diff --git a/non_plat/factory.te b/non_plat/factory.te index 6c45166..dd743d9 100644 --- a/non_plat/factory.te +++ b/non_plat/factory.te @@ -74,7 +74,6 @@ allow factory vendor_factory_idle_state_prop:property_service set; # Date: WK15.46 # Purpose: gps factory mode -####typeattribute factory data_between_core_and_vendor_violators; ###allow factory agpsd_data_file:dir search; allow factory apk_data_file:dir write; #allow factory gps_data_file:dir r_dir_perms; diff --git a/non_plat/fuelgauged.te b/non_plat/fuelgauged.te index 76f03d3..c03c59d 100644 --- a/non_plat/fuelgauged.te +++ b/non_plat/fuelgauged.te @@ -53,7 +53,6 @@ allow fuelgauged self:netlink_route_socket { bind create getattr write nlmsg_rea # Purpose : For fg daemon can access /data/FG folder #file_type_auto_trans(fuelgauged, system_data_file, fuelgauged_file); #allow fuelgauged fuelgauged_file:file rw_file_perms; -#typeattribute fuelgauged data_between_core_and_vendor_violators; #allow fuelgauged system_data_file:dir rw_dir_perms; # Data : WK16.21 diff --git a/non_plat/fuelgauged_nvram.te b/non_plat/fuelgauged_nvram.te index 42d1737..7ec62dc 100644 --- a/non_plat/fuelgauged_nvram.te +++ b/non_plat/fuelgauged_nvram.te @@ -27,7 +27,6 @@ init_daemon_domain(fuelgauged_nvram) # Purpose : For fg daemon can access /data/FG folder #file_type_auto_trans(fuelgauged_nvram, system_data_file, fuelgauged_nvram_file); #allow fuelgauged_nvram fuelgauged_nvram_file:file rw_file_perms; -#typeattribute fuelgauged_nvram data_between_core_and_vendor_violators; #allow fuelgauged_nvram system_data_file:dir rw_dir_perms; # Data : WK16.21 diff --git a/non_plat/nvram_agent_binder.te b/non_plat/nvram_agent_binder.te index bb42264..37a752d 100644 --- a/non_plat/nvram_agent_binder.te +++ b/non_plat/nvram_agent_binder.te @@ -40,7 +40,6 @@ allow nvram_agent_binder init:unix_stream_socket connectto; allow nvram_agent_binder property_socket:sock_file write; allow nvram_agent_binder sysfs:file write; #allow nvram_agent_binder self:capability { fowner chown dac_override fsetid }; -#typeattribute nvram_agent_binder data_between_core_and_vendor_violators; #remove from Android P #allow nvram_agent_binder system_data_file:dir create_file_perms; @@ -71,4 +70,4 @@ hal_server_domain(nvram_agent_binder, hal_nvramagent) # Date : WK18.16 # Operation: P migration # Purpose: Allow nvram_daemon to get tel_switch_prop -get_prop(nvram_daemon, tel_switch_prop) \ No newline at end of file +get_prop(nvram_daemon, tel_switch_prop) diff --git a/non_plat/nvram_daemon.te b/non_plat/nvram_daemon.te index b55e5ef..309177d 100644 --- a/non_plat/nvram_daemon.te +++ b/non_plat/nvram_daemon.te @@ -70,7 +70,6 @@ allow nvram_daemon proc_lk_env:file rw_file_perms; # Purpose: for workaround # Todo: Remove this policy -#typeattribute nvram_daemon data_between_core_and_vendor_violators; #remove from Android P #allow nvram_daemon system_data_file:dir write; @@ -105,4 +104,4 @@ allow nvram_daemon sysfs:file read; # Date : WK18.16 # Operation: P migration # Purpose: Allow nvram_daemon to get tel_switch_prop -get_prop(nvram_daemon, tel_switch_prop) \ No newline at end of file +get_prop(nvram_daemon, tel_switch_prop) diff --git a/plat_private/kisd.te b/plat_private/kisd.te index 59d6a00..46897b3 100644 --- a/plat_private/kisd.te +++ b/plat_private/kisd.te @@ -16,7 +16,6 @@ typeattribute kisd mlstrustedsubject; init_daemon_domain(kisd) allow kisd tee_device:chr_file {read write open ioctl}; -#typeattribute kisd data_between_core_and_vendor_violators; allow kisd provision_file:dir {read write open ioctl add_name search remove_name}; allow kisd provision_file:file {create read write open getattr unlink}; allow kisd system_file:file {execute_no_trans}; diff --git a/prebuilts/api/26.0/plat_private/kisd.te b/prebuilts/api/26.0/plat_private/kisd.te index 0b9efbb..46897b3 100755 --- a/prebuilts/api/26.0/plat_private/kisd.te +++ b/prebuilts/api/26.0/plat_private/kisd.te @@ -16,7 +16,6 @@ typeattribute kisd mlstrustedsubject; init_daemon_domain(kisd) allow kisd tee_device:chr_file {read write open ioctl}; -typeattribute kisd data_between_core_and_vendor_violators; allow kisd provision_file:dir {read write open ioctl add_name search remove_name}; allow kisd provision_file:file {create read write open getattr unlink}; allow kisd system_file:file {execute_no_trans};