move insert module script sepolicy to gs-common

Bug: 243763292 Test: boot to home with no relevant SELinux error Change-Id: I52fe6631b3ec806a5624375457874d9248927b00
2022-09-06 10:40:01 +08:00 · 2022-09-06 10:40:01 +08:00 · c08f9cf882
commit c08f9cf882
parent 5742be1014
5 changed files with 11 additions and 31 deletions
--- a/whitechapel/vendor/google/file_contexts
+++ b/whitechapel/vendor/google/file_contexts
@ -280,7 +280,6 @@
 /mnt/vendor/persist/modem(/.*)?                               u:object_r:persist_modem_file:s0

 # Kernel modules related
-/vendor/bin/insmod\.sh          u:object_r:init-insmod-sh_exec:s0
 /vendor/bin/init\.display\.sh   u:object_r:init-display-sh_exec:s0

 # USB
@ -367,9 +366,6 @@
 # battery history
 /dev/battery_history                                                                  u:object_r:battery_history_device:s0

-# Vendor_kernel_modules
-/vendor_dlkm/lib/modules/.*\.ko                                               u:object_r:vendor_kernel_modules:s0
-
 # Display
 /vendor/lib(64)?/libion_google\.so                                               u:object_r:same_process_hal_file:s0
 /vendor/lib(64)?/libdrm\.so                                                      u:object_r:same_process_hal_file:s0
--- a/whitechapel/vendor/google/init-insmod-sh.te
+++ b/whitechapel/vendor/google/init-insmod-sh.te
@ -1,20 +0,0 @@
-type init-insmod-sh, domain;
-type init-insmod-sh_exec, vendor_file_type, exec_type, file_type;
-init_daemon_domain(init-insmod-sh)
-
-allow init-insmod-sh self:capability sys_module;
-allow init-insmod-sh sysfs_leds:dir r_dir_perms;
-allow init-insmod-sh vendor_kernel_modules:system module_load;
-allow init-insmod-sh vendor_toolbox_exec:file execute_no_trans;
-
-allow init-insmod-sh self:capability sys_nice;
-allow init-insmod-sh kernel:process setsched;
-
-set_prop(init-insmod-sh, vendor_device_prop)
-
-userdebug_or_eng(`
-  allow init-insmod-sh vendor_regmap_debugfs:dir search;
-')
-
-dontaudit init-insmod-sh proc_cmdline:file r_file_perms;
-dontaudit init-insmod-sh self:key write;
--- a/whitechapel/vendor/google/insmod-sh.te
+++ b/whitechapel/vendor/google/insmod-sh.te
@ -0,0 +1,11 @@
+allow insmod-sh sysfs_leds:dir r_dir_perms;
+
+allow insmod-sh self:capability sys_nice;
+allow insmod-sh kernel:process setsched;
+
+userdebug_or_eng(`
+  allow insmod-sh vendor_regmap_debugfs:dir search;
+')
+
+dontaudit insmod-sh proc_cmdline:file r_file_perms;
+dontaudit insmod-sh self:key write;
--- a/whitechapel/vendor/google/property.te
+++ b/whitechapel/vendor/google/property.te
@ -4,7 +4,6 @@ vendor_internal_prop(vendor_rcs_prop)
 vendor_internal_prop(vendor_rild_prop)
 vendor_internal_prop(sensors_prop)
 vendor_internal_prop(vendor_ssrdump_prop)
-vendor_internal_prop(vendor_device_prop)
 vendor_internal_prop(vendor_usb_config_prop)
 vendor_internal_prop(vendor_secure_element_prop)
 vendor_internal_prop(vendor_cbd_prop)
--- a/whitechapel/vendor/google/property_contexts
+++ b/whitechapel/vendor/google/property_contexts
@ -15,12 +15,6 @@ persist.vendor.sys.crash_rcu    u:object_r:vendor_ramdump_prop:s0
 vendor.debug.ssrdump.           u:object_r:vendor_ssrdump_prop:s0
 persist.vendor.sys.ssr.         u:object_r:vendor_ssrdump_prop:s0

-# Kernel modules related
-vendor.common.modules.ready     u:object_r:vendor_device_prop:s0
-vendor.device.modules.ready     u:object_r:vendor_device_prop:s0
-vendor.all.modules.ready        u:object_r:vendor_device_prop:s0
-vendor.all.devices.ready        u:object_r:vendor_device_prop:s0
-
 # for codec2
 vendor.debug.c2.level       u:object_r:vendor_codec2_debug_prop:s0
 vendor.debug.c2.dump        u:object_r:vendor_codec2_debug_prop:s0