Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 02f9e93ace4cfda5ceeae254d6260d3733d5f7b5^1..02f9e93ace4cfda5ceeae254d6260d3733d5f7b5 / .
commit02f9e93ace4cfda5ceeae254d6260d3733d5f7b5[log] [tgz]
authorNick Kralevich <nnk@google.com>Tue Apr 08 23:45:04 2014 +0000
committerGerrit Code Review <noreply-gerritcodereview@google.com>Tue Apr 08 23:45:05 2014 +0000
treeb44b9045ea830adaf502c26d3d58f8723d4fd69b
parent2b749272fc96b2000182850288b4ff7471929069 [diff]
parent4b3893f90bf6bc67de232ddc44123974d36770ef [diff]
Merge "Replace ctl_default_prop access with explicit service property keys."
diff --git a/netd.te b/netd.te
index 5020898..46cc436 100644
--- a/netd.te
+++ b/netd.te

@@ -56,9 +56,7 @@
 domain_auto_trans(netd, clatd_exec, clatd)
 allow netd clatd:process signal;
 
-# Support netd running mdnsd
-# TODO: prune this back further
-allow netd ctl_default_prop:property_service set;
+allow netd ctl_mdnsd_prop:property_service set;
 
 ###
 ### Neverallow rules

diff --git a/property.te b/property.te
index c1dc254..6f2b280 100644
--- a/property.te
+++ b/property.te

@@ -6,8 +6,11 @@
 type system_prop, property_type;
 type vold_prop, property_type;
 type rild_prop, property_type;
+type ctl_bootanim_prop, property_type;
 type ctl_default_prop, property_type;
 type ctl_dumpstate_prop, property_type;
+type ctl_fuse_prop, property_type;
+type ctl_mdnsd_prop, property_type;
 type ctl_rildaemon_prop, property_type;
 type ctl_bugreport_prop, property_type;
 type audio_prop, property_type;

diff --git a/property_contexts b/property_contexts
index 08874c5..aedf60c 100644
--- a/property_contexts
+++ b/property_contexts

@@ -52,7 +52,10 @@
 crypto.                 u:object_r:vold_prop:s0
 
 # ctl properties
+ctl.bootanim            u:object_r:ctl_bootanim_prop:s0
 ctl.dumpstate           u:object_r:ctl_dumpstate_prop:s0
+ctl.fuse_               u:object_r:ctl_fuse_prop:s0
+ctl.mdnsd               u:object_r:ctl_mdnsd_prop:s0
 ctl.ril-daemon          u:object_r:ctl_rildaemon_prop:s0
 ctl.bugreport           u:object_r:ctl_bugreport_prop:s0
 ctl.                    u:object_r:ctl_default_prop:s0

diff --git a/surfaceflinger.te b/surfaceflinger.te
index 5ecfd18..20fef95 100644
--- a/surfaceflinger.te
+++ b/surfaceflinger.te

@@ -38,7 +38,7 @@
 
 # Set properties.
 allow surfaceflinger system_prop:property_service set;
-allow surfaceflinger ctl_default_prop:property_service set;
+allow surfaceflinger ctl_bootanim_prop:property_service set;
 
 # Use open files supplied by an app.
 allow surfaceflinger appdomain:fd use;

diff --git a/vold.te b/vold.te
index cc70e8a..b76be76 100644
--- a/vold.te
+++ b/vold.te

@@ -65,7 +65,7 @@
 # Property Service
 allow vold vold_prop:property_service set;
 allow vold powerctl_prop:property_service set;
-allow vold ctl_default_prop:property_service set;
+allow vold ctl_fuse_prop:property_service set;
 
 # ASEC
 allow vold asec_image_file:file create_file_perms;