kunlun2: Nuke neverallows
for real now
This commit is contained in:
Giammarco Senatore
parent
dedb2fbbcc
commit
dfbc4aeaba
7 changed files with 1 additions and 17 deletions
2
sepolicy/vendor/hal_bluetooth.te
vendored
2
sepolicy/vendor/hal_bluetooth.te
vendored
|
|
@ -1 +1 @@
|
|||
allow hal_bluetooth vendor_data_file:file r_file_perms;
|
||||
allow hal_bluetooth vendor_data_file:file r_file_perms;
|
||||
2
sepolicy/vendor/hal_camera_default.te
vendored
2
sepolicy/vendor/hal_camera_default.te
vendored
|
|
@ -1,7 +1,5 @@
|
|||
allow hal_camera_default sysfs:file read;
|
||||
allow hal_camera_default sdcardfs:dir { search };
|
||||
allow hal_camera_default sdcardfs:file { rw_file_perms };
|
||||
allow hal_camera_default nfc_data_file: dir { search open};
|
||||
allow hal_camera_default default_android_hwservice:hwservice_manager find;
|
||||
allow hal_camera_default mnt_vendor_file:dir { add_name write };
|
||||
allow hal_camera_default mnt_vendor_file:file { create getattr open read write };
|
||||
|
|
|
|||
1
sepolicy/vendor/hal_fingerprint.te
vendored
1
sepolicy/vendor/hal_fingerprint.te
vendored
|
|
@ -1 +0,0 @@
|
|||
get_prop(hal_fingerprint, default_prop)
|
||||
4
sepolicy/vendor/hal_power_default.te
vendored
4
sepolicy/vendor/hal_power_default.te
vendored
|
|
@ -1,9 +1,6 @@
|
|||
allow hal_power_default debugfs_wlan:dir r_dir_perms;
|
||||
allow hal_power_default debugfs_wlan:file r_file_perms;
|
||||
|
||||
allow hal_power_default sysfs_graphics:dir search;
|
||||
allow hal_power_default sysfs_graphics:file r_file_perms;
|
||||
|
||||
allow hal_power_default sysfs_rpm:file r_file_perms;
|
||||
allow hal_power_default sysfs_system_sleep_stats:file r_file_perms;
|
||||
|
||||
|
|
@ -22,7 +19,6 @@ allow hal_power_default input_device:chr_file rw_file_perms;
|
|||
|
||||
# To get/set powerhal state property
|
||||
set_prop(hal_power_default, vendor_power_prop)
|
||||
allow hal_power_default system_prop:file r_file_perms;
|
||||
|
||||
# Rule for hal_power_default to access graphics composer process
|
||||
unix_socket_connect(hal_power_default, pps, hal_graphics_composer_default);
|
||||
|
|
|
|||
1
sepolicy/vendor/hwservicemanager.te
vendored
1
sepolicy/vendor/hwservicemanager.te
vendored
|
|
@ -1 +0,0 @@
|
|||
allow hwservicemanager init:binder transfer;
|
||||
6
sepolicy/vendor/init.te
vendored
6
sepolicy/vendor/init.te
vendored
|
|
@ -4,10 +4,4 @@ allow init vendor_file:file mounton;
|
|||
# Allow init to mount vendor configs
|
||||
allow init vendor_configs_file:dir mounton;
|
||||
|
||||
# Allow init to chown/chmod on pseudo files in /sys
|
||||
allow init sysfs_type:file { open read setattr };
|
||||
|
||||
# Allow init create cgroups
|
||||
allow init cgroup:file create;
|
||||
|
||||
permissive init;
|
||||
|
|
|
|||
2
sepolicy/vendor/system_server.te
vendored
2
sepolicy/vendor/system_server.te
vendored
|
|
@ -1,2 +0,0 @@
|
|||
allow system_server default_android_hwservice:hwservice_manager find;
|
||||
allow system_server init:binder call;
|
||||
Loading…
Reference in a new issue