Revert "SELinux policy for secure persistent netd storage" am: 06486796 am: edcfb2e1

am: 0f52004b Change-Id: I5df1b7411cc87c6b983d80d716d9ec05f1ba9339

Revert "SELinux policy for secure persistent netd storage" am: 06486796 am: edcfb2e1
722583fb · Bartosz Fabianowski · android-build-merger · d6da377a · 0f52004b · 722583fb
Commit 722583fb authored 7 years ago by Bartosz Fabianowski Committed by android-build-merger 7 years ago
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -50,7 +50,6 @@ persist.logd.logpersistd        u:object_r:logpersistd_logging_prop:s0
 logd.logpersistd        u:object_r:logpersistd_logging_prop:s0
 persist.log.tag         u:object_r:log_tag_prop:s0
 persist.mmc.            u:object_r:mmc_prop:s0
-persist.netd.           u:object_r:netd_prop:s0
 persist.sys.            u:object_r:system_prop:s0
 persist.sys.safemode    u:object_r:safemode_prop:s0
 ro.sys.safemode         u:object_r:safemode_prop:s0

--- a/public/netd.te
+++ b/public/netd.te
@@ -62,7 +62,6 @@ allow netd dnsmasq:process signal;
 allow netd clatd:process signal;
 set_prop(netd, ctl_mdnsd_prop)
-set_prop(netd, netd_prop)
 # Allow netd to publish a binder service and make binder calls.
 binder_use(netd)
@@ -109,11 +108,3 @@ neverallow netd { app_data_file system_data_file }:dir_file_class_set write;
 neverallow { domain -system_server -dumpstate -netd } netd_service:service_manager find;
 neverallow { domain -system_server -dumpstate } netd:binder call;
 neverallow netd { domain -system_server -servicemanager userdebug_or_eng(`-su') }:binder call;
-# persist.netd.stable_secret contains RFC 7217 secret key which should never be
-# leaked to other processes. Make sure it never leaks.
-neverallow { domain -netd -init } netd_prop:file r_file_perms;
-# We want to ensure that no other process ever tries tampering with persist.netd.stable_secret,
-# the RFC 7217 secret key managed by netd. Doing so could compromise user privacy.
-neverallow { domain -netd -init } netd_prop:property_service set;
--- a/public/property.te
+++ b/public/property.te
@@ -31,7 +31,6 @@ type log_tag_prop, property_type, log_property_type;
 type mmc_prop, property_type;
 type net_dns_prop, property_type;
 type net_radio_prop, property_type, core_property_type;
-type netd_prop, property_type;
 type nfc_prop, property_type, core_property_type;
 type overlay_prop, property_type;
 type pan_result_prop, property_type, core_property_type;