From 7a560eb4d70100b725cb3ad47a1bba453699f593 Mon Sep 17 00:00:00 2001
From: Tri Vo <trong@google.com>
Date: Fri, 12 Oct 2018 18:13:41 -0700
Subject: [PATCH] Treat input files as public API.

Input files are public API:
https://source.android.com/devices/input/input-device-configuration-files
Now that they have labels from core policy (aosp/782082), we can tighten
up our neverallows.

Bug: 37168747
Test: m selinux_policy
Change-Id: I7545b190f35b6b2c86c5dc42c0814f7bccbf1281
---
 public/domain.te | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/public/domain.te b/public/domain.te
index 04774ed81..5f00a82cb 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -1156,7 +1156,6 @@ full_treble_only(`
     userdebug_or_eng(`-perfprofd')
     -shell
     -system_executes_vendor_violators
-    -system_server # reads vendor input files
     -ueventd # reads /vendor/ueventd.rc
   } {
     vendor_file_type
@@ -1164,6 +1163,9 @@ full_treble_only(`
     -vendor_app_file
     -vendor_configs_file
     -vendor_framework_file
+    -vendor_idc_file
+    -vendor_keychars_file
+    -vendor_keylayout_file
     -vendor_overlay_file
     -vendor_public_lib_file
     -vndk_sp_file
-- 
GitLab