From 5eadcb8cb1a302a12b5d445413dea1543981c501 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Sat, 19 Nov 2016 12:52:54 -0800
Subject: [PATCH] Collapse urandom_device into random_device

urandom_device and random_device have the exact same security
properties. Collapse them into one type.

Test: device boots and /dev/urandom is labeled correctly.
Change-Id: I12da30749291bc5e37d99bc9422bb86cb58cec41
---
 private/file_contexts | 2 +-
 public/device.te      | 1 -
 public/domain.te      | 1 -
 public/init.te        | 1 -
 4 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/private/file_contexts b/private/file_contexts
index f1d736d0e..e0e9d0814 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -134,7 +134,7 @@
 /dev/uhid		u:object_r:uhid_device:s0
 /dev/uinput		u:object_r:uhid_device:s0
 /dev/uio[0-9]*		u:object_r:uio_device:s0
-/dev/urandom		u:object_r:urandom_device:s0
+/dev/urandom		u:object_r:random_device:s0
 /dev/usb_accessory	u:object_r:usbaccessory_device:s0
 /dev/vcs[0-9a-z]*	u:object_r:vcs_device:s0
 /dev/video[0-9]*	u:object_r:video_device:s0
diff --git a/public/device.te b/public/device.te
index b4ca6188d..f01dc6619 100644
--- a/public/device.te
+++ b/public/device.te
@@ -40,7 +40,6 @@ type serial_device, dev_type;
 type socket_device, dev_type;
 type owntty_device, dev_type, mlstrustedobject;
 type tty_device, dev_type;
-type urandom_device, dev_type, mlstrustedobject;
 type video_device, dev_type;
 type vcs_device, dev_type;
 type zero_device, dev_type, mlstrustedobject;
diff --git a/public/domain.te b/public/domain.te
index 66b1d8a54..7c15ebc72 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -76,7 +76,6 @@ allow { domain -hwservicemanager } binder_device:chr_file rw_file_perms;
 allow { domain -servicemanager } hwbinder_device:chr_file rw_file_perms;
 allow domain ptmx_device:chr_file rw_file_perms;
 allow domain alarm_device:chr_file r_file_perms;
-allow domain urandom_device:chr_file rw_file_perms;
 allow domain random_device:chr_file rw_file_perms;
 allow domain properties_device:dir r_dir_perms;
 allow domain properties_serial:file r_file_perms;
diff --git a/public/init.te b/public/init.te
index bef8de744..235f70c35 100644
--- a/public/init.te
+++ b/public/init.te
@@ -21,7 +21,6 @@ allow init property_type:file { create_file_perms relabelto };
 allow init { device socket_device }:dir relabelto;
 # /dev/random, /dev/urandom
 allow init random_device:chr_file relabelto;
-allow init urandom_device:chr_file relabelto;
 # /dev/device-mapper, /dev/block(/.*)?
 allow init tmpfs:{ chr_file blk_file } relabelfrom;
 allow init tmpfs:blk_file getattr;
-- 
GitLab