Snap for 9550355 from 4c8c9b0f358859673eb919cd43d61b34556eccd9 to sdk-release
Change-Id: I6bb3e207b592c8989ff0b07b95278e3e8c3a1bfc
diff --git a/neverallows/plat_public/neverallows.te b/neverallows/plat_public/neverallows.te
index d4141b5..1e1bce7 100644
--- a/neverallows/plat_public/neverallows.te
+++ b/neverallows/plat_public/neverallows.te
@@ -257,6 +257,7 @@
')
neverallow ~{
+ artd
apexd
init
installd
@@ -271,6 +272,8 @@
zygote
} system_data_file:dir ~{ search getattr };
+ neverallow artd system_data_file:dir ~r_dir_perms;
+
neverallow apexd system_data_file:dir ~r_dir_perms;
neverallow init system_data_file:dir ~{
diff --git a/non_plat/file.te b/non_plat/file.te
index 9699e92..abd910a 100644
--- a/non_plat/file.te
+++ b/non_plat/file.te
@@ -197,9 +197,6 @@
#autokd data file
type autokd_data_file, file_type, data_file_type;
-#fuse
-type fuseblk,sdcard_type,fs_type,mlstrustedobject;
-
# for mt-ramdump reset
type proc_mrdump_rst, fs_type, proc_type;
diff --git a/non_plat/genfs_contexts b/non_plat/genfs_contexts
index f0b0e56..a18259e 100644
--- a/non_plat/genfs_contexts
+++ b/non_plat/genfs_contexts
@@ -234,7 +234,7 @@
genfscon iso9660 / u:object_r:iso9660:s0
genfscon rawfs / u:object_r:rawfs:s0
-genfscon fuseblk / u:object_r:fuseblk:s0
+
# 2019/08/24
genfscon sysfs /class/sensor u:object_r:sysfs_sensor:s0
@@ -356,18 +356,10 @@
# Date : WK20.25
# Operation: R migration
# Purpose : for VTS NetdSELinuxTest.CheckProperMTULabels requirement.
-genfscon sysfs /devices/platform/18000000.wifi/net/wlan0/mtu u:object_r:sysfs_net:s0
-genfscon sysfs /devices/platform/18000000.wifi/net/wlan1/mtu u:object_r:sysfs_net:s0
-genfscon sysfs /devices/platform/soc/18000000.wifi/net/wlan0/mtu u:object_r:sysfs_net:s0
-genfscon sysfs /devices/platform/soc/18000000.wifi/net/wlan1/mtu u:object_r:sysfs_net:s0
-genfscon sysfs /devices/platform/180f0000.wifi/net/wlan0/mtu u:object_r:sysfs_net:s0
-genfscon sysfs /devices/platform/180f0000.wifi/net/wlan1/mtu u:object_r:sysfs_net:s0
-genfscon sysfs /devices/platform/180f0000.wifi/net/p2p0/mtu u:object_r:sysfs_net:s0
-genfscon sysfs /devices/platform/180f0000.wifi/net/p2p1/mtu u:object_r:sysfs_net:s0
-genfscon sysfs /devices/platform/bus/180f0000.WIFI/net/wlan0/mtu u:object_r:sysfs_net:s0
-genfscon sysfs /devices/platform/bus/180f0000.WIFI/net/wlan1/mtu u:object_r:sysfs_net:s0
-genfscon sysfs /devices/platform/bus/180f0000.WIFI/net/p2p0/mtu u:object_r:sysfs_net:s0
-genfscon sysfs /devices/platform/bus/180f0000.WIFI/net/p2p1/mtu u:object_r:sysfs_net:s0
+genfscon sysfs /devices/platform/18000000.wifi/net u:object_r:sysfs_net:s0
+genfscon sysfs /devices/platform/soc/18000000.wifi/net u:object_r:sysfs_net:s0
+genfscon sysfs /devices/platform/180f0000.wifi/net u:object_r:sysfs_net:s0
+genfscon sysfs /devices/platform/bus/180f0000.WIFI/net u:object_r:sysfs_net:s0
# 2020/06/29
# Operation: R migration
diff --git a/non_plat/kernel.te b/non_plat/kernel.te
index 15b2430..43bf6fd 100644
--- a/non_plat/kernel.te
+++ b/non_plat/kernel.te
@@ -47,12 +47,6 @@
# Date : WK16.30
# Operation: SQC
# Purpose: Allow sdcardfs workqueue to access lower file systems
-allow kernel { fuseblk }:dir create_dir_perms;
-allow kernel { fuseblk }:file create_file_perms;
-
-# Date : WK16.30
-# Operation: SQC
-# Purpose: Allow sdcardfs workqueue to access lower file systems
allow kernel {vfat mnt_media_rw_file}:dir create_dir_perms;
allow kernel {vfat mnt_media_rw_file}:file create_file_perms;
allow kernel kernel:key { write search setattr };
diff --git a/non_plat/mnld.te b/non_plat/mnld.te
index 4625b8e..17bacba 100644
--- a/non_plat/mnld.te
+++ b/non_plat/mnld.te
@@ -109,3 +109,5 @@
#Add for /nvcfg/almanac.dat
allow mnld nvcfg_file:dir w_dir_perms;
allow mnld nvcfg_file:file create_file_perms;
+
+allow mnld self:netlink_route_socket { bind nlmsg_readpriv nlmsg_getneigh };
diff --git a/non_plat/mtk_agpsd.te b/non_plat/mtk_agpsd.te
index 40abed3..c9488e0 100644
--- a/non_plat/mtk_agpsd.te
+++ b/non_plat/mtk_agpsd.te
@@ -70,3 +70,5 @@
get_prop(mtk_agpsd, vendor_mtk_gps_support_prop)
wakelock_use(mtk_agpsd)
+
+allow mtk_agpsd self:netlink_route_socket { bind nlmsg_readpriv nlmsg_getneigh };
diff --git a/non_plat/mtkrild.te b/non_plat/mtkrild.te
index 677e17f..82cc1e5 100644
--- a/non_plat/mtkrild.te
+++ b/non_plat/mtkrild.te
@@ -53,7 +53,7 @@
allow mtkrild proc_net:file w_file_perms;
# Set and get routes directly via netlink.
-allow mtkrild self:netlink_route_socket nlmsg_write;
+allow mtkrild self:netlink_route_socket { nlmsg_write bind nlmsg_readpriv nlmsg_getneigh };
# Allow read/write to devices/files
allow mtkrild mtk_radio_device:dir search;
diff --git a/non_plat/slpd.te b/non_plat/slpd.te
index cfce93b..fa3efeb 100644
--- a/non_plat/slpd.te
+++ b/non_plat/slpd.te
@@ -16,3 +16,5 @@
# mtk_agpsd will send the current SUPL profile to SLPD
allow slpd mtk_agpsd:unix_dgram_socket sendto;
+
+allow slpd self:netlink_route_socket { bind nlmsg_readpriv nlmsg_getneigh };
