Remove sepolicy for /dev/alarm.

After b/28357356 /dev/alarm is no longer used by android platform. Also, Pixel devices don't have /dev/alarm. Bug: 110962171 Test: boot aosp_walleye Change-Id: Id9723996104a2548ddf366489890c098d1ea87be
2018-11-15 14:29:49 -08:00 · 2018-11-15 14:29:49 -08:00 · 02c4c3fa7b
commit 02c4c3fa7b
parent 8155b44afc
8 changed files with 1 additions and 7 deletions
--- a/private/compat/28.0/28.0.cil
+++ b/private/compat/28.0/28.0.cil
@ -1,4 +1,5 @@
 ;; types removed from current policy
+(type alarm_device)
 (type audio_seq_device)
 (type audio_timer_device)
 (type commontime_management_service)
--- a/private/file_contexts
+++ b/private/file_contexts
@ -71,7 +71,6 @@
 /dev/adf[0-9]*		u:object_r:graphics_device:s0
 /dev/adf-interface[0-9]*\.[0-9]*	u:object_r:graphics_device:s0
 /dev/adf-overlay-engine[0-9]*\.[0-9]*	u:object_r:graphics_device:s0
-/dev/alarm		u:object_r:alarm_device:s0
 /dev/ashmem		u:object_r:ashmem_device:s0
 /dev/audio.*		u:object_r:audio_device:s0
 /dev/binder		u:object_r:binder_device:s0
--- a/private/system_server.te
+++ b/private/system_server.te
@ -325,7 +325,6 @@ allow system_server sysfs_usb:file w_file_perms;
 # Access devices.
 allow system_server device:dir r_dir_perms;
 allow system_server mdns_socket:sock_file rw_file_perms;
-allow system_server alarm_device:chr_file rw_file_perms;
 allow system_server gpu_device:chr_file rw_file_perms;
 allow system_server input_device:dir r_dir_perms;
 allow system_server input_device:chr_file rw_file_perms;
--- a/public/device.te
+++ b/public/device.te
@ -1,6 +1,5 @@
 # Device types
 type device, dev_type, fs_type;
-type alarm_device, dev_type, mlstrustedobject;
 type ashmem_device, dev_type, mlstrustedobject;
 type audio_device, dev_type;
 type binder_device, dev_type, mlstrustedobject;
--- a/public/domain.te
+++ b/public/domain.te
@ -75,7 +75,6 @@ allow {
 not_full_treble(`allow { domain -hwservicemanager -vndservicemanager } binder_device:chr_file rw_file_perms;')
 allow { domain -servicemanager -vndservicemanager -isolated_app } hwbinder_device:chr_file rw_file_perms;
 allow domain ptmx_device:chr_file rw_file_perms;
-allow domain alarm_device:chr_file r_file_perms;
 allow domain random_device:chr_file rw_file_perms;
 allow domain proc_random:dir r_dir_perms;
 allow domain proc_random:file r_file_perms;
--- a/public/hal_telephony.te
+++ b/public/hal_telephony.te
@ -9,7 +9,6 @@ allowxperm hal_telephony_server self:udp_socket ioctl priv_sock_ioctls;
 allow hal_telephony_server self:netlink_route_socket nlmsg_write;
 allow hal_telephony_server kernel:system module_request;
 allow hal_telephony_server self:global_capability_class_set { setpcap setgid setuid net_admin net_raw };
-allow hal_telephony_server alarm_device:chr_file rw_file_perms;
 allow hal_telephony_server cgroup:dir create_dir_perms;
 allow hal_telephony_server cgroup:{ file lnk_file } r_file_perms;
 allow hal_telephony_server radio_device:chr_file rw_file_perms;
--- a/public/init.te
+++ b/public/init.te
@ -257,7 +257,6 @@ allow init {
 allow init { fs_type -contextmount_type -sdcard_type -rootfs }:dir  { open read setattr search };

 allow init {
-  alarm_device
  ashmem_device
  binder_device
  console_device
--- a/public/radio.te
+++ b/public/radio.te
@ -12,7 +12,6 @@ not_full_treble(`unix_socket_connect(radio, rild, hal_telephony_server)')
 allow radio radio_data_file:dir create_dir_perms;
 allow radio radio_data_file:notdevfile_class_set create_file_perms;

-allow radio alarm_device:chr_file rw_file_perms;

 allow radio net_data_file:dir search;
 allow radio net_data_file:file r_file_perms;