diff --git a/legacy/whitechapel_pro/file.te b/legacy/whitechapel_pro/file.te index ae8154e7..c23a1955 100644 --- a/legacy/whitechapel_pro/file.te +++ b/legacy/whitechapel_pro/file.te @@ -3,7 +3,6 @@ type vendor_hwc_log_file, file_type, data_file_type; type updated_wifi_firmware_data_file, file_type, data_file_type; type tcpdump_vendor_data_file, file_type, data_file_type; type vendor_camera_data_file, file_type, data_file_type; -type vendor_media_data_file, file_type, data_file_type; type vendor_misc_data_file, file_type, data_file_type; type sensor_reg_data_file, file_type, data_file_type; type per_boot_file, file_type, data_file_type, core_data_file_type; diff --git a/legacy/whitechapel_pro/file_contexts b/legacy/whitechapel_pro/file_contexts index f3882438..7ec4339e 100644 --- a/legacy/whitechapel_pro/file_contexts +++ b/legacy/whitechapel_pro/file_contexts @@ -46,7 +46,6 @@ /data/nfc(/.*)? u:object_r:nfc_data_file:s0 /data/vendor/firmware/wifi(/.*)? u:object_r:updated_wifi_firmware_data_file:s0 /data/vendor/tcpdump_logger(/.*)? u:object_r:tcpdump_vendor_data_file:s0 -/data/vendor/media(/.*)? u:object_r:vendor_media_data_file:s0 /data/vendor/misc(/.*)? u:object_r:vendor_misc_data_file:s0 /data/per_boot(/.*)? u:object_r:per_boot_file:s0 /data/vendor/sensors/registry(/.*)? u:object_r:sensor_reg_data_file:s0 diff --git a/legacy/whitechapel_pro/vndservice.te b/legacy/whitechapel_pro/vndservice.te index 94c8a0af..4c4dd7ae 100644 --- a/legacy/whitechapel_pro/vndservice.te +++ b/legacy/whitechapel_pro/vndservice.te @@ -1,2 +1 @@ type rls_service, vndservice_manager_type; -type eco_service, vndservice_manager_type; diff --git a/legacy/whitechapel_pro/vndservice_contexts b/legacy/whitechapel_pro/vndservice_contexts index 10452a38..66cab482 100644 --- a/legacy/whitechapel_pro/vndservice_contexts +++ b/legacy/whitechapel_pro/vndservice_contexts @@ -1,2 +1 @@ rlsservice u:object_r:rls_service:s0 -media.ecoservice u:object_r:eco_service:s0 diff --git a/vendor/file.te b/vendor/file.te index 6548c4c5..6fffba65 100644 --- a/vendor/file.te +++ b/vendor/file.te @@ -3,7 +3,6 @@ type persist_display_file, file_type, vendor_persist_type; type persist_battery_file, file_type, vendor_persist_type; #sysfs -type sysfs_mfc, sysfs_type, fs_type; type sysfs_power_dump, sysfs_type, fs_type; type sysfs_acpm_stats, sysfs_type, fs_type; diff --git a/vendor/file_contexts b/vendor/file_contexts index 2e2a2629..18e602ae 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -13,7 +13,6 @@ /vendor/bin/hw/android\.hardware\.secure_element-service.uicc u:object_r:hal_secure_element_uicc_exec:s0 /vendor/bin/hw/android\.hardware\.qorvo\.uwb\.service u:object_r:hal_uwb_vendor_default_exec:s0 /vendor/bin/hw/android\.hardware\.composer\.hwc3-service\.pixel u:object_r:hal_graphics_composer_default_exec:s0 -/vendor/bin/hw/samsung\.hardware\.media\.c2@1\.2-service u:object_r:mediacodec_samsung_exec:s0 /vendor/bin/hw/google\.hardware\.media\.c2@2\.0-service u:object_r:mediacodec_google_exec:s0 /vendor/bin/dump/dump_wlan\.sh u:object_r:dump_wlan_exec:s0 /vendor/bin/dump/dump_cma\.sh u:object_r:dump_cma_exec:s0 diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 64d843b8..f4068d6c 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -76,9 +76,6 @@ genfscon sysfs /module/drm/parameters/vblankoffdelay genfscon sysfs /devices/platform/exynos-drm/tui_status u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/backlight/panel0-backlight/als_table u:object_r:sysfs_write_leds:s0 -# mediacodec_samsung -genfscon sysfs /devices/platform/mfc/video4linux/video u:object_r:sysfs_mfc:s0 - # ACPM genfscon sysfs /devices/platform/acpm_stats u:object_r:sysfs_acpm_stats:s0 diff --git a/vendor/mediacodec_samsung.te b/vendor/mediacodec_samsung.te deleted file mode 100644 index efc83d73..00000000 --- a/vendor/mediacodec_samsung.te +++ /dev/null @@ -1,37 +0,0 @@ -type mediacodec_samsung, domain; -type mediacodec_samsung_exec, vendor_file_type, exec_type, file_type; -init_daemon_domain(mediacodec_samsung) - -hal_server_domain(mediacodec_samsung, hal_codec2) -add_service(mediacodec_samsung, eco_service) - -vndbinder_use(mediacodec_samsung) - -allow mediacodec_samsung video_device:chr_file rw_file_perms; -allow mediacodec_samsung dmabuf_system_heap_device:chr_file r_file_perms; -allow mediacodec_samsung gpu_device:chr_file rw_file_perms; - -allow mediacodec_samsung sysfs_mfc:file r_file_perms; -allow mediacodec_samsung sysfs_mfc:dir r_dir_perms; - -# can use graphics allocator -hal_client_domain(mediacodec_samsung, hal_graphics_allocator) - -binder_call(mediacodec_samsung, hal_camera_default) - -crash_dump_fallback(mediacodec_samsung) - -# mediacodec_samsung should never execute any executable without a domain transition -neverallow mediacodec_samsung { file_type fs_type }:file execute_no_trans; - -# Media processing code is inherently risky and thus should have limited -# permissions and be isolated from the rest of the system and network. -# Lengthier explanation here: -# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html -neverallow mediacodec_samsung domain:{ udp_socket rawip_socket } *; -neverallow mediacodec_samsung { domain userdebug_or_eng(`-su') }:tcp_socket *; - -userdebug_or_eng(` - allow mediacodec_samsung vendor_media_data_file:dir rw_dir_perms; - allow mediacodec_samsung vendor_media_data_file:file create_file_perms; -')