diff options
author | Greg Kaiser <gkaiser@google.com> | 2020-09-28 14:38:51 -0700 |
---|---|---|
committer | Greg Kaiser <gkaiser@google.com> | 2020-09-28 14:58:24 -0700 |
commit | f1036aefcce9e4d386f2cf2bee9f56edd71b6f1d (patch) | |
tree | 8ff41cc8621ae3470c29b004b4ef7fdfe6540a94 | |
parent | ac44c530b47f8a86ad77891d771395d45fb85196 (diff) | |
download | wembley-sepolicy-f1036aefcce9e4d386f2cf2bee9f56edd71b6f1d.tar.gz |
Remove access of vendor_default_prop from coredomain
This is a Treble policy violation. As it turns out, at least
from initial testing, we don't appear to need any of these for
basic device functionality.
We comment these out so for future merge conflicts, we'll know
immediately why this line was different from Keystone.
Bug: 169606103
Test: Build, flash, install and run a couple apps, use camera, phone, messages, chrome, YouTube, and take a screenshot.
Change-Id: Ibaa33050f9876b663321f2c8069d6c087f06d9eb
-rw-r--r-- | non_plat/aee_aedv.te | 3 | ||||
-rw-r--r-- | non_plat/audioserver.te | 3 | ||||
-rw-r--r-- | non_plat/ccci_mdinit.te | 3 | ||||
-rw-r--r-- | non_plat/crash_dump.te | 3 | ||||
-rw-r--r-- | non_plat/em_hidl.te | 3 | ||||
-rw-r--r-- | non_plat/mobile_log_d.te | 3 | ||||
-rw-r--r-- | non_plat/system_app.te | 3 | ||||
-rw-r--r-- | plat_private/emdlogger.te | 3 | ||||
-rw-r--r-- | plat_private/netdiag.te | 3 | ||||
-rw-r--r-- | plat_private/radio.te | 3 | ||||
-rw-r--r-- | plat_private/system_server.te | 3 |
11 files changed, 22 insertions, 11 deletions
diff --git a/non_plat/aee_aedv.te b/non_plat/aee_aedv.te index 1620c6a..d8f8037 100644 --- a/non_plat/aee_aedv.te +++ b/non_plat/aee_aedv.te @@ -409,7 +409,8 @@ allow aee_aedv proc_slabtrace:file r_file_perms; allow aee_aedv proc_cmdq_debug:file r_file_perms; # temp solution -get_prop(aee_aedv, vendor_default_prop) +# GOOGLE: Commented out for b/169606103 +#get_prop(aee_aedv, vendor_default_prop) #data/dipdebug allow aee_aedv aee_dipdebug_vendor_file:dir r_dir_perms; diff --git a/non_plat/audioserver.te b/non_plat/audioserver.te index 71f7b4f..2438116 100644 --- a/non_plat/audioserver.te +++ b/non_plat/audioserver.te @@ -54,4 +54,5 @@ allow audioserver crash_dump:unix_stream_socket connectto; # Date: 2019/06/14 # Operation : Migration -get_prop(audioserver, vendor_default_prop) +# GOOGLE: Commented out for b/169606103 +#get_prop(audioserver, vendor_default_prop) diff --git a/non_plat/ccci_mdinit.te b/non_plat/ccci_mdinit.te index d745187..47a4e6d 100644 --- a/non_plat/ccci_mdinit.te +++ b/non_plat/ccci_mdinit.te @@ -36,7 +36,8 @@ set_prop(ccci_mdinit, vendor_mtk_ctl_ccci_fsd_prop) set_prop(ccci_mdinit, vendor_mtk_ctl_ccci2_fsd_prop) set_prop(ccci_mdinit, vendor_mtk_ctl_ccci3_fsd_prop) -get_prop(ccci_mdinit, vendor_default_prop) +# GOOGLE: Commented out for b/169606103 +#get_prop(ccci_mdinit, vendor_default_prop) get_prop(ccci_mdinit, system_mtk_init_svc_emdlogger1_prop) get_prop(ccci_mdinit, system_mtk_init_svc_aee_aedv_prop) diff --git a/non_plat/crash_dump.te b/non_plat/crash_dump.te index 289f4eb..cd8d21f 100644 --- a/non_plat/crash_dump.te +++ b/non_plat/crash_dump.te @@ -55,7 +55,8 @@ allow crash_dump sysfs_leds:dir search; allow crash_dump proc_kpageflags:file r_file_perms; # temp solution -get_prop(crash_dump, vendor_default_prop) +# GOOGLE: Commented out for b/169606103 +#get_prop(crash_dump, vendor_default_prop) hal_client_domain(crash_dump, mtk_hal_aee) diff --git a/non_plat/em_hidl.te b/non_plat/em_hidl.te index 36ccc8d..ec55315 100644 --- a/non_plat/em_hidl.te +++ b/non_plat/em_hidl.te @@ -105,7 +105,8 @@ allow em_hidl nvcfg_file:file r_file_perms; # Data : 2018/07/06 # Purpose : EM MCF search vendor dir allow em_hidl mnt_vendor_file:dir search; -get_prop(em_hidl, vendor_default_prop) +# GOOGLE: Commented out for b/169606103 +#get_prop(em_hidl, vendor_default_prop) # Data : 2018/08/10 # Purpose : EM BT usage diff --git a/non_plat/mobile_log_d.te b/non_plat/mobile_log_d.te index c425c7f..fb38e41 100644 --- a/non_plat/mobile_log_d.te +++ b/non_plat/mobile_log_d.te @@ -55,4 +55,5 @@ allow mobile_log_d mobile_log_d:tcp_socket { bind setopt listen accept read writ allow mobile_log_d node:tcp_socket node_bind; # purpose: allow mobile_log_d to read system property init.svc.vendor. -get_prop(mobile_log_d, vendor_default_prop) +# GOOGLE: Commented out for b/169606103 +#get_prop(mobile_log_d, vendor_default_prop) diff --git a/non_plat/system_app.te b/non_plat/system_app.te index 3d61b11..a62e4d3 100644 --- a/non_plat/system_app.te +++ b/non_plat/system_app.te @@ -31,7 +31,8 @@ allow system_app aee_exp_data_file:dir r_dir_perms; # Date: 2019/06/14 # Operation : Migration # Purpose : system_app need vendor_default_prop -get_prop(system_app, vendor_default_prop) +# GOOGLE: Commented out for b/169606103 +#get_prop(system_app, vendor_default_prop) # Date: 2019/07/16 # Operation : Migration diff --git a/plat_private/emdlogger.te b/plat_private/emdlogger.te index 84b23d3..4e5f27f 100644 --- a/plat_private/emdlogger.te +++ b/plat_private/emdlogger.te @@ -68,7 +68,8 @@ allow emdlogger sysfs_dt_firmware_android:dir { read open search }; allow emdlogger tmpfs:dir write; allow emdlogger sysfs_dt_firmware_android:file { read open getattr }; allow emdlogger system_file:dir open; -get_prop(emdlogger, vendor_default_prop) +# GOOGLE: Commented out for b/169606103 +#get_prop(emdlogger, vendor_default_prop) set_prop(emdlogger, system_mtk_persist_mtklog_prop) set_prop(emdlogger, system_mtk_mdl_prop) set_prop(emdlogger, system_mtk_mdl_start_prop) diff --git a/plat_private/netdiag.te b/plat_private/netdiag.te index d5e7a00..e8fbb17 100644 --- a/plat_private/netdiag.te +++ b/plat_private/netdiag.te @@ -96,7 +96,8 @@ get_prop(netdiag, mmc_prop) ## Android P migration allow netdiag proc_qtaguid_stat:dir { read open search }; allow netdiag proc_qtaguid_stat:file { read getattr open }; -get_prop(netdiag, vendor_default_prop) +# GOOGLE: Commented out for b/169606103 +#get_prop(netdiag, vendor_default_prop) allow netdiag proc_net_tcp_udp:file getattr; allow netdiag netd:binder call; get_prop(netdiag, apexd_prop) diff --git a/plat_private/radio.te b/plat_private/radio.te index 707374b..8bcb736 100644 --- a/plat_private/radio.te +++ b/plat_private/radio.te @@ -10,7 +10,8 @@ set_prop(radio, system_mtk_sim_system_prop) # Date : 2018/07/03 # Purpose : Allow Mwi to get vendor default properties (ro.vendor.*) -get_prop(radio, vendor_default_prop) +# GOOGLE: Commented out for b/169606103 +#get_prop(radio, vendor_default_prop) # Operation : DEBUG # Purpose : Allow to use system_mtk_bgdata_disabled_prop diff --git a/plat_private/system_server.te b/plat_private/system_server.te index 94477fb..de131d7 100644 --- a/plat_private/system_server.te +++ b/plat_private/system_server.te @@ -32,7 +32,8 @@ get_prop(system_server, wifi_prop) # Date: 2019/06/14 # Operation : Migration -get_prop(system_server, vendor_default_prop) +# GOOGLE: Commented out for b/169606103 +#get_prop(system_server, vendor_default_prop) #Date:2019/10/09 #Operation:Q Migration |