diff options
author | repo sync <gcondra@google.com> | 2013-05-22 14:32:53 -0700 |
---|---|---|
committer | repo sync <gcondra@google.com> | 2013-05-22 14:32:53 -0700 |
commit | 08daba32cfa88924565658944800595f6be4dce4 (patch) | |
tree | 005dc9d03ef7e9e3627a81f9c89ceae3be74eb22 | |
parent | 51f50c0a51bf1f5acf01b557764331800c15f637 (diff) | |
download | grouper-08daba32cfa88924565658944800595f6be4dce4.tar.gz |
Take care of remaining denials.
Change-Id: I87ec97f96de07fc3dcb10b4e5c3c9ad0f9ba5b15
-rw-r--r-- | sepolicy/btmacreader.te | 14 | ||||
-rw-r--r-- | sepolicy/sensors_config.te | 16 |
2 files changed, 2 insertions, 28 deletions
diff --git a/sepolicy/btmacreader.te b/sepolicy/btmacreader.te index da47fc1..231777b 100644 --- a/sepolicy/btmacreader.te +++ b/sepolicy/btmacreader.te @@ -3,17 +3,5 @@ permissive btmacreader; type btmacreader_exec, exec_type, file_type; type mac_data_file, file_type, data_file_type; init_daemon_domain(btmacreader) -allow btmacreader self:capability dac_override; -allow btmacreader mac_data_file:dir { mounton rmdir }; -allow btmacreader shell_exec:file rx_file_perms; file_type_auto_trans(btmacreader, system_data_file, mac_data_file) - -# Execute toolbox commands -allow btmacreader system_file:file execute_no_trans; - -# Read from per device partition -allow btmacreader sensors_block_device:lnk_file read; -allow btmacreader sdcard_external:filesystem { mount unmount }; -allow btmacreader tty_device:chr_file rw_file_perms; -allow btmacreader self:capability sys_admin; -allow btmacreader bluetooth_data_file:dir search; +unconfined_domain(btmacreader) diff --git a/sepolicy/sensors_config.te b/sepolicy/sensors_config.te index 132aeaf..2669715 100644 --- a/sepolicy/sensors_config.te +++ b/sepolicy/sensors_config.te @@ -6,19 +6,5 @@ permissive sensors_config; type sensors_config_exec, exec_type, file_type; type sensors_data_file, file_type, data_file_type; init_daemon_domain(sensors_config) -allow sensors_config self:capability { dac_override chown fowner fsetid }; -allow sensors_config sensors_data_file:dir { create_dir_perms mounton }; -allow sensors_config sensors_data_file:file create_file_perms; -allow sensors_config shell_exec:file rx_file_perms; file_type_auto_trans(sensors_config, system_data_file, sensors_data_file) -allow sensors_config system_data_file:dir { remove_name }; - -# Execute toolbox commands -allow sensors_config system_file:file execute_no_trans; - -# Read from per device partition -allow sensors_config sensors_block_device:lnk_file read; -allow sensors_config sdcard_external:filesystem { mount unmount }; -allow sensors_config sdcard_external:file r_file_perms; -allow sensors_config tty_device:chr_file rw_file_perms; -allow sensors_config self:capability sys_admin; +unconfined_domain(sensors_config) |