Google Git
Sign in
android / device / moto / shamu / 67822a9^! / .
commit67822a93e656bb68634e5ed155f21499c5dcd5ce[log] [tgz]
authorNick Kralevich <nnk@google.com>Mon Feb 23 16:10:38 2015 -0800
committerNick Kralevich <nnk@google.com>Mon Feb 23 16:10:38 2015 -0800
tree9fba2dd3c862d12644e02258f0beb045a9dbcad7
parent5554b1288583ec2abbc9b004625e231b9e5dedf1 [diff]
Don't look in /data/local/tmp

The qualcomm graphics driver code (libgsl.so) has been updated
to not use /data/local/tmp for config files. Remove the SELinux
rules allowing for this.

Bug: 17015082
Change-Id: I57072a36cfe784d9baa213b9e2480ce1354bd134

diff --git a/BoardConfig.mk b/BoardConfig.mk
index 7f20d5c..23e1ab0 100644
--- a/BoardConfig.mk
+++ b/BoardConfig.mk

@@ -110,7 +110,6 @@
         adspd.te \
         bluetooth.te \
         bluetooth_loader.te \
-        bootanim.te \
         bridge.te \
         camera.te \
         device.te \
@@ -132,7 +131,6 @@
         rild.te \
         sensors.te \
         ss_ramdump.te \
-        surfaceflinger.te \
         system_app.te \
         system_server.te \
         tcmd.te \
@@ -142,7 +140,6 @@
         time.te \
         ueventd.te \
         untrusted_app.te \
-        zygote.te \
         file_contexts \
         genfs_contexts \
         service_contexts

diff --git a/sepolicy/bootanim.te b/sepolicy/bootanim.te
deleted file mode 100644
index 3b17145..0000000
--- a/sepolicy/bootanim.te
+++ /dev/null

@@ -1,2 +0,0 @@
-#TODO - identify cause of this
-allow bootanim shell_data_file:dir search;

diff --git a/sepolicy/camera.te b/sepolicy/camera.te
index d0fd639..40e9c39 100644
--- a/sepolicy/camera.te
+++ b/sepolicy/camera.te

@@ -26,6 +26,3 @@
 allow camera camera_socket:sock_file { create unlink };
 allow camera system_data_file:dir w_dir_perms;
 allow camera system_data_file:sock_file unlink;
-
-# TODO b/17015082
-allow camera shell_data_file:dir search;

diff --git a/sepolicy/mediaserver.te b/sepolicy/mediaserver.te
index cd0a5e7..2eccb3c 100644
--- a/sepolicy/mediaserver.te
+++ b/sepolicy/mediaserver.te

@@ -14,6 +14,3 @@
 unix_socket_connect(mediaserver, adspd, adspd)
 allow mediaserver audio_cutback_data_file:dir search;
 allow mediaserver audio_cutback_data_file:sock_file write;
-
-# TODO b/17015082
-allow mediaserver shell_data_file:dir search;

diff --git a/sepolicy/surfaceflinger.te b/sepolicy/surfaceflinger.te
deleted file mode 100644
index 75b0677..0000000
--- a/sepolicy/surfaceflinger.te
+++ /dev/null

@@ -1,2 +0,0 @@
-# TODO - identify cause of this
-allow surfaceflinger shell_data_file:dir search;

diff --git a/sepolicy/system_app.te b/sepolicy/system_app.te
index 53b4de4..daaabe7 100644
--- a/sepolicy/system_app.te
+++ b/sepolicy/system_app.te

@@ -1,4 +1 @@
-# TODO b/17015082
-allow system_app shell_data_file:dir search;
-
 allow system_app time:unix_stream_socket connectto;

diff --git a/sepolicy/zygote.te b/sepolicy/zygote.te
deleted file mode 100644
index db4a0c3..0000000
--- a/sepolicy/zygote.te
+++ /dev/null

@@ -1,2 +0,0 @@
-# TODO - identify cause of this
-allow zygote shell_data_file:dir search;