Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 312c2511f7dfbebf110f1372db55d811bc1ad29f^1..312c2511f7dfbebf110f1372db55d811bc1ad29f / .
commit312c2511f7dfbebf110f1372db55d811bc1ad29f[log] [tgz]
authorJeff Vander Stoep <jeffv@google.com>Fri Oct 23 18:05:05 2015 +0000
committerandroid-build-merger <android-build-merger@google.com>Fri Oct 23 18:05:05 2015 +0000
treef9c6042760749455e47ba8cc01c7dd7a13269ee8
parentbeb002cef031d5c7eba68bc8fe10e936c94873b4 [diff]
parent0fc831c3b0b8d9a4e10d0931131a0eed06cd4275 [diff]
Temporarily downgrade to policy version number
am: 0fc831c3b0

* commit '0fc831c3b0b8d9a4e10d0931131a0eed06cd4275':
  Temporarily downgrade to policy version number

diff --git a/Android.mk b/Android.mk
index 91d6303..102b2b1 100644
--- a/Android.mk
+++ b/Android.mk

@@ -5,7 +5,7 @@
 # SELinux policy version.
 # Must be <= /sys/fs/selinux/policyvers reported by the Android kernel.
 # Must be within the compatibility range reported by checkpolicy -V.
-POLICYVERS ?= 30
+POLICYVERS ?= 29
 
 MLS_SENS=1
 MLS_CATS=1024

diff --git a/isolated_app.te b/isolated_app.te
index 0fab85e..f405273 100644
--- a/isolated_app.te
+++ b/isolated_app.te

@@ -18,9 +18,6 @@
 allow isolated_app activity_service:service_manager find;
 allow isolated_app display_service:service_manager find;
 
-# only allow unprivileged socket ioctl commands
-allow isolated_app self:{ rawip_socket tcp_socket udp_socket } unpriv_sock_ioctls;
-
 # Google Breakpad (crash reporter for Chrome) relies on ptrace
 # functionality. Without the ability to ptrace, the crash reporter
 # tool is broken.

diff --git a/untrusted_app.te b/untrusted_app.te
index cc3bda1..bfba08a 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te

@@ -80,9 +80,6 @@
 allow untrusted_app surfaceflinger_service:service_manager find;
 allow untrusted_app app_api_service:service_manager find;
 
-# only allow unprivileged socket ioctl commands
-allow untrusted_app self:{ rawip_socket tcp_socket udp_socket } unpriv_sock_ioctls;
-
 # Allow GMS core to access perfprofd output, which is stored
 # in /data/misc/perfprofd/. GMS core will need to list all
 # data stored in that directory to process them one by one.