From d13d0aaf562b9b3dc6a9757784a6c05b6862e668 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Tue, 30 Aug 2022 13:32:02 +0800 Subject: [PATCH] Move dauntless settings to gs-common Bug: 242479757 Test: build pass on all Gchip devices Change-Id: I4b6c011015f6b94b5329650eb82ec5b95bbe2040 --- dauntless/citadel_provision.te | 6 ------ dauntless/citadeld.te | 13 ------------- dauntless/device.te | 1 - dauntless/file.te | 1 - dauntless/file_contexts | 9 --------- dauntless/hal_identity_citadel.te | 11 ----------- dauntless/hal_keymint_citadel.te | 9 --------- dauntless/hal_weaver_citadel.te | 11 ----------- dauntless/init_citadel.te | 15 --------------- dauntless/service_contexts | 3 --- dauntless/vndservice.te | 1 - dauntless/vndservice_contexts | 1 - whitechapel_pro/vndservice.te | 1 - 13 files changed, 82 deletions(-) delete mode 100644 dauntless/citadel_provision.te delete mode 100644 dauntless/citadeld.te delete mode 100644 dauntless/device.te delete mode 100644 dauntless/file.te delete mode 100644 dauntless/file_contexts delete mode 100644 dauntless/hal_identity_citadel.te delete mode 100644 dauntless/hal_keymint_citadel.te delete mode 100644 dauntless/hal_weaver_citadel.te delete mode 100644 dauntless/init_citadel.te delete mode 100644 dauntless/service_contexts delete mode 100644 dauntless/vndservice.te delete mode 100644 dauntless/vndservice_contexts diff --git a/dauntless/citadel_provision.te b/dauntless/citadel_provision.te deleted file mode 100644 index 56050857..00000000 --- a/dauntless/citadel_provision.te +++ /dev/null @@ -1,6 +0,0 @@ -type citadel_provision, domain; -type citadel_provision_exec, exec_type, vendor_file_type, file_type; - -userdebug_or_eng(` - init_daemon_domain(citadel_provision) -') diff --git a/dauntless/citadeld.te b/dauntless/citadeld.te deleted file mode 100644 index 86cb61c7..00000000 --- a/dauntless/citadeld.te +++ /dev/null @@ -1,13 +0,0 @@ -type citadeld, domain; -type citadeld_exec, exec_type, vendor_file_type, file_type; - -init_daemon_domain(citadeld) - -add_service(citadeld, citadeld_service) -binder_use(citadeld) -vndbinder_use(citadeld) -binder_call(citadeld, system_server) - -allow citadeld citadel_device:chr_file rw_file_perms; -allow citadeld fwk_stats_service:service_manager find; -allow citadeld hal_power_stats_vendor_service:service_manager find; diff --git a/dauntless/device.te b/dauntless/device.te deleted file mode 100644 index f63186f4..00000000 --- a/dauntless/device.te +++ /dev/null @@ -1 +0,0 @@ -type citadel_device, dev_type; diff --git a/dauntless/file.te b/dauntless/file.te deleted file mode 100644 index cfc0dea1..00000000 --- a/dauntless/file.te +++ /dev/null @@ -1 +0,0 @@ -type citadel_updater, vendor_file_type, file_type; diff --git a/dauntless/file_contexts b/dauntless/file_contexts deleted file mode 100644 index 76a25023..00000000 --- a/dauntless/file_contexts +++ /dev/null @@ -1,9 +0,0 @@ -/vendor/bin/CitadelProvision u:object_r:citadel_provision_exec:s0 -/vendor/bin/hw/init_citadel u:object_r:init_citadel_exec:s0 -/vendor/bin/hw/android\.hardware\.security\.keymint-service\.citadel u:object_r:hal_keymint_citadel_exec:s0 -/vendor/bin/hw/android\.hardware\.weaver@1\.0-service\.citadel u:object_r:hal_weaver_citadel_exec:s0 -/vendor/bin/hw/android\.hardware\.identity@1\.0-service\.citadel u:object_r:hal_identity_citadel_exec:s0 -/vendor/bin/hw/citadel_updater u:object_r:citadel_updater:s0 -/vendor/bin/hw/citadeld u:object_r:citadeld_exec:s0 - -/dev/gsc0 u:object_r:citadel_device:s0 diff --git a/dauntless/hal_identity_citadel.te b/dauntless/hal_identity_citadel.te deleted file mode 100644 index c181e27c..00000000 --- a/dauntless/hal_identity_citadel.te +++ /dev/null @@ -1,11 +0,0 @@ -type hal_identity_citadel, domain; -type hal_identity_citadel_exec, exec_type, vendor_file_type, file_type; - -vndbinder_use(hal_identity_citadel) -binder_call(hal_identity_citadel, citadeld) -allow hal_identity_citadel citadeld_service:service_manager find; -allow hal_identity_citadel hal_keymint_citadel:binder call; - -hal_server_domain(hal_identity_citadel, hal_identity) -hal_server_domain(hal_identity_citadel, hal_keymint) -init_daemon_domain(hal_identity_citadel) diff --git a/dauntless/hal_keymint_citadel.te b/dauntless/hal_keymint_citadel.te deleted file mode 100644 index e1a6177d..00000000 --- a/dauntless/hal_keymint_citadel.te +++ /dev/null @@ -1,9 +0,0 @@ -type hal_keymint_citadel, domain; -type hal_keymint_citadel_exec, exec_type, vendor_file_type, file_type; - -hal_server_domain(hal_keymint_citadel, hal_keymint) -init_daemon_domain(hal_keymint_citadel) -vndbinder_use(hal_keymint_citadel) -get_prop(hal_keymint_citadel, vendor_security_patch_level_prop) -allow hal_keymint_citadel citadeld_service:service_manager find; -binder_call(hal_keymint_citadel, citadeld) diff --git a/dauntless/hal_weaver_citadel.te b/dauntless/hal_weaver_citadel.te deleted file mode 100644 index c47287b9..00000000 --- a/dauntless/hal_weaver_citadel.te +++ /dev/null @@ -1,11 +0,0 @@ -type hal_weaver_citadel, domain; -type hal_weaver_citadel_exec, exec_type, vendor_file_type, file_type; - -init_daemon_domain(hal_weaver_citadel) -hal_server_domain(hal_weaver_citadel, hal_weaver) -hal_server_domain(hal_weaver_citadel, hal_oemlock) -hal_server_domain(hal_weaver_citadel, hal_authsecret) -vndbinder_use(hal_weaver_citadel) -binder_call(hal_weaver_citadel, citadeld) - -allow hal_weaver_citadel citadeld_service:service_manager find; diff --git a/dauntless/init_citadel.te b/dauntless/init_citadel.te deleted file mode 100644 index 2e986d08..00000000 --- a/dauntless/init_citadel.te +++ /dev/null @@ -1,15 +0,0 @@ -type init_citadel, domain; -type init_citadel_exec, exec_type, vendor_file_type, file_type; - -init_daemon_domain(init_citadel) - -# Citadel communication must be via citadeld -vndbinder_use(init_citadel) -binder_call(init_citadel, citadeld) -allow init_citadel citadeld_service:service_manager find; - -# Many standard utils are actually vendor_toolbox (like xxd) -allow init_citadel vendor_toolbox_exec:file rx_file_perms; - -# init_citadel needs to invoke citadel_updater -allow init_citadel citadel_updater:file rx_file_perms; diff --git a/dauntless/service_contexts b/dauntless/service_contexts deleted file mode 100644 index ac6a1867..00000000 --- a/dauntless/service_contexts +++ /dev/null @@ -1,3 +0,0 @@ -android.hardware.security.keymint.IKeyMintDevice/strongbox u:object_r:hal_keymint_service:s0 -android.hardware.security.sharedsecret.ISharedSecret/strongbox u:object_r:hal_sharedsecret_service:s0 -android.hardware.security.keymint.IRemotelyProvisionedComponent/strongbox u:object_r:hal_remotelyprovisionedcomponent_service:s0 diff --git a/dauntless/vndservice.te b/dauntless/vndservice.te deleted file mode 100644 index 880c09ca..00000000 --- a/dauntless/vndservice.te +++ /dev/null @@ -1 +0,0 @@ -type citadeld_service, vndservice_manager_type; diff --git a/dauntless/vndservice_contexts b/dauntless/vndservice_contexts deleted file mode 100644 index b4df996b..00000000 --- a/dauntless/vndservice_contexts +++ /dev/null @@ -1 +0,0 @@ -android.hardware.citadel.ICitadeld u:object_r:citadeld_service:s0 diff --git a/whitechapel_pro/vndservice.te b/whitechapel_pro/vndservice.te index d1483600..7f116c48 100644 --- a/whitechapel_pro/vndservice.te +++ b/whitechapel_pro/vndservice.te @@ -1,4 +1,3 @@ -type hal_power_stats_vendor_service, vndservice_manager_type; type rls_service, vndservice_manager_type; type vendor_displaycolor_service, vndservice_manager_type; type vendor_surfaceflinger_vndservice, vndservice_manager_type;