Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 1669ef469f7131e20df8ca33e5f39d660fd6b865^2..1669ef469f7131e20df8ca33e5f39d660fd6b865 / .
commit1669ef469f7131e20df8ca33e5f39d660fd6b865[log] [tgz]
authorLiana Kazanova <lkazanova@google.com>Mon Aug 05 17:22:21 2024 +0000
committerGerrit Code Review <noreply-gerritcodereview@google.com>Mon Aug 05 17:22:21 2024 +0000
treec36de27035665d23ab3a7a721e71a684345133b8
parentfce30a7deaf6705a92813b26d6fa0d7b08113444 [diff]
parent639c441c6500b19062fe698b949069fc7b1cdd0b [diff]
Merge "Revert "Expose virtual_camera types"" into main
diff --git a/private/file_contexts b/private/file_contexts
index 76f412a..ce5ed96 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -432,7 +432,6 @@
 /(vendor|system/vendor)/overlay(/.*)?          u:object_r:vendor_overlay_file:s0
 /(vendor|system/vendor)/framework(/.*)?        u:object_r:vendor_framework_file:s0
 
-/(vendor|system/vendor)/apex(/[^/]+){0,2}                      u:object_r:vendor_apex_file:s0
 /(vendor|system/vendor)/bin/misc_writer                        u:object_r:vendor_misc_writer_exec:s0
 /(vendor|system/vendor)/bin/boringssl_self_test(32|64)         u:object_r:vendor_boringssl_self_test_exec:s0
 
@@ -462,6 +461,8 @@
 # secure-element service: vendor uuid mapping config file
 /(odm|vendor/odm|vendor|system/vendor)/etc/hal_uuid_map_(.*)?\.xml    u:object_r:vendor_uuid_mapping_config_file:s0
 
+# APEX packages
+/(odm|vendor/odm|vendor|system/vendor)/apex(/[^/]+){0,2}              u:object_r:vendor_apex_file:s0
 
 # Input configuration
 /(odm|vendor/odm|vendor|system/vendor)/usr/keylayout(/.*)?\.kl        u:object_r:vendor_keylayout_file:s0

diff --git a/private/netd.te b/private/netd.te
index 37581a6..8b6ea4c 100644
--- a/private/netd.te
+++ b/private/netd.te

@@ -79,13 +79,6 @@
 allow netd system_file:file lock;
 dontaudit netd system_file:dir write;
 
-# Allow netd to write to qtaguid ctrl file.
-# TODO: Add proper rules to prevent other process to access qtaguid_proc file
-# after migration complete
-allow netd proc_qtaguid_ctrl:file rw_file_perms;
-# Allow netd to read /dev/qtaguid. This is the same privilege level that normal apps have.
-allow netd qtaguid_device:chr_file r_file_perms;
-
 r_dir_file(netd, proc_net_type)
 # For /proc/sys/net/ipv[46]/route/flush.
 allow netd proc_net_type:file rw_file_perms;