Remove old selinux policies and fix compilation errors
This commit is contained in:
Kamil Trzcinski
parent
d6304e2a8d
commit
641c201f12
44 changed files with 7 additions and 337 deletions
|
|
@ -32,11 +32,6 @@ PRODUCT_PACKAGES += \
|
|||
wpa_supplicant \
|
||||
wpa_supplicant.conf
|
||||
|
||||
#wifi/bt mac
|
||||
PRODUCT_PACKAGES += \
|
||||
setmacaddr \
|
||||
setbtmacaddr
|
||||
|
||||
# xml
|
||||
PRODUCT_COPY_FILES += \
|
||||
frameworks/native/data/etc/android.hardware.wifi.xml:system/etc/permissions/android.hardware.wifi.xml \
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ TARGET_NO_KERNEL := false
|
|||
# ENABLE_CPUSETS := true
|
||||
# ENABLE_SCHED_BOOST := true
|
||||
|
||||
POLICYVERS := 28
|
||||
#POLICYVERS := 28
|
||||
|
||||
INSTALLED_KERNEL_TARGET := kernel
|
||||
BOARD_KERNEL_CMDLINE :=
|
||||
|
|
|
|||
|
|
@ -162,7 +162,8 @@ LOCAL_SHARED_LIBRARIES:= \
|
|||
libutils \
|
||||
libcutils \
|
||||
libcamera_client \
|
||||
libui
|
||||
libui \
|
||||
liblog
|
||||
|
||||
LOCAL_SHARED_LIBRARIES += \
|
||||
libhdr \
|
||||
|
|
|
|||
|
|
@ -89,7 +89,7 @@ CCameraConfig::CCameraConfig(int id)
|
|||
,mFastPictureMode(false)
|
||||
{
|
||||
mhKeyFile = ::fopen(CAMERA_KEY_CONFIG_PATH, "rb");
|
||||
if (mhKeyFile <= 0)
|
||||
if (mhKeyFile == NULL)
|
||||
{
|
||||
LOGV("open file %s failed", CAMERA_KEY_CONFIG_PATH);
|
||||
return;
|
||||
|
|
|
|||
|
|
@ -1730,7 +1730,7 @@ status_t CameraHardware::cancelAutoFocus()
|
|||
int CameraHardware::parse_focus_areas(const char *str, bool is_face)
|
||||
{
|
||||
int ret = -1;
|
||||
char *ptr,*tmp;
|
||||
const char *ptr,*tmp;
|
||||
char p1[6] = {0}, p2[6] = {0};
|
||||
char p3[6] = {0}, p4[6] = {0}, p5[6] = {0};
|
||||
int l,t,r,b;
|
||||
|
|
|
|||
0
tulip-common/sepolicy/.gitkeep
Normal file
0
tulip-common/sepolicy/.gitkeep
Normal file
|
|
@ -1 +0,0 @@
|
|||
allow adbd self:process setcurrent;
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
# Write to /sys/class/rfkill/rfkill0/state
|
||||
# TODO: label it sysfs_bluetooth_writable instead
|
||||
allow bluetooth sysfs:file rw_file_perms;
|
||||
|
|
@ -1 +0,0 @@
|
|||
allow debuggerd tee_device:chr_file rw_file_perms;
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
type cedar_device, dev_type;
|
||||
type disp_device, dev_type;
|
||||
type log_block_device, dev_type;
|
||||
#type misc_block_device, dev_type;
|
||||
type private_block_device, dev_type;
|
||||
|
|
@ -1 +0,0 @@
|
|||
allow dhcp kernel:system module_request;
|
||||
|
|
@ -1 +0,0 @@
|
|||
dontaudit domain kernel:system module_request;
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
type engsetbtmacaddr, domain;
|
||||
type engsetbtmacaddr_exec, exec_type, file_type;
|
||||
|
||||
init_daemon_domain(engsetbtmacaddr)
|
||||
allow engsetbtmacaddr vfat:dir create_dir_perms;
|
||||
allow engsetbtmacaddr vfat:file create_file_perms;
|
||||
#allow engsetbtmacaddr system_data_file:file create_file_perms;
|
||||
allow engsetbtmacaddr system_data_file:dir create_dir_perms;
|
||||
allow engsetbtmacaddr bluetooth_data_file:file create_file_perms;
|
||||
allow engsetbtmacaddr bluetooth_data_file:dir create_dir_perms;
|
||||
allow engsetbtmacaddr sysfs:file rw_file_perms;
|
||||
allow engsetbtmacaddr shell_exec:file rx_file_perms;
|
||||
|
||||
allow engsetbtmacaddr self:capability { dac_override sys_admin chown fowner fsetid };
|
||||
|
||||
allow engsetbtmacaddr system_file:file x_file_perms;
|
||||
allow engsetbtmacaddr tmpfs:dir create_dir_perms;
|
||||
allow engsetbtmacaddr engsetbtmacaddr_tmpfs:file { write create open };
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
type engsetmacaddr, domain;
|
||||
type engsetmacaddr_exec, exec_type, file_type;
|
||||
|
||||
init_daemon_domain(engsetmacaddr)
|
||||
allow engsetmacaddr vfat:dir create_dir_perms;
|
||||
allow engsetmacaddr vfat:file create_file_perms;
|
||||
#allow engsetmacaddr system_data_file:file create_file_perms;
|
||||
allow engsetmacaddr system_data_file:dir create_dir_perms;
|
||||
allow engsetmacaddr sysfs:file rw_file_perms;
|
||||
allow engsetmacaddr shell_exec:file rx_file_perms;
|
||||
|
||||
allow engsetmacaddr self:capability { dac_override sys_admin chown fowner fsetid };
|
||||
|
||||
allow engsetmacaddr system_file:file x_file_perms;
|
||||
allow engsetmacaddr tmpfs:dir create_dir_perms;
|
||||
allow engsetmacaddr engsetmacaddr_tmpfs:file {write create open};
|
||||
allow engsetmacaddr wifi_data_file:file create_file_perms;
|
||||
allow engsetmacaddr wifi_data_file:dir create_dir_perms;
|
||||
|
|
@ -1 +0,0 @@
|
|||
type logger_file, file_type;
|
||||
|
|
@ -1,62 +0,0 @@
|
|||
# label graphics device with a new type, we need
|
||||
# to allow write operation from appdomain
|
||||
|
||||
# gpu device labeling
|
||||
/dev/mali u:object_r:gpu_device:s0
|
||||
|
||||
# disp device labeling
|
||||
/dev/disp u:object_r:disp_device:s0
|
||||
/dev/transform u:object_r:disp_device:s0
|
||||
|
||||
# Bluetooth
|
||||
/dev/ttyS1 u:object_r:hci_attach_dev:s0
|
||||
|
||||
# Block labeling
|
||||
/dev/block/mmcblk0 u:object_r:root_block_device:s0
|
||||
/dev/block/by-name/boot u:object_r:boot_block_device:s0
|
||||
/dev/block/by-name/system u:object_r:system_block_device:s0
|
||||
/dev/block/by-name/recovery u:object_r:recovery_block_device:s0
|
||||
#/dev/block/by-name/userdata u:object_r:userdata_block_device:s0
|
||||
/dev/block/by-name/UDISK u:object_r:userdata_block_device:s0
|
||||
/dev/block/by-name/metadata u:object_r:metadata_block_device:s0
|
||||
/dev/block/by-name/cache u:object_r:cache_block_device:s0
|
||||
#/dev/block/by-name/misc u:object_r:misc_block_device:s0
|
||||
/dev/block/by-name/alog u:object_r:log_block_device:s0
|
||||
/dev/block/by-name/private u:object_r:private_block_device:s0
|
||||
|
||||
# factory reset protection partition
|
||||
/dev/block/by-name/frp u:object_r:frp_block_device:s0
|
||||
# zram
|
||||
/dev/block/zram0 u:object_r:swap_block_device:s0
|
||||
|
||||
# Bluetooth
|
||||
/sys/class/rfkill/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0
|
||||
|
||||
# cedar_dev
|
||||
/dev/cedar_dev u:object_r:cedar_device:s0
|
||||
# preinstall
|
||||
/system/bin/bootclone.sh u:object_r:preinstall_exec:s0
|
||||
/system/bin/precopy.sh u:object_r:preinstall_exec:s0
|
||||
|
||||
# /logger
|
||||
/logger(/.*)? u:object_r:logger_file:s0
|
||||
# allwinner auto log
|
||||
/system/bin/logger.sh u:object_r:logger_exec:s0
|
||||
/system/bin/log_service u:object_r:logger_exec:s0
|
||||
|
||||
# wifi/bt mac
|
||||
/system/bin/setmacaddr u:object_r:engsetmacaddr_exec:s0
|
||||
/system/bin/setbtmacaddr u:object_r:engsetbtmacaddr_exec:s0
|
||||
|
||||
#rild
|
||||
/dev/ttyUSB[0-4] u:object_r:radio_device:s0
|
||||
/dev/ttyACM[0-4] u:object_r:radio_device:s0
|
||||
|
||||
# sayeye
|
||||
/system/bin/sayeye u:object_r:sayeye_exec:s0
|
||||
|
||||
# opteearmtz00
|
||||
/dev/opteearmtz00 u:object_r:tee_device:s0
|
||||
|
||||
# opteearmtz00
|
||||
/system/bin/tee_supplicant u:object_r:optee_exec:s0
|
||||
|
|
@ -1 +0,0 @@
|
|||
#allow fsck log_block_device:blk_file rw_file_perms;
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
genfscon proc /bluetooth/sleep/lpm u:object_r:proc_bluetooth_writable:s0
|
||||
genfscon proc /bluetooth/sleep/btwrite u:object_r:proc_bluetooth_writable:s0
|
||||
#genfscon fuseblk / u:object_r:sdcard_external:s0
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
#allow init shell_data_file:dir { write add_name };
|
||||
#allow init shell_data_file:file create_file_perms;
|
||||
allow init self:capability sys_module;
|
||||
allow init tmpfs:lnk_file create_file_perms;
|
||||
allow init userdata_block_device:blk_file rw_file_perms;
|
||||
#allow init cache_block_device:blk_file rw_file_perms;
|
||||
#allow init log_block_device:blk_file rw_file_perms;
|
||||
#allow init misc_block_device:blk_file rw_file_perms;
|
||||
allow init vfat:dir { search mounton write add_name setattr};
|
||||
allow init socket_device:sock_file { create setattr unlink};
|
||||
allow init proc_bluetooth_writable:file write;
|
||||
|
|
@ -1 +0,0 @@
|
|||
allow isolated_app app_data_file:dir search;
|
||||
|
|
@ -1,14 +0,0 @@
|
|||
allow kernel self:capability { mknod fowner dac_override dac_read_search };
|
||||
allow kernel device:blk_file create_file_perms;
|
||||
allow kernel device:chr_file {create setattr getattr unlink};
|
||||
allow kernel device:dir create_dir_perms;
|
||||
allow kernel fuse:dir { search write add_name };
|
||||
allow kernel fuse:file { create write open };
|
||||
allow kernel cache_file:dir { search write add_name };
|
||||
allow kernel cache_file:file { create write open };
|
||||
allow kernel block_device:dir { search };
|
||||
allow kernel root_block_device:blk_file { read write open };
|
||||
allow kernel untrusted_app_tmpfs:file { write };
|
||||
allow kernel wifi_data_file:dir { read search open };
|
||||
allow kernel wifi_data_file:file { read open };
|
||||
allow kernel kernel:netlink_route_socket create;
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
allow keystore kernel:system { module_request };
|
||||
|
||||
|
|
@ -1,32 +0,0 @@
|
|||
type logger, domain;
|
||||
type logger_exec, exec_type, file_type;
|
||||
init_daemon_domain(logger)
|
||||
|
||||
allow logger logger:capability { dac_override dac_read_search sys_admin sys_resource kill chown };
|
||||
allow logger logger:capability2 { syslog };
|
||||
allow logger kernel:system { syslog_mod };
|
||||
allow logger kernel:process { sigkill signull };
|
||||
allow logger system_data_file:dir { read open getattr };
|
||||
allow logger system_data_file:file { read open getattr };
|
||||
allow logger system_app_data_file:dir { search };
|
||||
allow logger system_app_data_file:file { read write open getattr };
|
||||
allow logger app_data_file:dir { search write add_name getattr };
|
||||
allow logger app_data_file:file { create open getattr setattr read write };
|
||||
allow logger rootfs:file { execute execute_no_trans };
|
||||
allow logger system_app:dir { getattr search };
|
||||
allow logger system_app:file { open read };
|
||||
allow logger logdr_socket:sock_file { write };
|
||||
allow logger logd:unix_stream_socket { connectto };
|
||||
allow logger property_socket:sock_file { write };
|
||||
allow logger shell_exec:file { read execute open execute_no_trans };
|
||||
allow logger logger_file:dir { getattr search read write open add_name remove_name };
|
||||
allow logger logger_file:file { read write create open append getattr unlink };
|
||||
allow logger sysfs:file { write };
|
||||
allow logger init:unix_stream_socket connectto;
|
||||
allow logger system_file:file { execute_no_trans };
|
||||
allow logger fuse:dir { search write add_name };
|
||||
allow logger fuse:file { create write open };
|
||||
|
||||
#allow logger default_prop:property_service set;
|
||||
allow logger ctl_default_prop:property_service set;
|
||||
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
allow mediaserver cedar_device:chr_file rw_file_perms;
|
||||
allow mediaserver platform_app:dir search;
|
||||
allow mediaserver platform_app:file {read open};
|
||||
allow mediaserver untrusted_app:dir search;
|
||||
allow mediaserver untrusted_app:file {read open};
|
||||
allow mediaserver system_prop:property_service {set};
|
||||
#allow mediaserver system_file:file execmod;
|
||||
allow mediaserver system_app:dir search;
|
||||
|
|
@ -1 +0,0 @@
|
|||
allow netd kernel:system module_request;
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
type optee, domain;
|
||||
type optee_exec, exec_type, file_type;
|
||||
init_daemon_domain(optee)
|
||||
|
||||
allow shell optee_exec:file getattr;
|
||||
allow optee self:capability dac_override;
|
||||
allow optee tee_device:chr_file { read write open ioctl };
|
||||
allow optee system_data_file:dir { write add_name create };
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
#allow platform_app app_data_file:file execute;
|
||||
#allow platform_app app_data_file:file { execute_no_trans execmod };
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
type preinstall, domain;
|
||||
type preinstall_exec, exec_type, file_type;
|
||||
init_daemon_domain(preinstall)
|
||||
|
||||
allow preinstall shell_exec:file read;
|
||||
allow preinstall self:capability { dac_override fowner };
|
||||
allow preinstall vfat:dir { search mounton write add_name };
|
||||
allow preinstall vfat:file { create read write open getattr };
|
||||
|
||||
|
|
@ -1 +0,0 @@
|
|||
mediasw.stopscaner u:object_r:system_prop:s0
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
# Access OBBs (vfat images) mounted by vold (b/17633509)
|
||||
allow recovery vfat:dir create_dir_perms;
|
||||
allow recovery vfat:file create_file_perms;
|
||||
allow recovery rootfs:dir create_dir_perms;
|
||||
allow recovery media_rw_data_file:dir r_dir_perms;
|
||||
allow recovery media_rw_data_file:file r_file_perms;
|
||||
allow recovery self:capability sys_module;
|
||||
allow recovery block_device:dir { write add_name };
|
||||
allow recovery block_device:file { create write open };
|
||||
allow recovery proc_drop_caches:file { read getattr };
|
||||
|
|
@ -1,61 +0,0 @@
|
|||
#rild
|
||||
allow rild sysfs:file write;
|
||||
allow rild usb_device:dir r_dir_perms;
|
||||
allow rild usb_device:chr_file {open read write ioctl};
|
||||
allow rild ppp_exec:file {getattr execute read open execute_no_trans};
|
||||
allow rild ppp_device:chr_file rw_file_perms;
|
||||
allow rild kernel:dir {search getattr open read};
|
||||
allow rild kernel:file{open read};
|
||||
allow rild init:dir {search getattr};
|
||||
allow rild init:file {open read};
|
||||
allow rild ueventd:dir {search getattr};
|
||||
allow rild ueventd:file {open read};
|
||||
allow rild ueventd:lnk_file {open read};
|
||||
allow rild sdcardd:dir {read search getattr};
|
||||
allow rild logd:dir {read search getattr};
|
||||
allow rild lmkd:dir {search getattr};
|
||||
allow rild lmkd:file {open read};
|
||||
allow rild healthd:dir {search getattr};
|
||||
allow rild healthd:file {open read};
|
||||
allow rild servicemanager:dir {search getattr};
|
||||
allow rild servicemanager:file{open read};
|
||||
allow rild vold:dir {search getattr};
|
||||
allow rild vold:file {open read};
|
||||
allow rild shell:dir {search getattr};
|
||||
allow rild shell:file {open read};
|
||||
allow rild netd:dir {search getattr};
|
||||
allow rild netd:file{open read};
|
||||
allow rild radio:dir {search getattr};
|
||||
allow rild radio:file {open read};
|
||||
allow rild system_server:dir {search getattr};
|
||||
#allow rild su:dir {search getattr};
|
||||
#allow rild su:file {open read};
|
||||
allow rild system_app:dir {search getattr};
|
||||
allow rild system_app:file {read open};
|
||||
allow rild platform_app:dir {search getattr};
|
||||
allow rild platform_app:file {open read};
|
||||
allow rild untrusted_app:dir {search getattr};
|
||||
allow rild untrusted_app:file rw_file_perms;
|
||||
allow rild surfaceflinger:dir {search getattr};
|
||||
allow rild surfaceflinger:file {open read};
|
||||
allow rild logd:file {open read};
|
||||
allow rild sdcardd:file {open read};
|
||||
allow rild debuggerd:dir {search getattr};
|
||||
allow rild debuggerd:file {read open};
|
||||
allow rild drmserver:dir {search getattr};
|
||||
allow rild drmserver:file{open read};
|
||||
allow rild mediaserver:dir {search getattr};
|
||||
allow rild mediaserver:file {open read};
|
||||
allow rild installd:dir {search getattr};
|
||||
allow rild installd:file {open read};
|
||||
allow rild keystore:dir {search getattr};
|
||||
allow rild keystore:file {open read};
|
||||
allow rild zygote:dir {search getattr};
|
||||
allow rild zygote:file {open read};
|
||||
allow rild system_server:file {open read};
|
||||
allow rild self:capability { dac_override setgid setuid fowner chown sys_module};
|
||||
allow rild rootfs:file {getattr execute execute_no_trans};
|
||||
allow rild kernel:lnk_file read;
|
||||
allow rild system_prop:property_service set;
|
||||
allow bootanim sysfs:file write;
|
||||
allow netd netd:capability sys_module;
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
type sayeye, domain;
|
||||
type sayeye_exec, exec_type, file_type;
|
||||
init_daemon_domain(sayeye)
|
||||
|
||||
allow sayeye sysfs:file write;
|
||||
allow sayeye sysfs_devices_system_cpu:file write;
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
type sensors, domain;
|
||||
type sensors_exec, exec_type, file_type;
|
||||
init_daemon_domain(sensors)
|
||||
|
||||
|
|
@ -1 +0,0 @@
|
|||
type DynamicPManager_service, system_api_service, system_server_service, service_manager_type;
|
||||
|
|
@ -1 +0,0 @@
|
|||
DynamicPManager u:object_r:DynamicPManager_service:s0
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
allow surfaceflinger disp_device:chr_file rw_file_perms;
|
||||
allow surfaceflinger sysfs:file write;
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
allow system_app cache_file:dir { write add_name remove_name };
|
||||
allow system_app cache_file:file { create write open unlink setattr };
|
||||
#allow system_app system_app_data_file:file { execute execute_no_trans };
|
||||
allow system_app ctl_default_prop:property_service set;
|
||||
allow system_app block_device:dir search;
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
allow system_server disp_device:chr_file rw_file_perms;
|
||||
allow system_server fuse:dir search;
|
||||
allow system_server init:unix_dgram_socket sendto;
|
||||
allow system_server tmpfs:file r_file_perms;
|
||||
allow system_server socket_device:sock_file write;
|
||||
allow system_server sayeye:unix_stream_socket connectto;
|
||||
allow system_server self:capability sys_module;
|
||||
allow system_server storage_stub_file:dir getattr;
|
||||
|
|
@ -1 +0,0 @@
|
|||
allow toolbox private_block_device:blk_file rw_file_perms;
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
allow untrusted_app zygote:unix_dgram_socket getattr;
|
||||
allow untrusted_app debugfs:file getattr;
|
||||
allow untrusted_app storage_stub_file:dir getattr;
|
||||
#allow untrusted_app shell_data_file:dir { write add_name remove_name };
|
||||
allow untrusted_app system_app_data_file:dir { search getattr };
|
||||
allow untrusted_app storage_file:file { read open };
|
||||
allow untrusted_app self:udp_socket ioctl;
|
||||
allow untrusted_app logger_file:dir getattr;
|
||||
allow untrusted_app init:dir { getattr search };
|
||||
allow untrusted_app kernel:dir { getattr search };
|
||||
#allow untrusted_app healthd_service:service_manager find;
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
allow vold log_device:dir write;
|
||||
allow vold logger_file:dir rw_dir_perms;
|
||||
allow vold kernel:system module_request;
|
||||
allow vold self:capability { setgid setuid };
|
||||
allow vold fuse_device:chr_file { getattr read write open };
|
||||
allow vold swap_block_device:blk_file getattr;
|
||||
allow vold storage_stub_file:dir { read open };
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
# wpa_supplicant
|
||||
allow wpa devpts:chr_file rw_file_perms;
|
||||
allow wpa init:unix_dgram_socket rw_socket_perms;
|
||||
|
|
@ -1 +0,0 @@
|
|||
allow zygote zygote:process execmem;
|
||||
|
|
@ -8,7 +8,6 @@ PRODUCT_PACKAGES += \
|
|||
|
||||
PRODUCT_PACKAGES += \
|
||||
libion \
|
||||
setmacaddr \
|
||||
sunxi-nand-part
|
||||
|
||||
# add for bluetooth addr
|
||||
|
|
|
|||
Loading…
Reference in a new issue