Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 10c69455 authored Oct 05, 2017 by Jeff Vander Stoep

Remove world writable sysfs files

Test: build
Change-Id: I8c4b705726af8629413c5563c2cdba07d9815661
Merged-In: I9d18d31a9a65f785cf4bc69f011990e9f8182228

parent f0254baf

target/board/generic/sepolicy/domain.te

+0 −3

Original line number	Diff line number	Diff line
		# For /sys/qemu_trace files in the emulator.
		allow domain sysfs_writable:dir search;
		allow domain sysfs_writable:file rw_file_perms;
		allow domain qemu_device:chr_file rw_file_perms;

		get_prop(domain, qemu_prop)

target/board/generic/sepolicy/file.te

+0 −1

Original line number	Diff line number	Diff line
		type qemud_socket, file_type;
		type sysfs_writable, fs_type, sysfs_type, mlstrustedobject;

target/board/generic/sepolicy/file_contexts

+0 −1

Original line number	Diff line number	Diff line
		@@ -15,7 +15,6 @@
		/dev/ttyGF[0-9]* u:object_r:serial_device:s0
		/dev/ttyS2 u:object_r:console_device:s0
		/system/bin/qemud u:object_r:qemud_exec:s0
		/sys/qemu_trace(/.*)? u:object_r:sysfs_writable:s0
		/system/etc/init.goldfish.sh u:object_r:goldfish_setup_exec:s0
		/system/vendor/bin/init.ranchu-core.sh u:object_r:goldfish_setup_exec:s0
		/system/vendor/bin/init.ranchu-net.sh u:object_r:goldfish_setup_exec:s0