From d1522f416699121de48fc14e73f44331cfef5802 Mon Sep 17 00:00:00 2001
From: chien-wei hsu <chien-wei.hsu@mediatek.com>
Date: Sat, 18 Jan 2020 09:58:29 +0800
Subject: [PATCH] [ALPS03902666] Sepolicy: remove violate properties setting

[Detail]
1.Property new change
neverallow coredomain from writing vendor properties
(allow audioserver_28_0 audiohal_prop (property_service (set)))
(allow audioserver_28_0 mtk_thermal_config_prop (property_service (set)))

audio_hal property which prefix is af. use to audiodump.
it will replace by the audio_prop which property prefix is vendor.af

before, mtk_thermal_config_prop use to set powerhal.
And we use it by HIDL now, so this permission can remove.

[Solution]
remove violate properties setting.

MTK-Commit-Id: 2942812bb4a57655898d407f84162fbdae9c3fc9

Change-Id: I1a01ddd8b83fa7eb0c499f67400660b738e9b986
CR-Id: ALPS03902666
Feature: [Module]Native AudioFlinger
---
 non_plat/audioserver.te    | 12 ------------
 non_plat/property_contexts |  2 --
 2 files changed, 14 deletions(-)

diff --git a/non_plat/audioserver.te b/non_plat/audioserver.te
index 012a84d..f639c2a 100644
--- a/non_plat/audioserver.te
+++ b/non_plat/audioserver.te
@@ -2,12 +2,6 @@
 # MTK Policy Rule for vendor
 # ==============================================
 
-# Data : WK14.39
-# Operation : Migration
-# Purpose : dump for debug
-typeattribute audioserver system_writes_vendor_properties_violators;
-allow audioserver audiohal_prop:property_service set;
-
 # Date: WK14.44
 # Operation : Migration
 # Purpose : EVDO
@@ -58,9 +52,3 @@ allow audioserver proc_ged:file {open read write ioctl getattr};
 # Date : WK16.48
 # Purpose: Allow to trigger AEE dump
 allow audioserver aee_aed:unix_stream_socket connectto;
-
-# Date : WK17.28
-# Operation : MT6757 SQC
-# Purpose : Change thermal config
-allow audioserver mtk_thermal_config_prop:file { getattr open read };
-allow audioserver mtk_thermal_config_prop:property_service set;
diff --git a/non_plat/property_contexts b/non_plat/property_contexts
index 5c2396b..0269fd9 100644
--- a/non_plat/property_contexts
+++ b/non_plat/property_contexts
@@ -99,10 +99,8 @@ vendor.debug.gps. u:object_r:mnld_prop:s0
 
 #=============allow audiohal==============
 streamout.     u:object_r:audiohal_prop:s0
-af.     u:object_r:audiohal_prop:s0
 streamin.     u:object_r:audiohal_prop:s0
 a2dp.     u:object_r:audiohal_prop:s0
-persist.af.     u:object_r:audiohal_prop:s0
 
 #=============allow wmt ==============
 persist.vendor.connsys. u:object_r:wmt_prop:s0