From 6a259ccd9ddc01fdeb6ead7ed3f9a3e3beb36cfe Mon Sep 17 00:00:00 2001 From: Nick Kralevich <nnk@google.com> Date: Fri, 9 Dec 2016 19:30:39 -0800 Subject: [PATCH] remove more domain_deprecated Test: no denials showing up in log collection Test: device boots Bug: 28760354 Change-Id: I089cfcf486464952fcbb52cce9f6152caf662c23 --- public/blkid.te | 2 +- public/blkid_untrusted.te | 2 +- public/dnsmasq.te | 2 +- public/idmap.te | 2 +- public/nfc.te | 2 +- public/sgdisk.te | 2 +- public/surfaceflinger.te | 2 +- public/tzdatacheck.te | 2 +- public/vdc.te | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/public/blkid.te b/public/blkid.te index 43bc94457..c8df183f8 100644 --- a/public/blkid.te +++ b/public/blkid.te @@ -1,5 +1,5 @@ # blkid called from vold -type blkid, domain, domain_deprecated; +type blkid, domain; type blkid_exec, exec_type, file_type; # Allowed read-only access to encrypted devices to extract UUID/label diff --git a/public/blkid_untrusted.te b/public/blkid_untrusted.te index da3bdac7b..cbbbbae57 100644 --- a/public/blkid_untrusted.te +++ b/public/blkid_untrusted.te @@ -1,5 +1,5 @@ # blkid for untrusted block devices -type blkid_untrusted, domain, domain_deprecated; +type blkid_untrusted, domain; # Allowed read-only access to vold block devices to extract UUID/label allow blkid_untrusted block_device:dir search; diff --git a/public/dnsmasq.te b/public/dnsmasq.te index c52640f1d..ccac69a33 100644 --- a/public/dnsmasq.te +++ b/public/dnsmasq.te @@ -1,5 +1,5 @@ # DNS, DHCP services -type dnsmasq, domain, domain_deprecated; +type dnsmasq, domain; type dnsmasq_exec, exec_type, file_type; net_domain(dnsmasq) diff --git a/public/idmap.te b/public/idmap.te index c1b4d0fd8..1ab497ee0 100644 --- a/public/idmap.te +++ b/public/idmap.te @@ -1,5 +1,5 @@ # idmap, when executed by installd -type idmap, domain, domain_deprecated; +type idmap, domain; type idmap_exec, exec_type, file_type; # Use open file to /data/resource-cache file inherited from installd. diff --git a/public/nfc.te b/public/nfc.te index f887c2894..9296a727f 100644 --- a/public/nfc.te +++ b/public/nfc.te @@ -1,5 +1,5 @@ # nfc subsystem -type nfc, domain, domain_deprecated; +type nfc, domain; net_domain(nfc) binder_service(nfc) diff --git a/public/sgdisk.te b/public/sgdisk.te index 43636d431..300739878 100644 --- a/public/sgdisk.te +++ b/public/sgdisk.te @@ -1,5 +1,5 @@ # sgdisk called from vold -type sgdisk, domain, domain_deprecated; +type sgdisk, domain; type sgdisk_exec, exec_type, file_type; # Allowed to read/write low-level partition tables diff --git a/public/surfaceflinger.te b/public/surfaceflinger.te index 608afc5d6..699984f14 100644 --- a/public/surfaceflinger.te +++ b/public/surfaceflinger.te @@ -1,5 +1,5 @@ # surfaceflinger - display compositor service -type surfaceflinger, domain, domain_deprecated; +type surfaceflinger, domain; type surfaceflinger_exec, exec_type, file_type; typeattribute surfaceflinger mlstrustedsubject; diff --git a/public/tzdatacheck.te b/public/tzdatacheck.te index 37daa7516..93ae16529 100644 --- a/public/tzdatacheck.te +++ b/public/tzdatacheck.te @@ -1,5 +1,5 @@ # The tzdatacheck command run by init. -type tzdatacheck, domain, domain_deprecated; +type tzdatacheck, domain; type tzdatacheck_exec, exec_type, file_type; allow tzdatacheck zoneinfo_data_file:dir create_dir_perms; diff --git a/public/vdc.te b/public/vdc.te index 394ac96aa..67fb7a3a0 100644 --- a/public/vdc.te +++ b/public/vdc.te @@ -5,7 +5,7 @@ # We also transition into this domain from dumpstate, when # collecting bug reports. -type vdc, domain, domain_deprecated; +type vdc, domain; type vdc_exec, exec_type, file_type; unix_socket_connect(vdc, vold, vold) -- GitLab