diff --git a/sepolicy/ccci_mdinit.te b/sepolicy/ccci_mdinit.te index 41c70ac..a156341 100644 --- a/sepolicy/ccci_mdinit.te +++ b/sepolicy/ccci_mdinit.te @@ -16,13 +16,11 @@ allow ccci_mdinit sysfs_devinfo:file r_file_perms; allow ccci_mdinit nvram_device:blk_file rw_file_perms; allow ccci_mdinit mtk_md_prop:property_service set; -allow ccci_mdinit ctl_ccci_fsd_prop:property_service set; -allow ccci_mdinit ctl_gsm0710muxd_prop:property_service set; -allow ccci_mdinit ctl_rildaemon_prop:property_service set; -allow ccci_mdinit radio_prop:property_service set; -allow ccci_mdinit ril_mux_report_case_prop:property_service set; +set_prop(ccci_mdinit, ctl_ccci_fsd_prop) +set_prop(ccci_mdinit, ctl_gsm0710muxd_prop) +set_prop(ccci_mdinit, ctl_rildaemon_prop) +set_prop(ccci_mdinit, radio_prop) +set_prop(ccci_mdinit, ril_mux_report_case_prop) allow ccci_mdinit mdlog_data_file:file r_file_perms; allow ccci_mdinit mdlog_data_file:dir r_dir_perms; - -unix_socket_connect(ccci_mdinit, property, init) \ No newline at end of file diff --git a/sepolicy/conn_launcher.te b/sepolicy/conn_launcher.te index d75e9e5..955d802 100644 --- a/sepolicy/conn_launcher.te +++ b/sepolicy/conn_launcher.te @@ -4,6 +4,5 @@ type conn_launcher, domain, domain_deprecated; init_daemon_domain(conn_launcher) allow conn_launcher stpwmt_device:chr_file rw_file_perms; -allow conn_launcher wmt_prop:property_service set; -unix_socket_connect(conn_launcher, property, init) +set_prop(conn_launcher, wmt_prop) diff --git a/sepolicy/factory.te b/sepolicy/factory.te index dc11934..48b668c 100644 --- a/sepolicy/factory.te +++ b/sepolicy/factory.te @@ -61,6 +61,5 @@ allow factory mnld_prop:property_service set; # Other capabilities allow factory self:capability { dac_override net_admin net_raw sys_nice sys_time }; allow factory self:process execmem; -allow factory audiohal_prop:property_service set; -unix_socket_connect(factory, property, init); +set_prop(factory, audiohal_prop) diff --git a/sepolicy/gsm0710muxd.te b/sepolicy/gsm0710muxd.te index 3c0a149..5e7884b 100644 --- a/sepolicy/gsm0710muxd.te +++ b/sepolicy/gsm0710muxd.te @@ -11,8 +11,6 @@ allow gsm0710muxd self:capability { setuid fowner chown }; allow gsm0710muxd sysfs_ccci:dir search; allow gsm0710muxd sysfs_ccci:file r_file_perms; -allow gsm0710muxd ctl_rildaemon_prop:property_service set; -allow gsm0710muxd radio_prop:property_service set; -allow gsm0710muxd ril_mux_report_case_prop:property_service set; - -unix_socket_connect(gsm0710muxd, property, init) +set_prop(gsm0710muxd, ctl_rildaemon_prop) +set_prop(gsm0710muxd, radio_prop) +set_prop(gsm0710muxd, ril_mux_report_case_prop) diff --git a/sepolicy/meta_tst.te b/sepolicy/meta_tst.te index 0e5d02b..2bfce58 100644 --- a/sepolicy/meta_tst.te +++ b/sepolicy/meta_tst.te @@ -39,7 +39,6 @@ allow meta_tst node:tcp_socket node_bind; allow meta_tst sysfs:file write; -allow meta_tst powerctl_prop:property_service set; -unix_socket_connect(meta_tst, property, init) +set_prop(meta_tst, powerctl_prop) allow meta_tst self:capability { net_raw chown fsetid sys_nice net_admin fowner dac_override sys_admin }; diff --git a/sepolicy/msensord.te b/sepolicy/msensord.te index 7fd06c5..ed523ce 100644 --- a/sepolicy/msensord.te +++ b/sepolicy/msensord.te @@ -5,6 +5,4 @@ init_daemon_domain(msensord) allow msensord msensord_daemon_sysfs:file r_file_perms; -allow msensord ctl_akmd09911_prop:property_service set; - -unix_socket_connect(msensord, property, init) +set_prop(msensord, ctl_akmd09911_prop) diff --git a/sepolicy/nvram_daemon.te b/sepolicy/nvram_daemon.te index da5c6bc..0fc8115 100644 --- a/sepolicy/nvram_daemon.te +++ b/sepolicy/nvram_daemon.te @@ -16,9 +16,8 @@ allow nvram_daemon msensor_device:chr_file r_file_perms; allow nvram_daemon gyroscope_device:chr_file r_file_perms; allow nvram_daemon proinfo_device:blk_file rw_file_perms; -allow nvram_daemon nvram_prop:property_service set; -allow nvram_daemon wmt_prop:property_service set; + +set_prop(nvram_daemon, nvram_prop) +set_prop(nvram_daemon, wmt_prop) allow nvram_daemon block_device:dir search; - -unix_socket_connect(nvram_daemon, property, init) diff --git a/sepolicy/pq.te b/sepolicy/pq.te index 239af5e..9fd0374 100644 --- a/sepolicy/pq.te +++ b/sepolicy/pq.te @@ -8,8 +8,6 @@ binder_call(pq, binderservicedomain) binder_service(pq) allow pq pq_service:service_manager add; -unix_socket_connect(pq, property, init) - -allow pq pq_conf_prop:property_service set; +set_prop(pq, pq_conf_prop) allow pq graphics_device:chr_file r_file_perms; diff --git a/sepolicy/ril-daemon-mtk.te b/sepolicy/ril-daemon-mtk.te index 7a74efc..b58f322 100644 --- a/sepolicy/ril-daemon-mtk.te +++ b/sepolicy/ril-daemon-mtk.te @@ -17,9 +17,7 @@ allow ril-daemon-mtk self:capability { setuid net_admin net_raw }; allow ril-daemon-mtk radio_device:dir search; allow ril-daemon-mtk radio_prop:property_service set; -allow ril-daemon-mtk ctl_muxreport-daemon_prop:property_service set; -allow ril-daemon-mtk ril_mux_report_case_prop:property_service set; -allow ril-daemon-mtk ril_sim_inserted_status:property_service set; -allow ril-daemon-mtk serial_number_prop:property_service set; - -unix_socket_connect(ril-daemon-mtk, property, init) +set_prop(ril-daemon-mtk, ctl_muxreport-daemon_prop) +set_prop(ril-daemon-mtk, ril_mux_report_case_prop) +set_prop(ril-daemon-mtk, ril_sim_inserted_status) +set_prop(ril-daemon-mtk, serial_number_prop) diff --git a/sepolicy/wmt_loader.te b/sepolicy/wmt_loader.te index 33da926..8220885 100644 --- a/sepolicy/wmt_loader.te +++ b/sepolicy/wmt_loader.te @@ -6,6 +6,5 @@ init_daemon_domain(wmt_loader) allow wmt_loader wmtdetect_device:chr_file create_file_perms; allow wmt_loader self:capability { chown dac_override }; allow wmt_loader proc_wmt:file setattr; -allow wmt_loader wmt_prop:property_service set; -unix_socket_connect(wmt_loader, property, init) +set_prop(wmt_loader, wmt_prop)