sepolicy: Cleanup and cosmetic changes
cherry-picked from upstream device/linaro/dragonboard project.
No functional changes. Renamed few labels and
removed older kernel support.
Earlier I named few framework sysfs labels
based on the execs accessing those sysfs
entries.
For example:
/sys/class/remoteproc u:object_r:sysfs_tqftpserv:s0
just because tqftpserv was the only binary
which needed access of remoteproc sysfs.
That was short sighted and I try to fix some
of such cosmetic mistakes in this patch.
All the remoteproc sysfs entries (adsp/cdsp)
are labeled as sysfs_remoteproc.
Also removed few sysfs entries needed to
bring display on obsolete v5.3 and older
kernels.
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Change-Id: I9b09be07d9f74708a6be89408b565dde7c184dfd
diff --git a/sepolicy/file.te b/sepolicy/file.te
index 3e31092..4a0ada7 100644
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -1,6 +1,7 @@
type sysfs_gpu, fs_type, sysfs_type;
+type sysfs_mss, fs_type, sysfs_type;
type sysfs_rmtfs, fs_type, sysfs_type;
-type sysfs_tqftpserv, fs_type, sysfs_type;
+type sysfs_remoteproc, fs_type, sysfs_type;
type dri_device, dev_type;
type rmtfs_device, dev_type;
type modem_block_device, dev_type;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 270e621..c98d98e 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -9,15 +9,16 @@
/dev/qcom_rmtfs_mem1 u:object_r:rmtfs_device:s0
/dev/ttyMSM0 u:object_r:console_device:s0
-/sys/bus/platform/drivers/qcom-q6v5-mss u:object_r:sysfs_rmtfs:s0
+/sys/bus/platform/drivers/qcom-q6v5-mss u:object_r:sysfs_mss:s0
/sys/devices/platform/88f00000.memory/rmtfs u:object_r:sysfs_rmtfs:s0
-/sys/devices/platform/soc@0/4080000.remoteproc u:object_r:sysfs_rmtfs:s0
+/sys/devices/platform/soc@0/4080000.remoteproc u:object_r:sysfs_remoteproc:s0
/sys/devices/platform/soc@0/ae00000.mdss u:object_r:sysfs_gpu:s0
/sys/devices/platform/soc@0/c440000.spmi/spmi-0/0-00/c440000.spmi:pmic@0:rtc@6000/rtc u:object_r:sysfs_rtc:s0
-/sys/class/remoteproc u:object_r:sysfs_tqftpserv:s0
-/sys/devices/platform/remoteproc-cdsp/remoteproc/remoteproc2/firmware u:object_r:sysfs_tqftpserv:s0
+/sys/class/remoteproc u:object_r:sysfs_remoteproc:s0
+/sys/devices/platform/remoteproc-adsp/remoteproc u:object_r:sysfs_remoteproc:s0
+/sys/devices/platform/remoteproc-cdsp/remoteproc u:object_r:sysfs_remoteproc:s0
/data/vendor/tmp(/.*)? u:object_r:tqftpserv_vendor_data_file:s0
/data/vendor/readwrite(/.*)? u:object_r:tqftpserv_vendor_data_file:s0
diff --git a/sepolicy/genfs_contexts b/sepolicy/genfs_contexts
index fd55233..ee8b953 100644
--- a/sepolicy/genfs_contexts
+++ b/sepolicy/genfs_contexts
@@ -1,5 +1,6 @@
genfscon sysfs /devices/platform/88f00000.memory/rmtfs u:object_r:sysfs_rmtfs:s0
-genfscon sysfs /devices/platform/soc@0/4080000.remoteproc u:object_r:sysfs_rmtfs:s0
+genfscon sysfs /devices/platform/remoteproc-adsp/remoteproc u:object_r:sysfs_remoteproc:s0
+genfscon sysfs /devices/platform/remoteproc-cdsp/remoteproc u:object_r:sysfs_remoteproc:s0
+genfscon sysfs /devices/platform/soc@0/4080000.remoteproc u:object_r:sysfs_remoteproc:s0
genfscon sysfs /devices/platform/soc@0/ae00000.mdss u:object_r:sysfs_gpu:s0
genfscon sysfs /devices/platform/soc@0/c440000.spmi/spmi-0/0-00/c440000.spmi:pmic@0:rtc@6000 u:object_r:sysfs_rtc:s0
-genfscon sysfs /devices/platform/remoteproc-cdsp/remoteproc/remoteproc2/firmware u:object_r:sysfs_tqftpserv:s0
diff --git a/sepolicy/pd_mapper.te b/sepolicy/pd_mapper.te
index 2e48a86..597d7db 100644
--- a/sepolicy/pd_mapper.te
+++ b/sepolicy/pd_mapper.te
@@ -4,7 +4,5 @@
init_daemon_domain(pd_mapper);
allow pd_mapper self:qipcrtr_socket { create getattr read setopt write };
-allow pd_mapper sysfs_rmtfs:dir search;
-allow pd_mapper sysfs_rmtfs:file { open read };
-allow pd_mapper sysfs_tqftpserv:dir { open read search };
-allow pd_mapper sysfs_tqftpserv:file { open read };
+allow pd_mapper sysfs_remoteproc:dir { open read search };
+allow pd_mapper sysfs_remoteproc:file { open read };
diff --git a/sepolicy/rmtfs.te b/sepolicy/rmtfs.te
index fff2e64..7cef38f 100644
--- a/sepolicy/rmtfs.te
+++ b/sepolicy/rmtfs.te
@@ -8,6 +8,8 @@
allow rmtfs rmtfs_device:chr_file { open read write };
allow rmtfs self:capability net_admin;
allow rmtfs self:qipcrtr_socket { bind create getattr read setopt write };
-allow rmtfs sysfs_rmtfs:dir { open read search};
-allow rmtfs sysfs_rmtfs:file r_file_perms;
-allow rmtfs sysfs_rmtfs:file write;
+allow rmtfs sysfs_mss:dir { open read search };
+allow rmtfs sysfs_remoteproc:dir { open read search };
+allow rmtfs sysfs_remoteproc:file { open write };
+allow rmtfs sysfs_rmtfs:dir search;
+allow rmtfs sysfs_rmtfs:file { open read };
diff --git a/sepolicy/tqftpserv.te b/sepolicy/tqftpserv.te
index 46f3926..d437c0d 100644
--- a/sepolicy/tqftpserv.te
+++ b/sepolicy/tqftpserv.te
@@ -4,7 +4,7 @@
init_daemon_domain(tqftpserv);
allow tqftpserv self:qipcrtr_socket { connect create getattr read setopt write };
-allow tqftpserv sysfs_tqftpserv:dir { open read search };
-allow tqftpserv sysfs_tqftpserv:file { open read };
+allow tqftpserv sysfs_remoteproc:dir { open read search };
+allow tqftpserv sysfs_remoteproc:file { open read };
allow tqftpserv tqftpserv_vendor_data_file:dir { add_name create open read search write };
allow tqftpserv tqftpserv_vendor_data_file:file { create open write };