[ALPS04967419] SEPolicy: Add neverallow rule for sysfs

[Detail] Do not allow access to the generic sysfs label. This is too broad. Instead, if access to part of sysfs is desired, it should have a more specific label. TODO: Remove hal_usb/mtk_hal_usb and so on once there are no violations. EX. allow hal_usb sysfs:file write; hal_server_domain(mtk_hal_usb, hal_usb) r_dir_file(hal_wifi, sysfs_type) hal_server_domain(mtk_hal_wifi, hal_wifi) [Solution] 1.Add neverallow rule for sysfs. 2.Remove the conflicting SEPolicies. MTK-Commit-Id: 86296cf74da59aa881bb2ae8ad868195b67079d5 Change-Id: I304a1a87b23623e320ff7346da9d10a09264152b CR-Id: ALPS04967419 Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
author: Shanshan Guo <Shanshan.Guo@mediatek.com> 2020-01-18 10:22:32 +0800
committer: Shanshan Guo <Shanshan.Guo@mediatek.com> 2020-01-18 10:22:32 +0800
commit: 543f2e74b831950f8648c9245164b81c033a82fe (patch)
tree: 74f3d7b383742c40b0869b9702ceabd94f227258 /r_non_plat/factory.te
parent: 8b19a5a6d5f2c1866440691a2f2e422628e32b35 (diff)
download: wembley-sepolicy-543f2e74b831950f8648c9245164b81c033a82fe.tar.gz
1 files changed, 0 insertions, 1 deletions
diff --git a/r_non_plat/factory.te b/r_non_plat/factory.te
index b1593fb..2292369 100644
--- a/r_non_plat/factory.te
+++ b/r_non_plat/factory.te
@@ -338,7 +338,6 @@ allow factory proc_asound:file { read open getattr write };
 allow factory audiohal_prop:property_service set;
 
 # For Accdet data permission
-allow factory sysfs:file { read open };
 allow factory sysfs_headset:file { read open };
 
 # For touch auto test
author	Shanshan Guo <Shanshan.Guo@mediatek.com>	2020-01-18 10:22:32 +0800
committer	Shanshan Guo <Shanshan.Guo@mediatek.com>	2020-01-18 10:22:32 +0800
commit	543f2e74b831950f8648c9245164b81c033a82fe (patch)
tree	74f3d7b383742c40b0869b9702ceabd94f227258 /r_non_plat/factory.te
parent	8b19a5a6d5f2c1866440691a2f2e422628e32b35 (diff)
download	wembley-sepolicy-543f2e74b831950f8648c9245164b81c033a82fe.tar.gz