sepolicy: More cleanups for N
* Fix up recovery stuff
* Disable themes until ready
* Disable CMUpdater until ready
Change-Id: I99073b91fbd1ec16e59602da644727a0d019f330
diff --git a/sepolicy/file.te b/sepolicy/file.te
index c2d300a..54028e1 100644
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -7,9 +7,6 @@
# Performance settings
type sysfs_devices_system_iosched, file_type, sysfs_type;
-# Recovery's "cache"
-type recovery_cache_file, file_type, mlstrustedobject;
-
# Persistent property storage
type persist_property_file, file_type;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index d02cc91..a11bd70 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -1,7 +1,5 @@
/cache/dalvik-cache(/.*)? u:object_r:dalvikcache_data_file:s0
-/cache/recovery(/.*)? u:object_r:recovery_cache_file:s0
-
# Themes
/data/system/theme(/.*)? u:object_r:themeservice_app_data_file:s0
diff --git a/sepolicy/recovery.te b/sepolicy/recovery.te
index 1a1460b..708d9b6 100644
--- a/sepolicy/recovery.te
+++ b/sepolicy/recovery.te
@@ -11,12 +11,12 @@
allow recovery tmpfs:sock_file create_file_perms;
# Read packages.xml
-allow recovery system_data_file:file r_file_perms;
+#allow recovery system_data_file:file r_file_perms;
# Manage fstab and /adb_keys
-allow recovery rootfs:file create_file_perms;
-allow recovery rootfs:file link;
-allow recovery rootfs:dir { write create rmdir add_name remove_name };
+#allow recovery rootfs:file create_file_perms;
+#allow recovery rootfs:file link;
+#allow recovery rootfs:dir { write create rmdir add_name remove_name };
# Read storage files and directories
allow recovery tmpfs:dir mounton;
@@ -34,19 +34,19 @@
allow recovery ffs_prop:property_service set;
# recursive rm for wipes... :(
-allow app_data_file self:filesystem associate;
-allow recovery app_data_file:file { read open create write };
-allow recovery app_data_file:filesystem { relabelto relabelfrom mount unmount };
+#allow app_data_file self:filesystem associate;
+#allow recovery app_data_file:file { read open create write };
+#allow recovery app_data_file:filesystem { relabelto relabelfrom mount unmount };
-allow recovery file_type:dir { rw_dir_perms rmdir };
-allow recovery file_type:notdevfile_class_set { unlink getattr };
+#allow recovery file_type:dir { rw_dir_perms rmdir };
+#allow recovery file_type:notdevfile_class_set { unlink getattr };
# wipe saves and restores the layout version
-allow recovery install_data_file:file create_file_perms;
-allow recovery system_data_file:file create_file_perms;
+#allow recovery install_data_file:file create_file_perms;
+#allow recovery system_data_file:file create_file_perms;
# /cache/recovery things: command and logs
-allow recovery recovery_cache_file:dir create_dir_perms;
-allow recovery recovery_cache_file:file create_file_perms;
+allow recovery cache_recovery_file:dir create_dir_perms;
+allow recovery cache_recovery_file:file create_file_perms;
# set system properties for various things
allow recovery system_prop:property_service set;
diff --git a/sepolicy/seapp_contexts b/sepolicy/seapp_contexts
index 11c8f00..738647e 100644
--- a/sepolicy/seapp_contexts
+++ b/sepolicy/seapp_contexts
@@ -1,4 +1,4 @@
user=_app seinfo=platform name=com.cyanogenmod.filemanager domain=untrusted_app type=app_data_file
-user=theme_man domain=system_app type=system_data_file
-user=_app seinfo=cmupdater name=com.cyanogenmod.updater domain=system_app type=system_app_data_file
-user=_app seinfo=themeservice name=org.cyanogenmod.themeservice domain=themeservice_app type=themeservice_app_data_file
\ No newline at end of file
+#user=theme_man domain=system_app type=system_data_file
+#user=_app seinfo=cmupdater name=com.cyanogenmod.updater domain=system_app type=system_app_data_file
+user=_app seinfo=themeservice name=org.cyanogenmod.themeservice domain=themeservice_app type=themeservice_app_data_file
diff --git a/sepolicy/system_app.te b/sepolicy/system_app.te
index be2fb2f..490ccd0 100644
--- a/sepolicy/system_app.te
+++ b/sepolicy/system_app.te
@@ -1,6 +1,6 @@
# For the updaters
-allow system_app recovery_cache_file:dir create_dir_perms;
-allow system_app recovery_cache_file:file create_file_perms;
+allow system_app cache_recovery_file:dir create_dir_perms;
+allow system_app cache_recovery_file:file create_file_perms;
allow system_app media_rw_data_file:dir create_dir_perms;
allow system_app media_rw_data_file:file create_file_perms;
diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
index 39ee935..ce9b6bd 100644
--- a/sepolicy/system_server.te
+++ b/sepolicy/system_server.te
@@ -1,6 +1,6 @@
-allow system_server recovery_cache_file:dir rw_dir_perms;
-allow system_server recovery_cache_file:file create_file_perms;
-allow system_server recovery_cache_file:fifo_file create_file_perms;
+allow system_server cache_recovery_file:dir rw_dir_perms;
+allow system_server cache_recovery_file:file create_file_perms;
+allow system_server cache_recovery_file:fifo_file create_file_perms;
# Persistent properties
allow system_server persist_property_file:dir rw_dir_perms;
diff --git a/sepolicy/uncrypt.te b/sepolicy/uncrypt.te
index 2697595..ca4f8ad 100644
--- a/sepolicy/uncrypt.te
+++ b/sepolicy/uncrypt.te
@@ -1,7 +1,7 @@
r_dir_file(uncrypt, media_rw_data_file)
-allow uncrypt recovery_cache_file:dir create_dir_perms;
-allow uncrypt recovery_cache_file:file create_file_perms;
-allow uncrypt recovery_cache_file:fifo_file rw_file_perms;
+allow uncrypt cache_recovery_file:dir create_dir_perms;
+allow uncrypt cache_recovery_file:file create_file_perms;
+allow uncrypt cache_recovery_file:fifo_file rw_file_perms;
allow uncrypt storage_file:dir r_dir_perms;
allow uncrypt storage_stub_file:dir r_dir_perms;