Commits

Anonymous committed bd3bafd Merge

Merge "Remove the unnecessary compatibility.te."

Comments (0)

Files changed (2)

         genfs_contexts \
         app.te \
         btmacreader.te \
-        compatibility.te \
         device.te \
         drmserver.te \
         init_shell.te \

sepolicy/compatibility.te

-# This file contains autogenerated policy based on
-# denials seen in the wild.
-#
-# As a general rule, you should not add policy to
-# this file. You SHOULD treat this policy very
-# skeptically- while it does preserve compatibility,
-# it is also extremely overbroad.
-#
-# Over time this list should trend to size 0. Your
-# assistance in bringing it to 0 is highly appreciated.
-
-#============= adbd ==============
-allow adbd app_data_file:dir { write add_name };
-allow adbd app_data_file:file { write create open setattr };
-allow adbd proc:file write;
-allow adbd system_data_file:file open;
-
-#============= drmserver ==============
-allow drmserver init:unix_stream_socket { read write };
-
-#============= init ==============
-allow init node:rawip_socket node_bind;
-
-#============= keystore ==============
-allow keystore init:unix_stream_socket { read write };
-
-#============= media_app ==============
-allow media_app system_data_file:file append;
-
-#============= mediaserver ==============
-allow mediaserver init:unix_stream_socket { read write };
-allow mediaserver system_data_file:file open;
-
-#============= nfc ==============
-allow nfc system_data_file:file append;
-
-#============= ping ==============
-allow ping adbd:process sigchld;
-
-#============= platform_app ==============
-allow platform_app init:unix_stream_socket { read write };
-#allow platform_app system_data_file:file append;
-allow platform_app unlabeled:file { read getattr open };
-
-#============= radio ==============
-allow radio init:unix_stream_socket { read write };
-allow radio system_data_file:file append;
-
-#============= release_app ==============
-allow release_app init:unix_stream_socket { read write };
-allow release_app system_data_file:file append;
-
-#============= shared_app ==============
-allow shared_app init:unix_stream_socket { read write };
-#allow shared_app system_data_file:file append;
-allow shared_app unlabeled:file { read getattr open };
-
-#============= shell ==============
-allow shell apk_private_data_file:dir getattr;
-allow shell asec_image_file:dir getattr;
-allow shell backup_data_file:dir getattr;
-allow shell device:sock_file write;
-allow shell drm_data_file:dir getattr;
-allow shell gps_data_file:dir getattr;
-allow shell rootfs:file getattr;
-allow shell sdcard_internal:dir { create rmdir };
-#allow shell self:capability { fowner fsetid dac_override };
-#allow shell self:capability2 syslog;
-#allow shell system_data_file:dir { write add_name };
-#allow shell system_data_file:file { write create setattr };
-allow shell vold:unix_stream_socket connectto;
-allow shell vold_socket:sock_file write;
-
-#============= surfaceflinger ==============
-allow surfaceflinger adbd:binder call;
-allow surfaceflinger init:unix_stream_socket { read write };
-allow surfaceflinger nfc:binder call;
-allow surfaceflinger sysfs:file write;
-
-#============= system_server ==============
-allow system_server adbd_socket:sock_file write;
-allow system_server init:unix_stream_socket { read write };
-allow system_server proc:file write;
-allow system_server security_file:lnk_file read;
-allow system_server unlabeled:file { read getattr open };
-
-#============= system_app ==============
-allow system_app unlabeled:file { read getattr open };
-
-#============= untrusted_app ==============
-allow untrusted_app init:dir { getattr search };
-allow untrusted_app init:file { read getattr open };
-allow untrusted_app init:unix_stream_socket { read write };
-allow untrusted_app kernel:dir { search getattr };
-allow untrusted_app kernel:file { read getattr open };
-allow untrusted_app servicemanager:dir { search getattr };
-allow untrusted_app servicemanager:file { read getattr open };
-allow untrusted_app shared_app:fifo_file write;
-#allow untrusted_app system_data_file:file append;
-allow untrusted_app unlabeled:dir getattr;
-allow untrusted_app unlabeled:file { read getattr open };
-
-#============= vold ==============
-allow vold unlabeled:dir { read getattr open };
-
-#============= wpa ==============
-allow wpa init:unix_dgram_socket sendto;
-allow wpa wifi_data_file:sock_file write;
-
-#============= zygote ==============
-allow zygote security_file:lnk_file read;