commit 6cbcf3c9c1fd4e1c4b6974d4ac9c8cd8d326efba
author Jeff Vander Stoep <jeffv@google.com> Mon Aug 29 05:40:46 2016 +0000
committer android-build-merger <android-build-merger@google.com> Mon Aug 29 05:40:46 2016 +0000
tree b1968b940b8fbff7a1612fdec1c09ee865e5cc6f
parent 303be4bf0d8307b846de8a4dd32d47ed6b798506
parent 01a872eac9bd0799bc6f5211950ab68118ae175c

Merge "deprecate domain_deprecated" am: 48e536799b am: 9c8ad92677
am: 01a872eac9

Change-Id: I7cf97e5803043f1f4e1db692b506a05f2b6d7322

sepolicy/attributes

diff --git a/sepolicy/attributes b/sepolicy/attributes
new file mode 100644
index 0000000..d140949
--- /dev/null
+++ b/sepolicy/attributes
@@ -0,0 +1,4 @@
+# domain_deprecated attribute is being removed from core policy. Leave it
+# in device-specific policy for device-specific domains. Unlike core policy,
+# device-specific policy will eventually be deprecated.
+attribute device_domain_deprecated;

sepolicy/device_domain_deprecated.te

diff --git a/sepolicy/device_domain_deprecated.te b/sepolicy/device_domain_deprecated.te
new file mode 100644
index 0000000..bbe0b71
--- /dev/null
+++ b/sepolicy/device_domain_deprecated.te
@@ -0,0 +1,36 @@
+allow device_domain_deprecated adbd:unix_stream_socket connectto;
+allow device_domain_deprecated adbd:fd use;
+allow device_domain_deprecated adbd:unix_stream_socket { getattr getopt ioctl read write shutdown };
+allow device_domain_deprecated rootfs:dir r_dir_perms;
+allow device_domain_deprecated rootfs:file r_file_perms;
+allow device_domain_deprecated rootfs:lnk_file r_file_perms;
+allow device_domain_deprecated device:file read;
+allow device_domain_deprecated system_file:dir r_dir_perms;
+allow device_domain_deprecated system_file:file r_file_perms;
+allow device_domain_deprecated system_file:lnk_file r_file_perms;
+allow device_domain_deprecated system_data_file:file { getattr read };
+allow device_domain_deprecated system_data_file:lnk_file r_file_perms;
+allow device_domain_deprecated apk_data_file:dir { getattr search };
+allow device_domain_deprecated apk_data_file:file r_file_perms;
+allow device_domain_deprecated apk_data_file:lnk_file r_file_perms;
+allow device_domain_deprecated dalvikcache_data_file:dir { search getattr };
+allow device_domain_deprecated dalvikcache_data_file:file r_file_perms;
+allow device_domain_deprecated cache_file:dir r_dir_perms;
+allow device_domain_deprecated cache_file:file { getattr read };
+allow device_domain_deprecated cache_file:lnk_file r_file_perms;
+allow device_domain_deprecated ion_device:chr_file rw_file_perms;
+allow device_domain_deprecated proc:dir r_dir_perms;
+allow device_domain_deprecated proc:{ file lnk_file } r_file_perms;
+allow device_domain_deprecated sysfs:dir r_dir_perms;
+allow device_domain_deprecated sysfs:{ file lnk_file } r_file_perms;
+allow device_domain_deprecated inotify:dir r_dir_perms;
+allow device_domain_deprecated inotify:{ file lnk_file } r_file_perms;
+allow device_domain_deprecated cgroup:dir r_dir_perms;
+allow device_domain_deprecated cgroup:{ file lnk_file } r_file_perms;
+allow device_domain_deprecated proc_meminfo:file r_file_perms;
+allow device_domain_deprecated proc_net:dir r_dir_perms;
+allow device_domain_deprecated proc_net:{ file lnk_file } r_file_perms;
+allow device_domain_deprecated selinuxfs:dir r_dir_perms;
+allow device_domain_deprecated selinuxfs:file r_file_perms;
+allow device_domain_deprecated asec_public_file:file r_file_perms;
+allow device_domain_deprecated { asec_public_file asec_apk_file }:dir r_dir_perms;

sepolicy/kickstart.te

diff --git a/sepolicy/kickstart.te b/sepolicy/kickstart.te
index 3cf82d0..15937bb 100644
--- a/sepolicy/kickstart.te
+++ b/sepolicy/kickstart.te
@@ -1,5 +1,5 @@
 # kickstart processes and scripts (system process)
-type kickstart, domain, domain_deprecated;
+type kickstart, domain, device_domain_deprecated;
 type kickstart_exec, file_type, exec_type;
 
 init_daemon_domain(kickstart)

sepolicy/netmgrd.te

diff --git a/sepolicy/netmgrd.te b/sepolicy/netmgrd.te
index 113ec17..df591dd 100644
--- a/sepolicy/netmgrd.te
+++ b/sepolicy/netmgrd.te
@@ -1,5 +1,5 @@
 # Network utilities (radio process)
-type netmgrd, domain, domain_deprecated;
+type netmgrd, domain, device_domain_deprecated;
 type netmgrd_exec, exec_type, file_type;
 
 # Started by init

sepolicy/qmuxd.te

diff --git a/sepolicy/qmuxd.te b/sepolicy/qmuxd.te
index fb90db8..d6a5d16 100644
--- a/sepolicy/qmuxd.te
+++ b/sepolicy/qmuxd.te
@@ -1,5 +1,5 @@
 # Qualcomm Management Interface Multiplexer
-type qmuxd, domain, domain_deprecated;
+type qmuxd, domain, device_domain_deprecated;
 type qmuxd_exec, exec_type, file_type;
 
 # Started by init

sepolicy/touch_fusion.te

diff --git a/sepolicy/touch_fusion.te b/sepolicy/touch_fusion.te
index 2652ef1..eb3e52e 100644
--- a/sepolicy/touch_fusion.te
+++ b/sepolicy/touch_fusion.te
@@ -1,5 +1,5 @@
 # touch_fusion
-type touch_fusion, domain, domain_deprecated;
+type touch_fusion, domain, device_domain_deprecated;
 type touch_fusion_exec, exec_type, file_type;
 
 # Why net_admin?