From 4aa82d78c9bdcf47e197cf674e2a24200f570ee1 Mon Sep 17 00:00:00 2001 From: Denis Hsu Date: Sat, 18 Jan 2020 10:19:49 +0800 Subject: [PATCH] [ALPS04761184] Remove high risk policy for nvram Remove high risk policy for nvram. MTK-Commit-Id: 6b89d790d606c06b3c48ef2711ad4e1f3b3132de Change-Id: Iae4a7b021816f771d77b3f58f150de03863dfb9f CR-Id: ALPS04761184 Feature: NVRAM Partition --- non_plat/nvram_agent_binder.te | 5 ----- non_plat/nvram_daemon.te | 2 -- 2 files changed, 7 deletions(-) diff --git a/non_plat/nvram_agent_binder.te b/non_plat/nvram_agent_binder.te index c72ecc9..4d798b6 100644 --- a/non_plat/nvram_agent_binder.te +++ b/non_plat/nvram_agent_binder.te @@ -21,7 +21,6 @@ allow nvram_agent_binder nvram_agent_service:service_manager add; # Operation : 2rd Selinux Migration # Purpose : the role of nvram_agent_binder is same with nvram_daemon except property_set & exect permission allow nvram_agent_binder nvram_device:blk_file rw_file_perms; -allow nvram_agent_binder bootdevice_block_device:blk_file rw_file_perms; allow nvram_agent_binder nvdata_device:blk_file rw_file_perms; allow nvram_agent_binder nvram_data_file:dir create_dir_perms; allow nvram_agent_binder nvram_data_file:file create_file_perms; @@ -34,9 +33,6 @@ allow nvram_agent_binder als_ps_device:chr_file r_file_perms; allow nvram_agent_binder mtk-adc-cali_device:chr_file rw_file_perms; allow nvram_agent_binder gsensor_device:chr_file r_file_perms; allow nvram_agent_binder gyroscope_device:chr_file r_file_perms; -allow nvram_agent_binder init:unix_stream_socket connectto; -allow nvram_agent_binder property_socket:sock_file write; -allow nvram_agent_binder sysfs:file write; allow nvram_agent_binder self:capability { fowner chown fsetid }; # Purpose: for backup @@ -44,7 +40,6 @@ allow nvram_agent_binder nvram_device:chr_file rw_file_perms; allow nvram_agent_binder pro_info_device:chr_file rw_file_perms; allow nvram_agent_binder block_device:dir search; -allow nvram_agent_binder app_data_file:file write; # for MLC device allow nvram_agent_binder mtd_device:dir search; allow nvram_agent_binder mtd_device:chr_file rw_file_perms; diff --git a/non_plat/nvram_daemon.te b/non_plat/nvram_daemon.te index 731d6ce..7ed8bfa 100644 --- a/non_plat/nvram_daemon.te +++ b/non_plat/nvram_daemon.te @@ -21,7 +21,6 @@ init_daemon_domain(nvram_daemon) # Operation : Migration # Purpose : the device is used to store Nvram backup data that can not be lost. allow nvram_daemon nvram_device:blk_file rw_file_perms; -allow nvram_daemon bootdevice_block_device:blk_file rw_file_perms; allow nvram_daemon nvdata_device:blk_file rw_file_perms; # Date : WK14.35 @@ -41,7 +40,6 @@ allow nvram_daemon gyroscope_device:chr_file r_file_perms; allow nvram_daemon init:unix_stream_socket connectto; # Purpose: for property set -allow nvram_daemon sysfs:file w_file_perms; allow nvram_daemon self:capability { fowner chown fsetid }; # Purpose: for backup