NekoSakura/android_device_mediatek_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[ALPS04761184] Remove high risk policy for nvram

Browse Source 
Remove high risk policy for nvram.

MTK-Commit-Id: 6b89d790d606c06b3c48ef2711ad4e1f3b3132de

Change-Id: Iae4a7b021816f771d77b3f58f150de03863dfb9f
CR-Id: ALPS04761184
Feature: NVRAM Partition
This commit is contained in:
Denis Hsu 2020-01-18 10:19:49 +08:00
parent 979dff06fc
commit 4aa82d78c9
2 changed files with 0 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
non_plat/nvram_agent_binder.te
View File

@ -21,7 +21,6 @@ allow nvram_agent_binder nvram_agent_service:service_manager add;
# Operation : 2rd Selinux Migration
# Purpose : the role of nvram_agent_binder is same with nvram_daemon except property_set & exect permission
allow nvram_agent_binder nvram_device:blk_file rw_file_perms;
allow nvram_agent_binder bootdevice_block_device:blk_file rw_file_perms;
allow nvram_agent_binder nvdata_device:blk_file rw_file_perms;
allow nvram_agent_binder nvram_data_file:dir create_dir_perms;
allow nvram_agent_binder nvram_data_file:file create_file_perms;
@ -34,9 +33,6 @@ allow nvram_agent_binder als_ps_device:chr_file r_file_perms;
allow nvram_agent_binder mtk-adc-cali_device:chr_file rw_file_perms;
allow nvram_agent_binder gsensor_device:chr_file r_file_perms;
allow nvram_agent_binder gyroscope_device:chr_file r_file_perms;
allow nvram_agent_binder init:unix_stream_socket connectto;
allow nvram_agent_binder property_socket:sock_file write;
allow nvram_agent_binder sysfs:file write;
allow nvram_agent_binder self:capability { fowner chown fsetid };
# Purpose: for backup
@ -44,7 +40,6 @@ allow nvram_agent_binder nvram_device:chr_file rw_file_perms;
allow nvram_agent_binder pro_info_device:chr_file rw_file_perms;
allow nvram_agent_binder block_device:dir search;
allow nvram_agent_binder app_data_file:file write;
# for MLC device
allow nvram_agent_binder mtd_device:dir search;
allow nvram_agent_binder mtd_device:chr_file rw_file_perms;

2
non_plat/nvram_daemon.te
View File

@ -21,7 +21,6 @@ init_daemon_domain(nvram_daemon)
# Operation : Migration
# Purpose : the device is used to store Nvram backup data that can not be lost.
allow nvram_daemon nvram_device:blk_file rw_file_perms;
allow nvram_daemon bootdevice_block_device:blk_file rw_file_perms;
allow nvram_daemon nvdata_device:blk_file rw_file_perms;
# Date : WK14.35
@ -41,7 +40,6 @@ allow nvram_daemon gyroscope_device:chr_file r_file_perms;
allow nvram_daemon init:unix_stream_socket connectto;
# Purpose: for property set
allow nvram_daemon sysfs:file w_file_perms;
allow nvram_daemon self:capability { fowner chown fsetid };
# Purpose: for backup