07:25:08 +0000 (09:25 +0200)
committer Jan Altensen <info@stricted.net>
Sun, 18 Oct 2020 09:48:31 +0000 (11:48 +0200)
diff --git a/sepolicy/crash_dump.te b/sepolicy/crash_dump.te

index 05ad1eb7bfcfc6649c3476ca77a505c8f4ea806f..138407f1aec5466c25b2b95bda58eea14f8bc70f 100644 (file)
--- a/sepolicy/crash_dump.te
+++ b/sepolicy/crash_dump.te
@@ -1,3 +1,4 @@
-allow crash_dump hwservicemanager_prop:file { getattr open };
-allow crash_dump exported_camera_prop:file { getattr open };
+get_prop(crash_dump, hwservicemanager_prop)
+get_prop(crash_dump, exported_camera_prop)
+
  allow crash_dump app_data_file:file read;
diff --git a/sepolicy/hal_audio_default.te b/sepolicy/hal_audio_default.te

index bb5794cabe370fc7207382baad7313b6b8ad24e5..9eb94155c25251cb6eaeeddc391ccccd742dd73e 100644 (file)
--- a/sepolicy/hal_audio_default.te
+++ b/sepolicy/hal_audio_default.te
@@ -8,6 +8,7 @@ allow hal_audio_default efs_file:dir search;
  
  allow hal_audio_default imei_efs_file:dir search;
  allow hal_audio_default imei_efs_file:file r_file_perms;
-allow hal_audio_default vendor_radio_prop:file { getattr open read };
+
+get_prop(hal_audio_default, vendor_radio_prop)
  
  allow hal_audio_default init:unix_stream_socket connectto;
diff --git a/sepolicy/hal_camera_default.te b/sepolicy/hal_camera_default.te

index 7311f6776f95ce3431a293ce18c0f0af5b2b6d22..313e7bca5797f597b7340e68f51a1e9a1556658d 100644 (file)
--- a/sepolicy/hal_camera_default.te
+++ b/sepolicy/hal_camera_default.te
@@ -7,8 +7,9 @@ allow hal_camera_default sysfs_virtual:dir search;
  allow hal_camera_default sysfs_virtual:file rw_file_perms;
  allow hal_camera_default sysfs_camera:dir search;
  allow hal_camera_default sysfs_camera:file rw_file_perms;
-allow hal_camera_default exported_camera_prop:file { getattr open read };
  allow hal_camera_default camera_data_file:dir search;
  
+get_prop(hal_camera_default, exported_camera_prop)
+
  binder_call(hal_camera_default, system_server)
  binder_call(system_server, hal_camera_default)
diff --git a/sepolicy/hal_keymaster_default.te b/sepolicy/hal_keymaster_default.te

index cb241b3712cdc83d4aa65473a7707df7166d5f23..357775b5813134e252e1d0c97089a0ea240b60ab 100644 (file)
--- a/sepolicy/hal_keymaster_default.te
+++ b/sepolicy/hal_keymaster_default.te
@@ -1 +1 @@
-allow hal_keymaster_default tee_prop:file { getattr open read };
+get_prop(hal_keymaster_default, tee_prop)
diff --git a/sepolicy/hal_vibrator_default.te b/sepolicy/hal_vibrator_default.te

index d4b5e867ca16ecf40ebf5bf96c61ad081163de44..a81495f7d48fecd1ef2424fdef87cd2f259d52f1 100644 (file)
--- a/sepolicy/hal_vibrator_default.te
+++ b/sepolicy/hal_vibrator_default.te
@@ -1,2 +1,2 @@
  allow hal_vibrator_default sysfs_virtual:dir search;
-allow hal_vibrator_default sysfs_virtual:file { open write getattr };
+allow hal_vibrator_default sysfs_virtual:file rw_file_perms;
diff --git a/sepolicy/hal_wifi_hostapd_default.te b/sepolicy/hal_wifi_hostapd_default.te

index 0489d847802250146c9a42b898c0ed07be4f4803..c13b15806ceb16a22a47d35e77e78d02f52acf08 100644 (file)
--- a/sepolicy/hal_wifi_hostapd_default.te
+++ b/sepolicy/hal_wifi_hostapd_default.te
@@ -1,2 +1,2 @@
  allow hal_wifi_hostapd_default sysfs_virtual:dir search;
-allow hal_wifi_hostapd_default sysfs_virtual:lnk_file { read getattr };
+allow hal_wifi_hostapd_default sysfs_virtual:lnk_file r_file_perms;
diff --git a/sepolicy/property.te b/sepolicy/property.te

index e590d3141f24d1a1eb9ab7f7b4776903bd444855..ec742694d6b0c33724e0a16d216503e6587b3b8e 100644 (file)
--- a/sepolicy/property.te
+++ b/sepolicy/property.te
@@ -11,4 +11,4 @@ type persist_data_wda_prop, property_type;
  type vendor_camera_prop, property_type;
  type vendor_factory_prop, property_type;
  type vendor_gps_prop, property_type;
-type vendor_nfc_prop, property_type;
-\ No newline at end of file
+type vendor_nfc_prop, property_type;
diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te

index 1d0bc5c1cc3b3c9df7632452361886e6ca3acf2e..e7717585c7c325a16e7d82f173ca1dda9736b76f 100644 (file)
--- a/sepolicy/system_server.te
+++ b/sepolicy/system_server.te
@@ -8,4 +8,5 @@ allow system_server debugfs_ion:file r_file_perms;
  allow system_server debugfs_mali_mem:file r_file_perms;
  
  allow system_server frp_block_device:blk_file rw_file_perms;
-allow system_server vendor_radio_prop:file { getattr open read };
+
+get_prop(system_server, vendor_radio_prop)
author	Henrik Grimler <henrik@grimler.se>
	Sat, 5 Sep 2020 07:25:08 +0000 (09:25 +0200)
committer	Jan Altensen <info@stricted.net>
	Sun, 18 Oct 2020 09:48:31 +0000 (11:48 +0200)
sepolicy/crash_dump.te		patch \| blob \| blame \| history
sepolicy/hal_audio_default.te		patch \| blob \| blame \| history
sepolicy/hal_camera_default.te		patch \| blob \| blame \| history
sepolicy/hal_keymaster_default.te		patch \| blob \| blame \| history
sepolicy/hal_vibrator_default.te		patch \| blob \| blame \| history
sepolicy/hal_wifi_hostapd_default.te		patch \| blob \| blame \| history
sepolicy/property.te		patch \| blob \| blame \| history
sepolicy/system_server.te		patch \| blob \| blame \| history