MiPad4/android_device_xiaomi_sdm660-common
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sdm660-common: Cleanup sepolicy

Browse source 
* Fix neverallows

Signed-off-by: clarencelol <clarencekuiek@icloud.com>
Signed-off-by: pix106 <sbordenave@gmail.com>
This commit is contained in:
clarencelol 2021-07-24 08:08:47 +00:00 committed by pix106
parent 1426027286
commit 5514002bef
3 changed files with 3 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
sepolicy/vendor/hal_power_stats_default.te vendored
View file

@ -1,17 +1,3 @@
allow hal_power_stats_default sysfs:dir { open read };
allow hal_power_stats_default sysfs:file open;
allow hal_power_stats_default sysfs:file { open read };
allow hal_power_stats_default sysfs_kgsl:file { r_file_perms getattr };
# Needed to traverse odpm files
r_dir_file(hal_power_stats_default, sysfs_iio_devices)
# Needed to traverse platform low power stats
r_dir_file(hal_power_stats_default, sysfs_power_stats)
# The following folders are incidentally accessed by hal_power_stats_default and are not needed.
dontaudit hal_power_stats_default sysfs_power_stats_ignore:dir r_dir_perms;
dontaudit hal_power_stats_default sysfs_power_stats_ignore:file r_file_perms;
dontaudit hal_power_stats_default sysfs:file { open read };
vndbinder_use(hal_power_stats)
add_service(hal_power_stats_server, power_stats_service)

3
sepolicy/vendor/netutils_wrapper.te vendored
View file

@ -1 +1,2 @@
allow netutils_wrapper netutils_wrapper:capability { kill };
dontaudit netutils_wrapper kernel:system module_request;
dontaudit netutils_wrapper self:capability { sys_module sys_admin };

2
sepolicy/vendor/zygote.te vendored
View file

@ -1,4 +1,2 @@
allow zygote exported_camera_prop:file { open read getattr write };
get_prop(zygote, exported_camera_prop)
allow zygote unlabeled:dir { search };