From 888b92135cf70f57dbfb2d7ccf089c7bbf0c9a76 Mon Sep 17 00:00:00 2001
From: Tri Vo <trong@google.com>
Date: Mon, 15 Oct 2018 15:49:29 -0700
Subject: [PATCH] Reland "Treat input files as public API."

Input files are public API:
https://source.android.com/devices/input/input-device-configuration-files
Now that they have labels from core policy (aosp/782082), we can tighten
up our neverallows.

Bug: 37168747
Test: m selinux_policy
Change-Id: Ifaf9547993eb8c701fb63b7ee41971ea4e3f7cf9
---
 public/domain.te | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/public/domain.te b/public/domain.te
index 42058f470..fa21e1f37 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -1130,7 +1130,6 @@ full_treble_only(`
     userdebug_or_eng(`-perfprofd')
     -shell
     -system_executes_vendor_violators
-    -system_server # reads vendor input files
     -ueventd # reads /vendor/ueventd.rc
   } {
     vendor_file_type
@@ -1138,6 +1137,9 @@ full_treble_only(`
     -vendor_app_file
     -vendor_configs_file
     -vendor_framework_file
+    -vendor_idc_file
+    -vendor_keychars_file
+    -vendor_keylayout_file
     -vendor_overlay_file
     -vendor_public_lib_file
     -vndk_sp_file
-- 
GitLab