Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 5eadcb8cb1a302a12b5d445413dea1543981c501^! / .
commit5eadcb8cb1a302a12b5d445413dea1543981c501[log] [tgz]
authorNick Kralevich <nnk@google.com>Sat Nov 19 12:52:54 2016 -0800
committerNick Kralevich <nnk@google.com>Mon Nov 21 16:37:07 2016 +0000
treea89543fc21da73834fb4dd2a1f56e13d82dc0326
parentf2de07529b9db84b85064580b0c7aae2a751b0b9 [diff]
Collapse urandom_device into random_device

urandom_device and random_device have the exact same security
properties. Collapse them into one type.

Test: device boots and /dev/urandom is labeled correctly.
Change-Id: I12da30749291bc5e37d99bc9422bb86cb58cec41

diff --git a/private/file_contexts b/private/file_contexts
index f1d736d..e0e9d08 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -134,7 +134,7 @@
 /dev/uhid		u:object_r:uhid_device:s0
 /dev/uinput		u:object_r:uhid_device:s0
 /dev/uio[0-9]*		u:object_r:uio_device:s0
-/dev/urandom		u:object_r:urandom_device:s0
+/dev/urandom		u:object_r:random_device:s0
 /dev/usb_accessory	u:object_r:usbaccessory_device:s0
 /dev/vcs[0-9a-z]*	u:object_r:vcs_device:s0
 /dev/video[0-9]*	u:object_r:video_device:s0

diff --git a/public/device.te b/public/device.te
index b4ca618..f01dc66 100644
--- a/public/device.te
+++ b/public/device.te

@@ -40,7 +40,6 @@
 type socket_device, dev_type;
 type owntty_device, dev_type, mlstrustedobject;
 type tty_device, dev_type;
-type urandom_device, dev_type, mlstrustedobject;
 type video_device, dev_type;
 type vcs_device, dev_type;
 type zero_device, dev_type, mlstrustedobject;

diff --git a/public/domain.te b/public/domain.te
index 66b1d8a..7c15ebc 100644
--- a/public/domain.te
+++ b/public/domain.te

@@ -76,7 +76,6 @@
 allow { domain -servicemanager } hwbinder_device:chr_file rw_file_perms;
 allow domain ptmx_device:chr_file rw_file_perms;
 allow domain alarm_device:chr_file r_file_perms;
-allow domain urandom_device:chr_file rw_file_perms;
 allow domain random_device:chr_file rw_file_perms;
 allow domain properties_device:dir r_dir_perms;
 allow domain properties_serial:file r_file_perms;

diff --git a/public/init.te b/public/init.te
index bef8de7..235f70c 100644
--- a/public/init.te
+++ b/public/init.te

@@ -21,7 +21,6 @@
 allow init { device socket_device }:dir relabelto;
 # /dev/random, /dev/urandom
 allow init random_device:chr_file relabelto;
-allow init urandom_device:chr_file relabelto;
 # /dev/device-mapper, /dev/block(/.*)?
 allow init tmpfs:{ chr_file blk_file } relabelfrom;
 allow init tmpfs:blk_file getattr;