From c279953dc766fe10e4a672cf4d1146a26b08173e Mon Sep 17 00:00:00 2001 From: LuK1337 Date: Wed, 26 Jan 2022 13:09:19 +0100 Subject: [PATCH] sm8150-common: sepolicy: Address neverallows Change-Id: I73b3d2d45a2e6988ca86a9d3bfa125fd69320b13 --- sepolicy/private/property_contexts | 3 +++ sepolicy/private/recovery.te | 1 + sepolicy/public/property.te | 3 ++- sepolicy/vendor/property_contexts | 6 ------ 4 files changed, 6 insertions(+), 7 deletions(-) create mode 100644 sepolicy/private/recovery.te diff --git a/sepolicy/private/property_contexts b/sepolicy/private/property_contexts index f4199e4f..58529948 100644 --- a/sepolicy/private/property_contexts +++ b/sepolicy/private/property_contexts @@ -1,2 +1,5 @@ +# Fastbootd +ro.fastbootd.available u:object_r:fastbootd_available_prop:s0 + # Sensors vendor.sensors.als_correction. u:object_r:vendor_sensors_als_prop:s0 diff --git a/sepolicy/private/recovery.te b/sepolicy/private/recovery.te new file mode 100644 index 00000000..20efe282 --- /dev/null +++ b/sepolicy/private/recovery.te @@ -0,0 +1 @@ +get_prop(recovery, fastbootd_available_prop) diff --git a/sepolicy/public/property.te b/sepolicy/public/property.te index 497c1ac6..defde22f 100644 --- a/sepolicy/public/property.te +++ b/sepolicy/public/property.te @@ -1 +1,2 @@ -type vendor_sensors_als_prop, property_type; +system_internal_prop(fastbootd_available_prop) +system_public_prop(vendor_sensors_als_prop) diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts index 4818353e..d7055e51 100644 --- a/sepolicy/vendor/property_contexts +++ b/sepolicy/vendor/property_contexts @@ -5,16 +5,11 @@ persist.vendor.audio.hac.enable u:object_r:vendor_audio_prop:s0 persist.vendor.bt.a2dp_offload_cap u:object_r:bluetooth_a2dp_offload_prop:s0 # Camera -camera.OPpictureId u:object_r:vendor_camera_prop:s0 -ro.camera. u:object_r:vendor_camera_prop:s0 vendor.camera. u:object_r:vendor_camera_prop:s0 # Display persist.vendor.color.matrix u:object_r:vendor_display_prop:s0 -# Fastbootd -ro.fastbootd.available u:object_r:exported_default_prop:s0 - # FTM mode ro.boot.ftm_mode u:object_r:exported_default_prop:s0 @@ -39,7 +34,6 @@ ro.boot.msz u:object_r:vendor_param_prop:s0 ro.boot.rf_version u:object_r:exported_default_prop:s0 # RIL -ro.ril.supportLTE u:object_r:radio_prop:s0 vendor.oem.bt.addr u:object_r:vendor_radio_prop:s0 vendor.oem.device.imeicache1 u:object_r:vendor_radio_prop:s0 vendor.oem.device.imeicache2 u:object_r:vendor_radio_prop:s0