Merge "Remove sepolicy for /dev/alarm."

5aacdbc9 · Treehugger Robot · Gerrit Code Review · 4887b86a · 02c4c3fa · 5aacdbc9
Commit 5aacdbc9 authored 6 years ago by Treehugger Robot Committed by Gerrit Code Review 6 years ago
--- a/private/compat/28.0/28.0.cil
+++ b/private/compat/28.0/28.0.cil
 ;; types removed from current policy
+(type alarm_device)
 (type audio_seq_device)
 (type audio_timer_device)
 (type commontime_management_service)

--- a/private/file_contexts
+++ b/private/file_contexts
@@ -71,7 +71,6 @@
 /dev/adf[0-9]*		u:object_r:graphics_device:s0
 /dev/adf-interface[0-9]*\.[0-9]*	u:object_r:graphics_device:s0
 /dev/adf-overlay-engine[0-9]*\.[0-9]*	u:object_r:graphics_device:s0
-/dev/alarm		u:object_r:alarm_device:s0
 /dev/ashmem		u:object_r:ashmem_device:s0
 /dev/audio.*		u:object_r:audio_device:s0
 /dev/binder		u:object_r:binder_device:s0

--- a/private/system_server.te
+++ b/private/system_server.te
@@ -325,7 +325,6 @@ allow system_server sysfs_usb:file w_file_perms;
 # Access devices.
 allow system_server device:dir r_dir_perms;
 allow system_server mdns_socket:sock_file rw_file_perms;
-allow system_server alarm_device:chr_file rw_file_perms;
 allow system_server gpu_device:chr_file rw_file_perms;
 allow system_server input_device:dir r_dir_perms;
 allow system_server input_device:chr_file rw_file_perms;

--- a/public/device.te
+++ b/public/device.te
 # Device types
 type device, dev_type, fs_type;
-type alarm_device, dev_type, mlstrustedobject;
 type ashmem_device, dev_type, mlstrustedobject;
 type audio_device, dev_type;
 type binder_device, dev_type, mlstrustedobject;

--- a/public/domain.te
+++ b/public/domain.te
@@ -75,7 +75,6 @@ allow {
 not_full_treble(`allow { domain -hwservicemanager -vndservicemanager } binder_device:chr_file rw_file_perms;')
 allow { domain -servicemanager -vndservicemanager -isolated_app } hwbinder_device:chr_file rw_file_perms;
 allow domain ptmx_device:chr_file rw_file_perms;
-allow domain alarm_device:chr_file r_file_perms;
 allow domain random_device:chr_file rw_file_perms;
 allow domain proc_random:dir r_dir_perms;
 allow domain proc_random:file r_file_perms;

--- a/public/hal_telephony.te
+++ b/public/hal_telephony.te
@@ -9,7 +9,6 @@ allowxperm hal_telephony_server self:udp_socket ioctl priv_sock_ioctls;
 allow hal_telephony_server self:netlink_route_socket nlmsg_write;
 allow hal_telephony_server kernel:system module_request;
 allow hal_telephony_server self:global_capability_class_set { setpcap setgid setuid net_admin net_raw };
-allow hal_telephony_server alarm_device:chr_file rw_file_perms;
 allow hal_telephony_server cgroup:dir create_dir_perms;
 allow hal_telephony_server cgroup:{ file lnk_file } r_file_perms;
 allow hal_telephony_server radio_device:chr_file rw_file_perms;

--- a/public/init.te
+++ b/public/init.te
@@ -257,7 +257,6 @@ allow init {
 allow init { fs_type -contextmount_type -sdcard_type -rootfs }:dir  { open read setattr search };
 allow init {
-  alarm_device
  ashmem_device
  binder_device
  console_device

--- a/public/radio.te
+++ b/public/radio.te
@@ -12,7 +12,6 @@ not_full_treble(`unix_socket_connect(radio, rild, hal_telephony_server)')
 allow radio radio_data_file:dir create_dir_perms;
 allow radio radio_data_file:notdevfile_class_set create_file_perms;
-allow radio alarm_device:chr_file rw_file_perms;
 allow radio net_data_file:dir search;
 allow radio net_data_file:file r_file_perms;