Gitiles
Code Review Sign In
LeafOS / LeafOS-Project / android_system_sepolicy / ced1751e45146696237b7664d7b7a8ef11f84749^! / .
commitced1751e45146696237b7664d7b7a8ef11f84749[log] [tgz]
authorTri Vo <trong@google.com>Fri Nov 09 16:10:15 2018 -0800
committerTri Vo <trong@google.com>Mon Nov 12 23:11:03 2018 +0000
treef46c67a38b2ed7765dbf08eba455af07b641f1c4
parentca5b01b0a643bd363113a854e9180f5e059961b8 [diff]
Remove mtd_device type.

mtd_device does not label any /dev node present on walleye, and the only
permission to that type is:
allow hal_telephony_server mtd_device:dir search;
I suspect there is no need to keep mtd_device around.

Bug: 110962171
Test: boot aosp_walleye
Change-Id: If74b1258b21edeca38c8b7dc07a3a10b751a7e85

diff --git a/private/compat/28.0/28.0.cil b/private/compat/28.0/28.0.cil
index 8bb849a..cd8b813 100644
--- a/private/compat/28.0/28.0.cil
+++ b/private/compat/28.0/28.0.cil

@@ -6,6 +6,7 @@
 (type i2c_device)
 (type mediacodec)
 (type mediacodec_exec)
+(type mtd_device)
 (type qtaguid_proc)
 (type thermalcallback_hwservice)
 (type untrusted_v2_app)

diff --git a/private/file_contexts b/private/file_contexts
index 571b47c..cde191c 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -102,7 +102,6 @@
 /dev/loop-control	u:object_r:loop_control_device:s0
 /dev/mem		u:object_r:kmem_device:s0
 /dev/modem.*		u:object_r:radio_device:s0
-/dev/mtd(/.*)?		u:object_r:mtd_device:s0
 /dev/mtp_usb		u:object_r:mtp_device:s0
 /dev/pmsg0		u:object_r:pmsg_device:s0
 /dev/pn544		u:object_r:nfc_device:s0

diff --git a/public/device.te b/public/device.te
index 7e18095..36a060b 100644
--- a/public/device.te
+++ b/public/device.te

@@ -28,7 +28,6 @@
 type kmem_device, dev_type;
 type port_device, dev_type;
 type lowpan_device, dev_type;
-type mtd_device, dev_type;
 type mtp_device, dev_type, mlstrustedobject;
 type nfc_device, dev_type;
 type ptmx_device, dev_type, mlstrustedobject;

diff --git a/public/hal_telephony.te b/public/hal_telephony.te
index 7e6212c..9d0f8c0 100644
--- a/public/hal_telephony.te
+++ b/public/hal_telephony.te

@@ -14,7 +14,6 @@
 allow hal_telephony_server cgroup:{ file lnk_file } r_file_perms;
 allow hal_telephony_server radio_device:chr_file rw_file_perms;
 allow hal_telephony_server radio_device:blk_file r_file_perms;
-allow hal_telephony_server mtd_device:dir search;
 allow hal_telephony_server efs_file:dir create_dir_perms;
 allow hal_telephony_server efs_file:file create_file_perms;
 allow hal_telephony_server vendor_shell_exec:file rx_file_perms;