commit f1e71dc75c4383e5ed1c9768b46fb0ae52fa11ca
author Tri Vo <trong@google.com> Wed Aug 21 13:06:29 2019 -0700
committer Tri Vo <trong@google.com> Wed Aug 21 13:07:09 2019 -0700
tree 15c233ad6d9ccf18ae75fb5f6fdaa6f7a2aed73d
parent 804d99ac76541521336b9dff38514f3e887ea963

selinux: remove sysfs_mac_address

Nothing is actually labeled as 'sysfs_mac_address'.

Bug: 137816564
Test: m selinux_policy
Change-Id: I2d7e71ecb3a2b4ed76c13eb05ecac3064c1bc469

private/app_neverallows.te

diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index ae9f172..2531645 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -86,7 +86,6 @@
 neverallow all_untrusted_apps file_type:file link;
 
 # Do not allow untrusted apps to access network MAC address file
-neverallow all_untrusted_apps sysfs_mac_address:file no_rw_file_perms;
 neverallow all_untrusted_apps sysfs_net:file no_rw_file_perms;
 
 # Do not allow any write access to files in /sys

private/compat/29.0/29.0.cil

diff --git a/private/compat/29.0/29.0.cil b/private/compat/29.0/29.0.cil
index 01e8605..ed7ba0a 100644
--- a/private/compat/29.0/29.0.cil
+++ b/private/compat/29.0/29.0.cil
@@ -2,6 +2,7 @@
 (type hal_wifi_offload_hwservice)
 (type perfprofd_data_file)
 (type perfprofd_service)
+(type sysfs_mac_address)
 
 (expandtypeattribute (accessibility_service_29_0) true)
 (expandtypeattribute (account_service_29_0) true)

private/system_server.te

diff --git a/private/system_server.te b/private/system_server.te
index 1f8945b..2543fa6 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -320,7 +320,6 @@
 r_dir_file(system_server, sysfs_wakeup_reasons)
 
 allow system_server sysfs_nfc_power_writable:file rw_file_perms;
-allow system_server sysfs_mac_address:file r_file_perms;
 allow system_server sysfs_power:dir search;
 allow system_server sysfs_power:file rw_file_perms;
 allow system_server sysfs_thermal:dir search;
@@ -779,9 +778,6 @@
 allow system_server fingerprintd_data_file:dir { r_dir_perms remove_name rmdir relabelto write };
 allow system_server fingerprintd_data_file:file { getattr unlink };
 
-# Allow system process to read network MAC address
-allow system_server sysfs_mac_address:file r_file_perms;
-
 userdebug_or_eng(`
   # Allow system server to create and write method traces in /data/misc/trace.
   allow system_server method_trace_data_file:dir w_dir_perms;

public/file.te

diff --git a/public/file.te b/public/file.te
index 1fd00a4..8ef00eb 100644
--- a/public/file.te
+++ b/public/file.te
@@ -90,7 +90,6 @@
 type sysfs_hwrandom, fs_type, sysfs_type;
 type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject;
 type sysfs_wake_lock, fs_type, sysfs_type;
-type sysfs_mac_address, fs_type, sysfs_type;
 type sysfs_net, fs_type, sysfs_type;
 type sysfs_power, fs_type, sysfs_type;
 type sysfs_rtc, fs_type, sysfs_type;