sepolicy: Fix treble violations associated with properties

Change-Id: I8e69aeeaf62f50ab837d56ec9f685a46a6ccae08
2018-06-13 19:48:56 -07:00
parent f426e2e764
commit 69424359c8
11 changed files with 14 additions and 49 deletions
--- a/vendor/common/app.te
+++ b/vendor/common/app.te
@@ -1,2 +1,2 @@
 # For the camera app
-get_prop(appdomain, camera_prop)
+get_prop(appdomain, vendor_camera_prop)
--- a/vendor/common/cameraserver.te
+++ b/vendor/common/cameraserver.te
@@ -1,6 +1,6 @@
 allow cameraserver gpu_device:chr_file rw_file_perms;

-get_prop(cameraserver, camera_prop)
+get_prop(cameraserver, vendor_camera_prop)

 allow cameraserver sysfs_camera:file r_file_perms;
 allow cameraserver sysfs_camera:dir search;
--- a/vendor/common/domain.te
+++ b/vendor/common/domain.te
@@ -10,8 +10,6 @@ allow domain debugfs_kgsl:dir search;

 allow domain debugfs_ion:dir search;

-allow domain debug_gralloc_prop:file r_file_perms;
-
 r_dir_file({domain - isolated_app}, sysfs_soc);
 r_dir_file({domain - isolated_app}, sysfs_esoc);
 r_dir_file({domain - isolated_app}, sysfs_ssr);
--- a/vendor/common/hal_camera.te
+++ b/vendor/common/hal_camera.te
@@ -11,7 +11,7 @@ allow hal_camera gpu_device:chr_file rw_file_perms;
 allow hal_camera input_device:dir r_dir_perms;
 allow hal_camera input_device:chr_file r_file_perms;

-set_prop(hal_camera, camera_prop)
+set_prop(hal_camera, vendor_camera_prop)

 #allow hal_camera sysfs_enable_ps_sensor:file w_file_perms;
 r_dir_file(hal_camera, sysfs_type)
--- a/vendor/common/init_shell.te
+++ b/vendor/common/init_shell.te
@@ -42,11 +42,9 @@ allow qti_init_shell self:capability {
    sys_admin
 };

-set_prop(qti_init_shell, ctl_hbtp_prop)
 set_prop(qti_init_shell, ctl_netmgrd_prop)
 set_prop(qti_init_shell, ctl_port-bridge_prop)
 set_prop(qti_init_shell, ctl_qcrild_prop)
-set_prop(qti_init_shell, debug_gralloc_prop)
 set_prop(qti_init_shell, ipacm-diag_prop)
 set_prop(qti_init_shell, ipacm_prop)
 set_prop(qti_init_shell, msm_irqbalance_prop)
--- a/vendor/common/property.te
+++ b/vendor/common/property.te
@@ -1,30 +1,21 @@
 type ctl_netmgrd_prop, property_type;
 type ctl_port-bridge_prop, property_type;
 type ctl_qcrild_prop, property_type;
-type camera_prop, property_type;
+type vendor_camera_prop, property_type;
 type cnd_prop, property_type;
-type cnss_diag_prop, property_type;
 type crash_cnt_prop, property_type;
 type crash_detect_prop, property_type;
-type ctl_hbtp_prop, property_type;
-type debug_gralloc_prop, property_type;
 type ims_prop, property_type;
 type ipacm_prop, property_type;
 type ipacm-diag_prop, property_type;
-type keymaster_prop, property_type;
-type modem_diag_prop, property_type;
+type vendor_modem_diag_prop, property_type;
 type msm_irqbalance_prop, property_type;
-type net_rmnet_prop, property_type;
 type vendor_per_mgr_state_prop, property_type;
-type post_boot_prop, property_type;
 type vendor_dataqti_prop, property_type;
-type ramdump_prop, property_type;
+type vendor_ramdump_prop, property_type;
 type sensors_prop, property_type;
-type ssr_prop, property_type;
-type sys_time_prop, property_type;
 type vendor_tee_listener_prop, property_type;
 type vendor_usb_prop, property_type;
-type thermal_prop, property_type;
 type vendor_radio_prop, property_type;
 type vendor_system_prop, property_type;

--- a/vendor/common/property_contexts
+++ b/vendor/common/property_contexts
@@ -8,41 +8,23 @@ ctl.vendor.msm_irqbalance  u:object_r:msm_irqbalance_prop:s0
 ctl.vendor.netmgrd         u:object_r:ctl_netmgrd_prop:s0
 ctl.vendor.port-bridge     u:object_r:ctl_port-bridge_prop:s0
 ctl.vendor.qcrild          u:object_r:ctl_qcrild_prop:s0
-ctl.hbtp                   u:object_r:ctl_hbtp_prop:s0
 ctl.vendor.ipacm           u:object_r:ipacm_prop:s0
 ctl.vendor.ipacm-diag      u:object_r:ipacm-diag_prop:s0
 ctl.vendor.dataqti         u:object_r:vendor_dataqti_prop:s0
 ctl.vendor.sensors         u:object_r:sensors_prop:s0
-ctl.thermal-engine         u:object_r:thermal_prop:s0
 vendor.audio.              u:object_r:vendor_audio_prop:s0
 vendor.voice.              u:object_r:vendor_audio_prop:s0
 persist.vendor.audio.      u:object_r:vendor_audio_prop:s0
 ro.vendor.audio.           u:object_r:vendor_audio_prop:s0
-debug.gralloc.             u:object_r:debug_gralloc_prop:s0
-debug.ramdump.             u:object_r:ramdump_prop:s0
-debug.ssrdump              u:object_r:ssr_prop:s0
-htc.camera.                u:object_r:camera_prop:s0
-net.r_rmnet_data0          u:object_r:net_rmnet_prop:s0
-persist.camera.            u:object_r:camera_prop:s0
-persist.ims.disabled       u:object_r:ims_prop:s0
-persist.net.doxlat         u:object_r:net_radio_prop:s0
-persist.sys.cnd            u:object_r:cnd_prop:s0
-persist.sys.cnss.          u:object_r:cnss_diag_prop:s0
-persist.sys.crash_rcu      u:object_r:ramdump_prop:s0
-persist.sys.modem.diag.    u:object_r:modem_diag_prop:s0
+vendor.debug.camera.       u:object_r:vendor_camera_prop:s0
+persist.vendor.camera.     u:object_r:vendor_camera_prop:s0
+persist.vendor.sys.crash_rcu      u:object_r:vendor_ramdump_prop:s0
+persist.vendor.sys.modem.diag.    u:object_r:vendor_modem_diag_prop:s0
 persist.vendor.sys.cnd     u:object_r:cnd_prop:s0
 persist.vendor.crash.cnt   u:object_r:crash_cnt_prop:s0
 persist.vendor.crash.detect u:object_r:crash_detect_prop:s0
-radio.                     u:object_r:radio_prop:s0
-rcs.publish.status         u:object_r:radio_prop:s0
-service.qti.ims.enabled    u:object_r:ims_prop:s0
-sys.ims.                   u:object_r:ims_prop:s0
-sys.keymaster.loaded       u:object_r:keymaster_prop:s0
 vendor.sys.listeners.registered   u:object_r:vendor_tee_listener_prop:s0
-sys.modem.diag.            u:object_r:modem_diag_prop:s0
-sys.post_boot.             u:object_r:post_boot_prop:s0
-sys.qcom.thermalcfg        u:object_r:thermal_prop:s0
-sys.time.set               u:object_r:sys_time_prop:s0
+vendor.sys.modem.diag.     u:object_r:vendor_modem_diag_prop:s0
 vendor.usb.                u:object_r:vendor_usb_prop:s0
 persist.vendor.usb.        u:object_r:vendor_usb_prop:s0
 vendor.peripheral.         u:object_r:vendor_per_mgr_state_prop:s0
--- a/vendor/common/qlogd.te
+++ b/vendor/common/qlogd.te
@@ -11,5 +11,5 @@ userdebug_or_eng(`
  allow qlogd radio_vendor_data_file:file create_file_perms;
  allow qlogd radio_vendor_data_file:dir create_dir_perms;

-  set_prop(qlogd, modem_diag_prop)
-')
+  set_prop(qlogd, vendor_modem_diag_prop)
+')
--- a/vendor/common/subsystem_ramdump.te
+++ b/vendor/common/subsystem_ramdump.te
@@ -13,7 +13,7 @@ userdebug_or_eng(`
  allow vendor_subsystem_ramdump ramdump_vendor_data_file:dir rw_dir_perms;
  allow vendor_subsystem_ramdump ramdump_vendor_data_file:file create_file_perms;

-  set_prop(vendor_subsystem_ramdump, ssr_prop);
+  set_prop(vendor_subsystem_ramdump, vendor_ssr_prop);

  allow vendor_subsystem_ramdump vendor_mdmhelperdata_data_file:dir r_dir_perms;
  allow vendor_subsystem_ramdump vendor_mdmhelperdata_data_file:file r_file_perms;
--- a/vendor/common/tee.te
+++ b/vendor/common/tee.te
@@ -3,7 +3,6 @@ allow tee self:capability { chown setgid setuid sys_admin sys_rawio };
 allow tee device:dir r_dir_perms;

 set_prop(tee, vendor_tee_listener_prop)
-set_prop(tee, keymaster_prop)

 allow tee firmware_file:dir search;
 allow tee block_device:dir { getattr search };
--- a/vendor/common/time_daemon.te
+++ b/vendor/common/time_daemon.te
@@ -12,9 +12,6 @@ r_dir_file(time_daemon, sysfs_esoc);
 allow time_daemon sysfs_soc:dir search;
 allow time_daemon sysfs_soc:file r_file_perms;

-# Set sys.time.set property
-set_prop(time_daemon, sys_time_prop);
-
 allow time_daemon persist_time_file:dir w_dir_perms;
 allow time_daemon persist_time_file:file create_file_perms;
 allow time_daemon persist_time_file:dir search;