msm8953-common: sepolicy: Fix treble neverallows

* Mark necessary types with data_between_core_and_vendor_violators * Remove some deprecated rules Change-Id: I6aa8c3457685146ee38317de2d173b8731d661c2

msm8953-common: sepolicy: Fix treble neverallows
dce7ed58 · Artem Borisov · f5c43922 · dce7ed58 · f5c43922 · f5c43922
Commit dce7ed58 authored 6 years ago by Artem Borisov
--- a/sepolicy/hal_bluetooth_default.te
+++ b/sepolicy/hal_bluetooth_default.te
+typeattribute hal_bluetooth_default data_between_core_and_vendor_violators;
+
 allow hal_bluetooth_default bluetooth_data_file:dir search;
 allow hal_bluetooth_default bluetooth_data_file:file r_file_perms;
--- a/sepolicy/hal_drm_default.te
+++ b/sepolicy/hal_drm_default.te
-allow hal_drm_default media_data_file:dir create_dir_perms;
-allow hal_drm_default media_data_file:file create_file_perms;
--- a/sepolicy/hal_drm_widevine.te
+++ b/sepolicy/hal_drm_widevine.te
-allow hal_drm_widevine media_data_file:dir create_dir_perms;
-allow hal_drm_widevine media_data_file:file create_file_perms;
--- a/sepolicy/mm-qcamerad.te
+++ b/sepolicy/mm-qcamerad.te
+typeattribute mm-qcamerad data_between_core_and_vendor_violators;
+
 type_transition mm-qcamerad camera_data_file:sock_file camera_socket "cam_socket1";
 type_transition mm-qcamerad camera_data_file:sock_file camera_socket "cam_socket2";
 allow mm-qcamerad camera_socket:dir w_dir_perms;

--- a/sepolicy/qti_init_shell.te
+++ b/sepolicy/qti_init_shell.te
+typeattribute qti_init_shell data_between_core_and_vendor_violators;
+
 allow qti_init_shell proc_touchpanel:dir { r_dir_perms setattr };
 allow qti_init_shell proc_touchpanel:file { getattr setattr };
 allow qti_init_shell bluetooth_data_file:file r_file_perms;

--- a/sepolicy/tee.te
+++ b/sepolicy/tee.te
+typeattribute tee data_between_core_and_vendor_violators;
+
 # /data/goodix labeling
 type_transition tee system_data_file:{ dir file } gx_fpd_data_file;


--- a/sepolicy/time_daemon.te
+++ b/sepolicy/time_daemon.te
-allow time_daemon time_data_file:file create_file_perms;
-allow time_daemon time_data_file:dir w_dir_perms;
--- a/sepolicy/ueventd.te
+++ b/sepolicy/ueventd.te
+typeattribute ueventd data_between_core_and_vendor_violators;
+
 allow ueventd fpc_sysfs:file rw_file_perms;
 allow ueventd wifi_vendor_data_file:dir r_dir_perms;
 allow ueventd wifi_vendor_data_file:file r_file_perms;
--- a/sepolicy/vendor_init.te
+++ b/sepolicy/vendor_init.te
+typeattribute vendor_init data_between_core_and_vendor_violators;
+
 allow vendor_init {
  bluetooth_data_file
  camera_data_file