Revert "Move sensors into enforcing."
Bug: 17301262
This reverts commit 8197452cea21fa9f139627325e77941d145b3e40.
Change-Id: I71d5b160957e43f606570537f2a0a0c88daf9ea6
diff --git a/init.shamu.rc b/init.shamu.rc
index 738b5ec..4e7aa25 100644
--- a/init.shamu.rc
+++ b/init.shamu.rc
@@ -45,6 +45,7 @@
on fs
mount_all fstab.shamu
+ restorecon_recursive /persist
setprop ro.crypto.fuse_sdcard true
# Keeping following partitions outside fstab file. As user may not have
@@ -52,8 +53,7 @@
# results in failure to launch late-start class.
wait /dev/block/platform/msm_sdcc.1/by-name/persist
- mount ext4 /dev/block/platform/msm_sdcc.1/by-name/persist /persist nosuid nodev barrier=1
- restorecon_recursive /persist
+ mount ext4 /dev/block/platform/msm_sdcc.1/by-name/persist /persist nosuid nodev barrier=1 defcontext=u:object_r:persist_file:s0
mkdir /fsg 0755 root root
mount ext4 /dev/block/platform/msm_sdcc.1/by-name/mdm1m9kefs3 /fsg ro nosuid nodev barrier=0
diff --git a/sepolicy/file.te b/sepolicy/file.te
index 2aa73d3..c777a9b 100644
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -14,4 +14,3 @@
type sysfs_smdcntl_open_timeout, fs_type, sysfs_type;
type persist_file, file_type;
-type persist_sensors_file, file_type;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index bbc7456..2b8196b 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -54,9 +54,8 @@
/dev/sensors u:object_r:sensors_device:s0
-
/dev/socket/adspdsock u:object_r:adspd_socket:s0
-/dev/socket/sensor_ctl_socket u:object_r:sensors_socket:s0
+/dev/socket/sensor_ctl_socket u:object_r:sensors_socket:s0
# Shared memory log
/dev/smem_log u:object_r:shared_log_device:s0
@@ -84,10 +83,6 @@
/dev/v4l-subdev[0-9]* u:object_r:video_device:s0
-# Persist firmware filesystem
-/persist(/.*)? u:object_r:persist_file:s0
-/persist/sensors(/.*)? u:object_r:persist_sensors_file:s0
-
#/system binaries
/system/bin/adspd u:object_r:adspd_exec:s0
/system/bin/bdAddrLoader u:object_r:bluetooth_loader_exec:s0
diff --git a/sepolicy/sensors.te b/sepolicy/sensors.te
index 950ab0f..b6eb161 100644
--- a/sepolicy/sensors.te
+++ b/sepolicy/sensors.te
@@ -2,14 +2,12 @@
type sensors, domain;
type sensors_exec, exec_type, file_type;
+# STOPSHIP: Permissive is not allowed. CTS violation!
+permissive sensors;
+
# Started by init
init_daemon_domain(sensors)
-# drop privileges
-allow sensors self:capability { dac_override sys_nice chown setuid setgid};
-
-allow sensors persist_sensors_file:dir setattr;
-
allow sensors shared_log_device:chr_file rw_file_perms;
# Access power management controls
@@ -19,13 +17,3 @@
type_transition sensors socket_device:sock_file sensors_socket "sensor_ctl_socket";
allow sensors sensors_socket:sock_file create_file_perms;
allow sensors socket_device:dir { add_name write };
-
-# Wake lock access
-wakelock_use(sensors)
-
-# Access to /persist/sensors
-allow sensors persist_file:dir r_dir_perms;
-allow sensors persist_sensors_file:dir rw_dir_perms;
-allow sensors persist_sensors_file:file create_file_perms;
-
-allow sensors self:socket *;
\ No newline at end of file