Merge "Remove sys.linker property"

2020-02-19 03:34:29 +00:00 · 2020-02-19 03:34:29 +00:00 · 385274a35a
commit 385274a35a
parent c5953aba8b dc34050e17
5 changed files with 0 additions and 18 deletions
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@ -59,7 +59,6 @@
    mediatranscoding_tmpfs
    mirror_data_file
    light_service
-    linker_prop
    linkerconfig_file
    metadata_bootstat_file
    mnt_pass_through_file
--- a/private/domain.te
+++ b/private/domain.te
@ -61,9 +61,6 @@ allow domain vendor_task_profiles_file:file r_file_perms;
 # if memfd support can be used if device supports it
 get_prop(domain, use_memfd_prop);

-# Allow to read properties for linker
-get_prop(domain, linker_prop);
-
 # Read access to sdkextensions props
 get_prop(domain, module_sdkextensions_prop)

--- a/private/property_contexts
+++ b/private/property_contexts
@ -24,7 +24,6 @@ ro.hw.                  u:object_r:system_prop:s0
 sys.                    u:object_r:system_prop:s0
 sys.init.perf_lsm_hooks u:object_r:init_perf_lsm_hooks_prop:s0
 sys.cppreopt            u:object_r:cppreopt_prop:s0
-sys.linker.             u:object_r:linker_prop:s0
 sys.lpdumpd             u:object_r:lpdumpd_prop:s0
 sys.powerctl            u:object_r:powerctl_prop:s0
 sys.usb.ffs.            u:object_r:ffs_prop:s0
--- a/private/shell.te
+++ b/private/shell.te
@ -73,11 +73,6 @@ allow shell rs_exec:file rx_file_perms;
 set_prop(shell, lpdumpd_prop);
 binder_call(shell, lpdumpd)

-# Allow shell to set linker property
-userdebug_or_eng(`
-  set_prop(shell, linker_prop)
-')
-
 # Allow shell to get encryption policy of /data/local/tmp/, for CTS
 allowxperm shell shell_data_file:dir ioctl {
  FS_IOC_GET_ENCRYPTION_POLICY
--- a/public/property.te
+++ b/public/property.te
@ -65,7 +65,6 @@ compatible_property_only(`
 system_restricted_prop(binder_cache_bluetooth_server_prop)
 system_restricted_prop(binder_cache_system_server_prop)
 system_restricted_prop(bq_config_prop)
-system_restricted_prop(linker_prop)
 system_restricted_prop(module_sdkextensions_prop)
 system_restricted_prop(nnapi_ext_deny_product_prop)
 system_restricted_prop(restorecon_prop)
@ -365,13 +364,6 @@ dontaudit domain {
  ctl_rildaemon_prop
 }:property_service set;

-# Do now allow to modify linker properties except shell and init
-neverallow {
-  domain
-  -init
-  userdebug_or_eng(`-shell')
-} linker_prop:property_service set;
-
 neverallow {
  domain
  -init