commit 5b98d78fa992f296c750d9872387847358d09889
author Steve Kondik <steve@cyngn.com> Fri Aug 26 03:28:00 2016 -0700
committer Steve Kondik <steve@cyngn.com> Sun Sep 04 04:46:06 2016 -0700
tree 98dee3f6add29bf688d57303f16aa66d5f1a31fe
parent a3765ca9efcaaf716f4731c9ca0b61b1e942ba83

sepolicy: More cleanups for N

 * Fix up recovery stuff
 * Disable themes until ready
 * Disable CMUpdater until ready

Change-Id: I99073b91fbd1ec16e59602da644727a0d019f330

sepolicy/recovery.te

diff --git a/sepolicy/recovery.te b/sepolicy/recovery.te
index 1a1460b..708d9b6 100644
--- a/sepolicy/recovery.te
+++ b/sepolicy/recovery.te
@@ -11,12 +11,12 @@
 allow recovery tmpfs:sock_file create_file_perms;
 
 # Read packages.xml
-allow recovery system_data_file:file r_file_perms;
+#allow recovery system_data_file:file r_file_perms;
 
 # Manage fstab and /adb_keys
-allow recovery rootfs:file create_file_perms;
-allow recovery rootfs:file link;
-allow recovery rootfs:dir { write create rmdir add_name remove_name };
+#allow recovery rootfs:file create_file_perms;
+#allow recovery rootfs:file link;
+#allow recovery rootfs:dir { write create rmdir add_name remove_name };
 
 # Read storage files and directories
 allow recovery tmpfs:dir mounton;
@@ -34,19 +34,19 @@
 allow recovery ffs_prop:property_service set;
 
 # recursive rm for wipes... :(
-allow app_data_file self:filesystem associate;
-allow recovery app_data_file:file { read open create write };
-allow recovery app_data_file:filesystem { relabelto relabelfrom mount unmount };
+#allow app_data_file self:filesystem associate;
+#allow recovery app_data_file:file { read open create write };
+#allow recovery app_data_file:filesystem { relabelto relabelfrom mount unmount };
 
-allow recovery file_type:dir { rw_dir_perms rmdir };
-allow recovery file_type:notdevfile_class_set { unlink getattr };
+#allow recovery file_type:dir { rw_dir_perms rmdir };
+#allow recovery file_type:notdevfile_class_set { unlink getattr };
 # wipe saves and restores the layout version
-allow recovery install_data_file:file create_file_perms;
-allow recovery system_data_file:file create_file_perms;
+#allow recovery install_data_file:file create_file_perms;
+#allow recovery system_data_file:file create_file_perms;
 
 # /cache/recovery things: command and logs
-allow recovery recovery_cache_file:dir create_dir_perms;
-allow recovery recovery_cache_file:file create_file_perms;
+allow recovery cache_recovery_file:dir create_dir_perms;
+allow recovery cache_recovery_file:file create_file_perms;
 
 # set system properties for various things
 allow recovery system_prop:property_service set;