sepolicy: fix system_file_type and get_prop for coredomians.

As part of new AOSP restriction all the domains which are working from system partation should have "system_file_type" attribute else will lead to compile time failure . For reading / setting any property we should be using following macros . set_prop( domain, property_label) get_prop( domain, property_label) So addressing these as part of new requirments . Change-Id: I6ef373404640f285a57484024665a42f615ce863
2018-11-01 17:09:19 +05:30
parent fd253c8e33
commit f90c624e54
7 changed files with 7 additions and 10 deletions
--- a/generic/private/dataservice_app.te
+++ b/generic/private/dataservice_app.te
@@ -42,4 +42,3 @@ allow dataservice_app radio_data_file:dir create_dir_perms;
 allow dataservice_app radio_data_file:{ file lnk_file } create_file_perms;

 hwbinder_use(dataservice_app)
-
--- a/generic/private/qti-testscripts.te
+++ b/generic/private/qti-testscripts.te
@@ -27,7 +27,7 @@

 #as the exec is defined in file_context  it is hitting build
 # error in user build  so moving out of the macro
-type qti-testscripts_exec, exec_type, file_type;
+type qti-testscripts_exec, system_file_type, exec_type, file_type;

 userdebug_or_eng(`
  typeattribute  qti-testscripts coredomain;
--- a/generic/vendor/common/domain.te
+++ b/generic/vendor/common/domain.te
@@ -36,7 +36,7 @@ allow domain debugfs_kgsl:dir search;

 allow domain debugfs_ion:dir search;

-allow domain vendor_gralloc_prop:file r_file_perms;
+get_prop(domain, vendor_gralloc_prop)

 r_dir_file({domain - isolated_app}, sysfs_soc);
 r_dir_file({domain - isolated_app}, sysfs_esoc);
--- a/generic/vendor/common/hal_graphics_composer_default.te
+++ b/generic/vendor/common/hal_graphics_composer_default.te
@@ -38,7 +38,7 @@ allow hal_graphics_composer_default mnt_vendor_file:dir search;

 allow hal_graphics_composer oemfs:dir r_dir_perms;

-allow hal_graphics_composer vendor_display_prop:file r_file_perms;
+get_prop(hal_graphics_composer, vendor_display_prop)

 allow hal_graphics_composer_default hal_graphics_mapper_hwservice:hwservice_manager find;

--- a/generic/vendor/common/hal_perf_default.te
+++ b/generic/vendor/common/hal_perf_default.te
@@ -40,7 +40,7 @@ allow hal_perf_client hal_perf_hwservice:hwservice_manager find;

 allow hal_perf cgroup:file r_file_perms;
 allow hal_perf_default proc:file rw_file_perms;
-allow hal_perf vendor_mpdecision_prop:file r_file_perms;
+get_prop(hal_perf, vendor_mpdecision_prop)

 allow hal_perf {
    sysfs_devices_system_cpu
--- a/generic/vendor/common/mm-pp-daemon.te
+++ b/generic/vendor/common/mm-pp-daemon.te
@@ -43,7 +43,7 @@ allow mm-pp-daemon sensors_device:chr_file r_file_perms;
 allow mm-pp-daemon sensors:unix_stream_socket connectto;

 # Allow read to display vendor properties
-allow mm-pp-daemon vendor_display_prop:file r_file_perms;
+get_prop(mm-pp-daemon, vendor_display_prop)

 # Rule for IPC communication
 allow mm-pp-daemon qdisplay_service:service_manager find;
--- a/generic/vendor/common/surfaceflinger.te
+++ b/generic/vendor/common/surfaceflinger.te
@@ -34,7 +34,5 @@ userdebug_or_eng(`
    diag_use(surfaceflinger)
 ')

-allow surfaceflinger {
-    vendor_gralloc_prop
-    vendor_display_prop
-}:file r_file_perms;
+get_prop(surfaceflinger, vendor_gralloc_prop)
+get_prop(surfaceflinger, vendor_display_prop)