diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2013-11-04 10:06:08 -0500 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2013-11-06 16:01:38 -0800 |
commit | e3354bc11b2024790f659dff8e1dca2797c13052 (patch) | |
tree | c0d59053e78e70037137fa2b2f1ec322aaafcfd9 | |
parent | b3e573f87c52a1862bf67aaa03fe80013853563c (diff) | |
download | mako-e3354bc11b2024790f659dff8e1dca2797c13052.tar.gz |
Move audio_firmware_file and /data/misc/audio entry to core sepolicy.
file_contexts uses regexes, not a globs, so use (/.*)? rather than /*
to match the directory and anything beneath it.
Since /data/misc/audio is not device-specific, move it to core sepolicy.
Consider renaming this type in the future to audio_data_file, but that
is left to a separate change as it will require a restorecon_recursive
on mako.
Change-Id: Ib8c96ab9e19d34e8e34a4c859528345763be4906
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
-rw-r--r-- | sepolicy/file.te | 2 | ||||
-rw-r--r-- | sepolicy/file_contexts | 3 | ||||
-rw-r--r-- | sepolicy/mediaserver.te | 3 |
3 files changed, 0 insertions, 8 deletions
diff --git a/sepolicy/file.te b/sepolicy/file.te index 7cff3b7..30fd2ba 100644 --- a/sepolicy/file.te +++ b/sepolicy/file.te @@ -8,8 +8,6 @@ type kickstart_data_file, file_type, data_file_type; type mpdecision_socket, file_type; -type audio_firmware_file, file_type; - # Default type for anything under /firmware type radio_efs_file, fs_type; diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index 6729e0d..aa8f832 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -71,9 +71,6 @@ /dev/cpu_dma_latency u:object_r:power_control_device:s0 -# Qualcomm audio firmware files -/data/misc/audio/* u:object_r:audio_firmware_file:s0 - /dev/ks_hsic_bridge u:object_r:kickstart_device:s0 /dev/efs_hsic_bridge u:object_r:kickstart_device:s0 diff --git a/sepolicy/mediaserver.te b/sepolicy/mediaserver.te index e5d9af0..7091ab5 100644 --- a/sepolicy/mediaserver.te +++ b/sepolicy/mediaserver.te @@ -7,6 +7,3 @@ qmux_socket(mediaserver) # Permit mediaserver to create sockets allow mediaserver self:socket create; -# Grant access to audio firmware files to mediaserver -allow mediaserver audio_firmware_file:dir ra_dir_perms; -allow mediaserver audio_firmware_file:file create_file_perms; |