From 096cdeac27f8431bc551eaa20634fa50eba2516c Mon Sep 17 00:00:00 2001 From: Henrik Grimler Date: Sat, 5 Sep 2020 20:25:22 +0200 Subject: [PATCH] Sepolicy: mv mobicore/tee policy to android_device_samsung_slsi --- sepolicy/file.te | 2 -- sepolicy/file_contexts | 4 ---- sepolicy/hal_fingerprint_default.te | 1 - sepolicy/hal_gatekeeper_default.te | 1 - sepolicy/hal_keymaster_default.te | 1 - sepolicy/init.te | 1 - sepolicy/property.te | 3 --- sepolicy/property_contexts | 3 --- sepolicy/tee.te | 15 --------------- sepolicy/vendor_init.te | 1 - 10 files changed, 32 deletions(-) delete mode 100644 sepolicy/hal_keymaster_default.te delete mode 100644 sepolicy/tee.te delete mode 100644 sepolicy/vendor_init.te diff --git a/sepolicy/file.te b/sepolicy/file.te index 863203a..d72779a 100644 --- a/sepolicy/file.te +++ b/sepolicy/file.te @@ -23,9 +23,7 @@ type proc_swapiness, fs_type, proc_type; # data types type display_vendor_data_file, file_type, data_file_type; type fingerprintd_vendor_data_file, data_file_type, file_type; -type mobicore_vendor_data_file, data_file_type, file_type; type mediadrm_data_file, file_type, data_file_type; -type mobicore_data_file, data_file_type, core_data_file_type, file_type; # sysfs types type sysfs_batteryinfo_charger_writable, sysfs_type, rw_fs_type, fs_type; diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index 047f85d..3424af5 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -9,10 +9,6 @@ /dev/cpuset(/.*)? u:object_r:cgroup:s0 -/dev/mobicore u:object_r:tee_device:s0 -/dev/mobicore-user u:object_r:tee_device:s0 -/dev/t-base-tui u:object_r:tee_device:s0 - # camera /dev/m2m1shot_scaler0 u:object_r:m2m1shot_device:s0 diff --git a/sepolicy/hal_fingerprint_default.te b/sepolicy/hal_fingerprint_default.te index e35929b..7a5a796 100644 --- a/sepolicy/hal_fingerprint_default.te +++ b/sepolicy/hal_fingerprint_default.te @@ -1,5 +1,4 @@ allow hal_fingerprint_default fingerprintd_data_file:dir write; -allow hal_fingerprint_default tee_device:chr_file rw_file_perms; allow hal_fingerprint_default fingerprint_device:chr_file rw_file_perms; allow hal_fingerprint_default sysfs_virtual:dir search; allow hal_fingerprint_default sysfs_virtual:file r_file_perms; diff --git a/sepolicy/hal_gatekeeper_default.te b/sepolicy/hal_gatekeeper_default.te index be9e93e..c9c3b96 100644 --- a/sepolicy/hal_gatekeeper_default.te +++ b/sepolicy/hal_gatekeeper_default.te @@ -1,4 +1,3 @@ allow hal_gatekeeper_default gatekeeper_efs_file:file rw_file_perms; allow hal_gatekeeper_default gatekeeper_efs_file:dir search; -allow hal_gatekeeper_default tee_device:chr_file rw_file_perms; allow hal_gatekeeper_default efs_file:dir search; diff --git a/sepolicy/hal_keymaster_default.te b/sepolicy/hal_keymaster_default.te deleted file mode 100644 index 357775b..0000000 --- a/sepolicy/hal_keymaster_default.te +++ /dev/null @@ -1 +0,0 @@ -get_prop(hal_keymaster_default, tee_prop) diff --git a/sepolicy/init.te b/sepolicy/init.te index e5ca5f0..531b33e 100644 --- a/sepolicy/init.te +++ b/sepolicy/init.te @@ -34,7 +34,6 @@ allow init sysfs_graphics:file create_file_perms; allow init sysfs_touchscreen_writable:file setattr; allow init system_server:binder { transfer call }; -allow init tee_device:chr_file rw_file_perms; allow init device:chr_file ioctl; allow init self:tcp_socket create_socket_perms; allow init node:tcp_socket node_bind; diff --git a/sepolicy/property.te b/sepolicy/property.te index ec74269..99ad75c 100644 --- a/sepolicy/property.te +++ b/sepolicy/property.te @@ -1,9 +1,6 @@ # modemloader type modemloader_prop, property_type; -# mobicore (tee) -type tee_prop, property_type; - type persist_rmnet_prop, property_type; type persist_data_df_prop, property_type; type persist_data_wda_prop, property_type; diff --git a/sepolicy/property_contexts b/sepolicy/property_contexts index 193253a..19182c5 100644 --- a/sepolicy/property_contexts +++ b/sepolicy/property_contexts @@ -9,9 +9,6 @@ ro.cbd.dt_revision u:object_r:modemloader_prop:s0 ril.cbd.dt_revision u:object_r:modemloader_prop:s0 ro.modemloader.done u:object_r:modemloader_prop:s0 -# mobicore -sys.mobicoredaemon.enable u:object_r:tee_prop:s0 - persist.rmnet. u:object_r:persist_rmnet_prop:s0 persist.data.df. u:object_r:persist_data_df_prop:s0 persist.data.wda. u:object_r:persist_data_wda_prop:s0 diff --git a/sepolicy/tee.te b/sepolicy/tee.te deleted file mode 100644 index 667c8be..0000000 --- a/sepolicy/tee.te +++ /dev/null @@ -1,15 +0,0 @@ -allow tee efs_file:dir { search getattr }; -allow tee efs_file:file r_file_perms; -allow tee gatekeeper_efs_file:dir r_dir_perms; -allow tee gatekeeper_efs_file:file r_file_perms; -allow tee init:unix_stream_socket connectto; -allow tee property_socket:sock_file write; -allow tee prov_efs_file:dir search; -allow tee system_prop:property_service set; -allow tee tee_prop:property_service set; - -# /dev/t-base-tui -allow tee tee_device:chr_file r_file_perms; - -allow tee mobicore_vendor_data_file:dir r_dir_perms; -allow tee mobicore_vendor_data_file:file rw_file_perms; diff --git a/sepolicy/vendor_init.te b/sepolicy/vendor_init.te deleted file mode 100644 index 57f9235..0000000 --- a/sepolicy/vendor_init.te +++ /dev/null @@ -1 +0,0 @@ -allow vendor_init mobicore_data_file:dir setattr; -- 2.20.1