From f606a51e5aaa9bdee9db27cf95cbfa6a2c6acf89 Mon Sep 17 00:00:00 2001
From: Steven Moreland <smoreland@google.com>
Date: Fri, 1 Sep 2017 16:58:31 +0000
Subject: [PATCH] Revert "Permissions for screencap saving files to /sdcard/"

This reverts commit c12c734932a3359ee6ae98859c40b355b151dc8d.

Bug: 65206688

Change-Id: Ia2a04906f8585bf295b8c75e0b3d09490afb5d24
---
 private/screencap.te     | 18 ++----------------
 private/system_server.te |  1 -
 2 files changed, 2 insertions(+), 17 deletions(-)

diff --git a/private/screencap.te b/private/screencap.te
index 764880f55..579373aa6 100644
--- a/private/screencap.te
+++ b/private/screencap.te
@@ -8,7 +8,7 @@ allow screencap ion_device:chr_file rw_file_perms;
 
 allow screencap adbd:fifo_file write;
 allow screencap adbd:fd use;
-allow screencap adbd:unix_stream_socket { read write getattr ioctl };
+allow screencap adbd:unix_stream_socket { read write };
 
 allow screencap shell_data_file:file write;
 allow screencap shell:fd use;
@@ -20,21 +20,7 @@ allow screencap dumpstate:unix_stream_socket { read write };
 binder_use(screencap)
 binder_call(screencap, surfaceflinger)
 allow screencap surfaceflinger_service:service_manager find;
-binder_call(screencap, system_server)
-allow screencap activity_service:service_manager find;
+allow screencap surfaceflinger:fd use;
 
 hwbinder_use(screencap)
 hal_client_domain(screencap, hal_graphics_allocator)
-
-allow screencap shell_exec:file rx_file_perms;
-allow screencap system_file:file execute_no_trans;
-
-allow screencap media_rw_data_file:dir rw_dir_perms;
-allow screencap media_rw_data_file:file rw_file_perms;
-allow screencap mnt_user_file:dir search;
-allow screencap mnt_user_file:lnk_file read;
-allow screencap sdcardfs:dir { search write };
-allow screencap sdcardfs:file { open write };
-allow screencap storage_file:dir search;
-allow screencap storage_file:lnk_file read;
-allow screencap tmpfs:dir search;
diff --git a/private/system_server.te b/private/system_server.te
index 00dc6a568..a46272ad6 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -181,7 +181,6 @@ binder_call(system_server, gatekeeperd)
 binder_call(system_server, installd)
 binder_call(system_server, incidentd)
 binder_call(system_server, netd)
-binder_call(system_server, screencap)
 binder_call(system_server, wificond)
 binder_service(system_server)
 
-- 
GitLab