Treat input files as public API.

Input files are public API: https://source.android.com/devices/input/input-device-configuration-files Now that they have labels from core policy (aosp/782082), we can tighten up our neverallows. Bug: 37168747 Test: m selinux_policy Change-Id: I7545b190f35b6b2c86c5dc42c0814f7bccbf1281

Treat input files as public API.
Input files are public API: https://source.android.com/devices/input/input-device-configuration-files Now that they have labels from core policy (aosp/782082), we can tighten up our neverallows. Bug: 37168747 Test: m selinux_policy Change-Id: I7545b190f35b6b2c86c5dc42c0814f7bccbf1281
7a560eb4 · Tri Vo · 81ade3dd · 7a560eb4
Commit 7a560eb4 authored 6 years ago by Tri Vo
--- a/public/domain.te
+++ b/public/domain.te
@@ -1156,7 +1156,6 @@ full_treble_only(`
    userdebug_or_eng(`-perfprofd')
    -shell
    -system_executes_vendor_violators
-    -system_server # reads vendor input files
    -ueventd # reads /vendor/ueventd.rc
  } {
    vendor_file_type
@@ -1164,6 +1163,9 @@ full_treble_only(`
    -vendor_app_file
    -vendor_configs_file
    -vendor_framework_file
+    -vendor_idc_file
+    -vendor_keychars_file
+    -vendor_keylayout_file
    -vendor_overlay_file
    -vendor_public_lib_file
    -vndk_sp_file