sepolicy: remove meta_tst & factory rules
This commit is contained in:
parent
97006709cb
commit
4f8bdff935
|
@ -1,65 +0,0 @@
|
|||
type factory_exec, exec_type, file_type;
|
||||
type factory, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(factory)
|
||||
net_domain(factory)
|
||||
|
||||
allow factory serial_device:chr_file rw_file_perms;
|
||||
|
||||
# Hardware nodes
|
||||
allow factory accdet_device:chr_file r_file_perms;
|
||||
allow factory ashmem_device:chr_file execute;
|
||||
allow factory audio_device:dir r_dir_perms;
|
||||
allow factory audio_device:chr_file rw_file_perms;
|
||||
allow factory camera_device:chr_file rw_file_perms;
|
||||
allow factory ccci_device:chr_file rw_file_perms;
|
||||
allow factory devmap_device:chr_file r_file_perms;
|
||||
allow factory gsm0710muxd_device:chr_file rw_file_perms;
|
||||
allow factory graphics_device:dir search;
|
||||
allow factory graphics_device:chr_file rw_file_perms;
|
||||
allow factory input_device:dir r_dir_perms;
|
||||
allow factory input_device:chr_file r_file_perms;
|
||||
allow factory pmic_adc_device:chr_file rw_file_perms;
|
||||
allow factory rtc_device:chr_file rw_file_perms;
|
||||
allow factory stpbt_device:chr_file rw_file_perms;
|
||||
allow factory wmtWifi_device:chr_file rw_file_perms;
|
||||
|
||||
# NVRAM
|
||||
allow factory nvdata_file:dir create_dir_perms;
|
||||
allow factory nvdata_file:file create_file_perms;
|
||||
allow factory nvdata_device:blk_file rw_file_perms;
|
||||
allow factory nvram_device:blk_file rw_file_perms;
|
||||
allow factory proinfo_device:blk_file rw_file_perms;
|
||||
|
||||
# Storage
|
||||
allow factory mnt_user_file:dir search;
|
||||
allow factory mmc_device:blk_file rw_file_perms;
|
||||
allow factory storage_file:dir r_dir_perms;
|
||||
allow factory storage_file:lnk_file r_file_perms;
|
||||
allow factory storage_file:file r_file_perms;
|
||||
|
||||
# Configuration
|
||||
allow factory sysfs:file write;
|
||||
allow factory sysfs_gps_file:dir r_dir_perms;
|
||||
allow factory sysfs_gps_file:file rw_file_perms;
|
||||
|
||||
# Sensors
|
||||
allow factory als_ps_device:chr_file r_file_perms;
|
||||
allow factory gsensor_device:chr_file rw_file_perms;
|
||||
allow factory msensor_device:chr_file rw_file_perms;
|
||||
|
||||
# GPS
|
||||
allow factory agpsd_data_file:dir r_dir_perms;
|
||||
allow factory agpsd_data_file:sock_file write;
|
||||
allow factory stpgps_device:chr_file rw_file_perms;
|
||||
allow factory gps_device:chr_file rw_file_perms;
|
||||
allow factory mnld_data_file:dir rw_dir_perms;
|
||||
allow factory mnld_data_file:file rw_file_perms;
|
||||
allow factory mnld_exec:file rx_file_perms;
|
||||
allow factory mnld_prop:property_service set;
|
||||
|
||||
# Other capabilities
|
||||
allow factory self:capability { dac_override net_admin net_raw sys_nice sys_time };
|
||||
allow factory self:process execmem;
|
||||
|
||||
set_prop(factory, audiohal_prop)
|
|
@ -22,10 +22,6 @@
|
|||
# Meizupshelper
|
||||
/(system|system\/vendor|vendor)/bin/meizupshelper u:object_r:meizupshelper_exec:s0
|
||||
|
||||
# Meta mode
|
||||
/(system|system\/vendor|vendor)/bin/meta_tst u:object_r:meta_tst_exec:s0
|
||||
/(system|system\/vendor|vendor)/bin/factory u:object_r:factory_exec:s0
|
||||
|
||||
# Files from firmware/nv partitions
|
||||
/protect_f(/.*)? u:object_r:protect_f_data_file:s0
|
||||
/protect_s(/.*)? u:object_r:protect_s_data_file:s0
|
||||
|
|
|
@ -1,43 +0,0 @@
|
|||
type meta_tst_exec, exec_type, file_type;
|
||||
type meta_tst, domain, domain_deprecated;
|
||||
|
||||
init_daemon_domain(meta_tst)
|
||||
|
||||
allow meta_tst ccci_device:chr_file rw_file_perms;
|
||||
allow meta_tst serial_device:chr_file rw_file_perms;
|
||||
|
||||
allow meta_tst nvdata_file:dir create_dir_perms;
|
||||
allow meta_tst nvdata_file:file create_file_perms;
|
||||
|
||||
allow meta_tst nvdata_device:blk_file rw_file_perms;
|
||||
allow meta_tst nvram_device:blk_file rw_file_perms;
|
||||
allow meta_tst proinfo_device:blk_file rw_file_perms;
|
||||
|
||||
allow meta_tst sysfs_gps_file:dir search;
|
||||
allow meta_tst sysfs_gps_file:file rw_file_perms;
|
||||
|
||||
allow meta_tst gps_device:chr_file { read write open };
|
||||
allow meta_tst agpsd_data_file:dir search;
|
||||
allow meta_tst agpsd_data_file:sock_file write;
|
||||
allow meta_tst gps_data_file:file create_file_perms;
|
||||
allow meta_tst gps_data_file:dir rw_dir_perms;
|
||||
|
||||
allow meta_tst mnld_exec:file { execute read open };
|
||||
allow meta_tst mnld_exec:file execute_no_trans;
|
||||
allow meta_tst stpgps_device:chr_file { open read write ioctl };
|
||||
allow meta_tst mnld_prop:property_service set;
|
||||
allow meta_tst mnld_data_file:file create_file_perms;
|
||||
allow meta_tst mnld_data_file:dir rw_dir_perms;
|
||||
|
||||
# For GPS
|
||||
allow meta_tst port:tcp_socket { name_connect name_bind };
|
||||
allow meta_tst self:tcp_socket { create connect setopt bind };
|
||||
allow meta_tst self:tcp_socket { bind setopt listen accept read write };
|
||||
allow meta_tst node:tcp_socket node_bind;
|
||||
|
||||
|
||||
allow meta_tst sysfs:file write;
|
||||
|
||||
set_prop(meta_tst, powerctl_prop)
|
||||
|
||||
allow meta_tst self:capability { net_raw chown fsetid sys_nice net_admin fowner dac_override sys_admin };
|
Loading…
Reference in New Issue