Commits

Anonymous committed f47cda3

Move sysfs_devices_system_cpu to the central policy.

Every device has a CPU. This is not device specific.

Get rid of redundant allow rules, which are already allowed
by the base policy.

Change-Id: I4766dc571762d8fae06aa8c26828c070b80f5936

Comments (0)

Files changed (6)

BoardConfigCommon.mk

         shell.te \
         surfaceflinger.te \
         system_app.te \
-        system_server.te \
-        zygote.te
+        system_server.te
-allow appdomain sysfs_devices_system_cpu:dir r_dir_perms;
 allow appdomain nvhost_writable_device:chr_file rw_file_perms;
 type sysfs_firmware_writable, fs_type, sysfs_type;
 
 allow sysfs_devices_tegradc sysfs:filesystem associate;
-allow sysfs_devices_system_cpu sysfs:filesystem associate;

sepolicy/file_contexts

 /system/bin/sensors-config     -- u:object_r:sensors_config_exec:s0
 
 /sys/bus/i2c/drivers/elan-ktf3k/1-0010/update_fw  --  u:object_r:sysfs_firmware_writable:s0
-/sys/devices/system/cpu(/.*)?                     u:object_r:sysfs_devices_system_cpu:s0
 /sys/devices/tegradc\.0(/.*)?                u:object_r:sysfs_devices_tegradc:s0
 /sys/devices/tegradc\.1(/.*)?                u:object_r:sysfs_devices_tegradc:s0
 /sys/devices/platform/bcm4330_rfkill/rfkill/rfkill0/state   --  u:object_r:sysfs_bluetooth_writable:s0

sepolicy/system_server.te

 allow system_server { knv_device nvhost_writable_device }:chr_file rw_file_perms;
 allow system_server sysfs_devices_system_cpu:file w_file_perms;
-allow system_server sysfs_devices_system_cpu:dir r_dir_perms;
 allow system_server elan_ip_device:chr_file rw_file_perms;
 allow system_server diag_device:chr_file rw_file_perms;

sepolicy/zygote.te

-allow zygote sysfs_devices_system_cpu:dir r_dir_perms;