commit 9545446de9f125dd5f1bc876a8f0933c2790a327
author Steve Kondik <steve@cyngn.com> Fri Aug 26 03:28:00 2016 -0700
committer Meninblack007 <sanyam.53jain@gmail.com> Sat Dec 24 20:42:42 2016 +0530
tree c965f9ee6de89ce1d63be57d77a09d67362d1b0b
parent c86cddac2bf70fce93549e74902f90eb3f17c635

sepolicy: More cleanups for N

 * Fix up recovery stuff
 * Disable themes until ready
 * Disable CMUpdater until ready

Change-Id: I99073b91fbd1ec16e59602da644727a0d019f330

sepolicy/file.te

diff --git a/sepolicy/file.te b/sepolicy/file.te
index f0c5a16..03855a3 100644
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -4,9 +4,6 @@
 # Performance settings
 type sysfs_devices_system_iosched, file_type, sysfs_type;
 
-# Recovery's "cache"
-type recovery_cache_file, file_type, mlstrustedobject;
-
 # Persistent property storage
 type persist_property_file, file_type;
 

sepolicy/file_contexts

diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 8929f9d..67e4895 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -1,7 +1,5 @@
 /cache/dalvik-cache(/.*)? u:object_r:dalvikcache_data_file:s0
 
-/cache/recovery(/.*)?     u:object_r:recovery_cache_file:s0
-
 /system/bin/sysinit       u:object_r:sysinit_exec:s0
 
 # For EXFAT/F2FS/NTFS partitions marked "formattable"

sepolicy/recovery.te

diff --git a/sepolicy/recovery.te b/sepolicy/recovery.te
index 18b59fe..bc53de6 100644
--- a/sepolicy/recovery.te
+++ b/sepolicy/recovery.te
@@ -11,11 +11,12 @@
 allow recovery tmpfs:sock_file create_file_perms;
 
 # Read packages.xml
-allow recovery system_data_file:file r_file_perms;
+#allow recovery system_data_file:file r_file_perms;
 
 # Manage fstab and /adb_keys
-allow recovery rootfs:file create_file_perms;
-allow recovery rootfs:dir { write create rmdir add_name remove_name };
+#allow recovery rootfs:file create_file_perms;
+#allow recovery rootfs:file link;
+#allow recovery rootfs:dir { write create rmdir add_name remove_name };
 
 # Read storage files and directories
 allow recovery media_rw_data_file:dir r_dir_perms;
@@ -29,15 +30,19 @@
 allow recovery recovery_prop:property_service set;
 
 # recursive rm for wipes... :(
-allow recovery file_type:dir { rw_dir_perms rmdir };
-allow recovery file_type:notdevfile_class_set { unlink getattr };
+#allow app_data_file self:filesystem associate;
+#allow recovery app_data_file:file { read open create write };
+#allow recovery app_data_file:filesystem { relabelto relabelfrom mount unmount };
+
+#allow recovery file_type:dir { rw_dir_perms rmdir };
+#allow recovery file_type:notdevfile_class_set { unlink getattr };
 # wipe saves and restores the layout version
-allow recovery install_data_file:file create_file_perms;
-allow recovery system_data_file:file create_file_perms;
+#allow recovery install_data_file:file create_file_perms;
+#allow recovery system_data_file:file create_file_perms;
 
 # /cache/recovery things: command and logs
-allow recovery recovery_cache_file:dir create_dir_perms;
-allow recovery recovery_cache_file:file create_file_perms;
+allow recovery cache_recovery_file:dir create_dir_perms;
+allow recovery cache_recovery_file:file create_file_perms;
 
 # set system properties for various things
 allow recovery system_prop:property_service set;

sepolicy/seapp_contexts

diff --git a/sepolicy/seapp_contexts b/sepolicy/seapp_contexts
deleted file mode 100644
index f39256a..0000000
--- a/sepolicy/seapp_contexts
+++ /dev/null
@@ -1 +0,0 @@
-user=theme_man domain=system_app type=system_data_file

sepolicy/system_app.te

diff --git a/sepolicy/system_app.te b/sepolicy/system_app.te
index be2fb2f..490ccd0 100644
--- a/sepolicy/system_app.te
+++ b/sepolicy/system_app.te
@@ -1,6 +1,6 @@
 # For the updaters
-allow system_app recovery_cache_file:dir create_dir_perms;
-allow system_app recovery_cache_file:file create_file_perms;
+allow system_app cache_recovery_file:dir create_dir_perms;
+allow system_app cache_recovery_file:file create_file_perms;
 allow system_app media_rw_data_file:dir create_dir_perms;
 allow system_app media_rw_data_file:file create_file_perms;
 

sepolicy/system_server.te

diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
index 494acae..ce9b6bd 100644
--- a/sepolicy/system_server.te
+++ b/sepolicy/system_server.te
@@ -1,5 +1,6 @@
-allow system_server recovery_cache_file:dir rw_dir_perms;
-allow system_server recovery_cache_file:file create_file_perms;
+allow system_server cache_recovery_file:dir rw_dir_perms;
+allow system_server cache_recovery_file:file create_file_perms;
+allow system_server cache_recovery_file:fifo_file create_file_perms;
 
 # Persistent properties
 allow system_server persist_property_file:dir rw_dir_perms;

sepolicy/uncrypt.te

diff --git a/sepolicy/uncrypt.te b/sepolicy/uncrypt.te
index 8fddf8a..ca4f8ad 100644
--- a/sepolicy/uncrypt.te
+++ b/sepolicy/uncrypt.te
@@ -1 +1,9 @@
 r_dir_file(uncrypt, media_rw_data_file)
+allow uncrypt cache_recovery_file:dir create_dir_perms;
+allow uncrypt cache_recovery_file:file create_file_perms;
+allow uncrypt cache_recovery_file:fifo_file rw_file_perms;
+
+allow uncrypt storage_file:dir r_dir_perms;
+allow uncrypt storage_stub_file:dir r_dir_perms;
+allow uncrypt fuse:dir r_dir_perms;
+allow uncrypt fuse:file r_file_perms;