diff options
| author | Jorge Lucangeli Obes <jorgelo@google.com> | 2016-03-29 10:57:46 -0700 |
|---|---|---|
| committer | Jorge Lucangeli Obes <jorgelo@google.com> | 2016-03-29 10:57:46 -0700 |
| commit | 3bef72c310eeda4378169507995e07510abaa5a2 (patch) | |
| tree | fd5b27935808266bf8f5545da171b55223256d52 | |
| parent | b2cfc898e06c3a06625a25f6150cb40fd1e0a5cd (diff) | |
| download | qcom-3bef72c310eeda4378169507995e07510abaa5a2.tar.gz | |
Fix warnings in SELinux policy compilation.
SELinux build was showing:
m4: hardware/bsp/qcom/soc/msm8916/prebuilts/sepolicy/qseecomd.te:
54: deprecated: unix_socket_connect(tee, property, init)
Please use set_prop(tee, <property name>) instead.
m4: hardware/bsp/qcom/soc/msm8916/prebuilts/sepolicy/rmt.te:
28: deprecated: unix_socket_connect(rmt, property, init)
Please use set_prop(rmt, <property name>) instead.
Fix that by, unsurprisingly, using set_prop.
Also, add periods to sentences like the FSM intended.
Bug: 27900222
Change-Id: I73e277ec4c2039e043b4a754a379b463c35e5e25
| -rw-r--r-- | soc/msm8916/prebuilts/sepolicy/qseecomd.te | 44 | ||||
| -rw-r--r-- | soc/msm8916/prebuilts/sepolicy/rmt.te | 5 |
2 files changed, 21 insertions, 28 deletions
diff --git a/soc/msm8916/prebuilts/sepolicy/qseecomd.te b/soc/msm8916/prebuilts/sepolicy/qseecomd.te index ef10f51..3e483f1 100644 --- a/soc/msm8916/prebuilts/sepolicy/qseecomd.te +++ b/soc/msm8916/prebuilts/sepolicy/qseecomd.te @@ -1,4 +1,4 @@ -# Tee starts as root, and drops privileges +# Tee starts as root, and drops privileges. allow tee self:capability { setuid setgid @@ -8,19 +8,19 @@ allow tee self:capability { }; # Need to directly manipulate certain block devices -# for anti-rollback feature +# for anti-rollback feature. allow tee modem_efs_partition_device:blk_file rw_file_perms; allow tee block_device:dir r_dir_perms; allow tee rpmb_device:blk_file rw_file_perms; # Need to figure out how many scsi generic devices are preset -# before being able to identify which one is rpmb device +# before being able to identify which one is rpmb device. allow tee device:dir r_dir_perms; allow tee sg_device:chr_file { rw_file_perms setattr }; # Allow qseecom to qsee folder so that listeners can create -# respective directories +# respective directories. allow tee data_qsee_file:dir create_dir_perms; allow tee data_qsee_file:file create_file_perms; allow tee system_data_file:dir r_dir_perms; @@ -28,64 +28,58 @@ allow tee system_data_file:dir r_dir_perms; allow tee persist_file:dir r_dir_perms; r_dir_file(tee, persist_data_file) -# Write to drm related pieces of persist partition +# Write to drm related pieces of persist partition. allow tee persist_drm_file:dir create_dir_perms; allow tee persist_drm_file:file create_file_perms; -# Provide tee access to ssd partition for HW FDE +# Provide tee access to ssd partition for HW FDE. allow tee ssd_device:blk_file rw_file_perms; -# Allow tee to operate tee device +# Allow tee to operate tee device. allow tee tee_device:chr_file rw_file_perms; -# Allow tee to load firmware images +# Allow tee to load firmware images. r_dir_file(tee, firmware_file) -# Allow qseecom access to time domain +# Allow qseecom access to time domain. allow tee time_daemon:unix_stream_socket connectto; -# Allow tee access for secure UI to work +# Allow tee access for secure UI to work. allow tee graphics_device:dir r_dir_perms; allow tee graphics_device:chr_file r_file_perms; binder_use(tee) -allow tee system_app:unix_dgram_socket sendto; -unix_socket_connect(tee, property, init) - -# Allow qseecom access to set system property -allow tee system_prop:property_service set; +# Allow qseecom access to set system property. +set_prop(tee, system_prop) userdebug_or_eng(` allow tee su:unix_dgram_socket sendto; ') -# Allow qseecom access to set system property -allow tee system_prop:property_service set; - -# Allow access to qfp-daemon +# Allow access to qfp-daemon. allow tee qfp-daemon_data_file:dir create_dir_perms; allow tee qfp-daemon_data_file:file create_file_perms; -# Provide access to block devices for MDTP +# Provide access to block devices for MDTP. allow tee mdtp_device:blk_file rw_file_perms; allow tee dip_device:blk_file rw_file_perms; allow tee system_block_device:blk_file r_file_perms; -# Provide access to QC Crypto driver for MDTP +# Provide access to QC Crypto driver for MDTP. allow tee qce_device:chr_file rw_file_perms; -# Provide access to /data/misc/qsee/mdtp for MDTP temp files +# Provide access to /data/misc/qsee/mdtp for MDTP temp files. allow tee data_qsee_file:dir create_dir_perms; allow tee data_qsee_file:{ file fifo_file } create_file_perms; -# Provide read access to all /system files for MDTP file-to-block-mapping +# Provide read access to all /system files for MDTP file-to-block-mapping. r_dir_file(tee, exec_type) r_dir_file(tee, system_file) -# Provide tee ability to access QMUXD/IPCRouter for QMI +# Provide tee ability to access QMUXD/IPCRouter for QMI. qmux_socket(tee) allow tee self:socket create_socket_perms; -# Provide tee ability to run executables in rootfs for MDTP +# Provide tee ability to run executables in rootfs for MDTP. allow tee rootfs:file x_file_perms; diff --git a/soc/msm8916/prebuilts/sepolicy/rmt.te b/soc/msm8916/prebuilts/sepolicy/rmt.te index 531a100..305c4b2 100644 --- a/soc/msm8916/prebuilts/sepolicy/rmt.te +++ b/soc/msm8916/prebuilts/sepolicy/rmt.te @@ -1,4 +1,4 @@ -# remote storage process +# Remote storage process. type rmt, domain; type rmt_exec, exec_type, file_type; @@ -25,8 +25,7 @@ allow rmt root_block_device:blk_file r_file_perms; allow rmt modem_block_device:blk_file rw_file_perms; allow rmt block_device:dir search; -unix_socket_connect(rmt, property, init) -allow rmt ctl_default_prop:property_service set; +set_prop(rmt, ctl_default_prop) allow rmt proc:dir search; allow rmt sysfs:dir r_dir_perms; |