From f11350943b35281b146425858375979747a05235 Mon Sep 17 00:00:00 2001 From: openharmony_ci <120357966@qq.com> Date: Sat, 27 May 2023 00:56:33 +0000 Subject: [PATCH] =?UTF-8?q?=E5=9B=9E=E9=80=80=20'Pull=20Request=20!2341=20?= =?UTF-8?q?:=20add=20parameter=5Fservice=20sepolicy=20for=20accountmgr'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../account/os_account/system/accountmgr.te | 6 ------ .../account/os_account/system/memmgrservice.te | 14 -------------- 2 files changed, 20 deletions(-) delete mode 100644 sepolicy/ohos_policy/account/os_account/system/memmgrservice.te diff --git a/sepolicy/ohos_policy/account/os_account/system/accountmgr.te b/sepolicy/ohos_policy/account/os_account/system/accountmgr.te index d578ab57..6b76af97 100644 --- a/sepolicy/ohos_policy/account/os_account/system/accountmgr.te +++ b/sepolicy/ohos_policy/account/os_account/system/accountmgr.te @@ -70,7 +70,6 @@ allow accountmgr sa_time_service:samgr_class { get }; allow accountmgr accessibility:binder { transfer }; allow accountmgr bootevent_param:file { map open read }; -allow accountmgr bootevent_param:parameter_service { set }; allow accountmgr bootevent_samgr_param:file { map open read }; allow accountmgr build_version_param:file { map open read }; allow accountmgr const_allow_mock_param:file { map open read }; @@ -85,7 +84,6 @@ allow accountmgr const_product_param:file { map open read }; allow accountmgr debug_param:file { map open read }; allow accountmgr default_param:file { map open read }; allow accountmgr deviceauth_service:binder { transfer }; -allow accountmgr dev_console_file:chr_file { read write }; allow accountmgr time_service:binder { call transfer }; allow accountmgr distributedfiledaemon:binder { call transfer }; @@ -104,7 +102,6 @@ allow accountmgr net_param:file { map open read }; allow accountmgr net_tcp_param:file { map open read }; allow accountmgr ohos_boot_param:file { map open read }; allow accountmgr ohos_param:file { map open read }; -allow accountmgr paramservice_socket:sock_file { write }; allow accountmgr persist_param:file { map open read }; allow accountmgr persist_sys_param:file { map open read }; allow accountmgr security_param:file { map open read }; @@ -113,9 +110,6 @@ allow accountmgr startup_param:file { map open read }; allow accountmgr sys_param:file { map open read }; allow accountmgr system_bin_file:dir { search }; allow accountmgr sys_usb_param:file { map open read }; -allow accountmgr sysfs_devices_system_cpu:file { open read getattr }; -allow accountmgr kernel:unix_stream_socket { connectto }; -allow accountmgr vendor_etc_file:dir { search }; # avc: denied { open } for pid=541 comm="IPC_0_735" path="/dev/ashmem" dev="tmpfs" ino=170 scontext=u:r:accountmgr:s0 tcontext=u:object_r:dev_ashmem_file:s0 tclass=chr_file permissive=0 allow accountmgr dev_ashmem_file:chr_file { open }; diff --git a/sepolicy/ohos_policy/account/os_account/system/memmgrservice.te b/sepolicy/ohos_policy/account/os_account/system/memmgrservice.te deleted file mode 100644 index f772a8a6..00000000 --- a/sepolicy/ohos_policy/account/os_account/system/memmgrservice.te +++ /dev/null @@ -1,14 +0,0 @@ -# Copyright (c) 2023 Huawei Device Co., Ltd. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -allow memmgrservice accountmgr:file { getattr };