Merge "cnd: Remove Unnecessary Policies"

2018-04-05 22:19:59 -07:00
parent a4fdf25684 70f87e5b57
commit 4666943851
1 changed files with 13 additions and 13 deletions
--- a/vendor/common/cnd.te
+++ b/vendor/common/cnd.te
@@ -5,41 +5,40 @@ file_type_auto_trans(cnd, socket_device, cnd_socket);
 # cnd is started by init, type transit from init domain to cnd domain
 init_daemon_domain(cnd)

-#communicating with QTI wlan driver for WFC/ VTiWLAN quality necessitates net_admin
-allow cnd self:capability { net_bind_service net_admin };
+#communicating with QTI wlan driver for WFC/ VTiWLAN quality
+allow cnd self:capability net_bind_service;
+unix_socket_send(cnd, wpa, hal_wifi_supplicant)
+allow cnd wpa_data_file:dir w_dir_perms;
+allow cnd wpa_data_file:sock_file create_file_perms;

+#allow processing of VoWifi indications from modem over QMI while dozing
 allow cnd self:capability2 block_suspend;

 allow cnd self:udp_socket create_socket_perms;
 allow cnd self:{
-    netlink_tcpdiag_socket
-    netlink_route_socket
+    # Allow receiving NETLINK responses from WLAN driver.
    netlink_socket
    netlink_generic_socket
-    # allow cnd to perform socket operation on itself
-    socket
 } create_socket_perms_no_ioctl;

-# required for VoWifi and WLAN events
-allow cnd self:netlink_route_socket nlmsg_read;
-
 allowxperm cnd self:udp_socket ioctl SIOCGIFMTU;

 allow cnd sysfs_timestamp_switch:file r_file_perms;
 allow cnd sysfs_data:file r_file_perms;
+r_dir_file(cnd, sysfs_soc)

 allow cnd proc_meminfo:file r_file_perms;

 set_prop(cnd, cnd_prop)

+allow cnd self:socket create_socket_perms;
+allowxperm cnd self:socket ioctl msm_sock_ipc_ioctls;
+
 # allow cnd to access cnd_data_file
 allow cnd cnd_data_file:file create_file_perms;
 allow cnd cnd_data_file:sock_file { unlink create setattr };
 allow cnd cnd_data_file:dir rw_dir_perms;

-allow cnd self:socket ioctl;
-allowxperm cnd self:socket ioctl msm_sock_ipc_ioctls;
-
 # allow cnd to obtain wakelock
 wakelock_use(cnd)

@@ -54,9 +53,10 @@ binder_call(cnd, dataservice_app)
 binder_call(cnd, ims)
 binder_call(cnd, location)

-unix_socket_send(cnd, wpa, hal_wifi_supplicant)
+

 #diag
 userdebug_or_eng(`
    diag_use(cnd)
+	r_dir_file(cnd, sysfs_diag)
 ')