Make sysinit permissive

* It triggers too many neverallows Change-Id: Ied62423d7d081cda9c97d7b824373084027f506c
AOSiP · Feb 12, 2019 · 3f58c82 · 3f58c82
1 parent c0eb879
commit 3f58c82
Show file tree

Hide file tree

Showing 3 changed files with 2 additions and 21 deletions.
diff --git a/common/private/file_contexts b/common/private/file_contexts
@@ -24,7 +24,3 @@
 
 # Sysinit
 /system/bin/sysinit                     u:object_r:sysinit_exec:s0
-
-# Userinit
-/data/local/userinit\.sh                u:object_r:userinit_data_exec:s0
-/system/etc/init\.d/90userinit          u:object_r:userinit_exec:s0
diff --git a/common/private/sysinit.te b/common/private/sysinit.te
@@ -3,19 +3,8 @@ type sysinit_exec, exec_type, file_type;
 
 # Allow for transition from init domain to sysinit
 init_daemon_domain(sysinit)
-
-allow sysinit devpts:chr_file rw_file_perms;
-allow sysinit self:process setcurrent;
-allow sysinit shell_exec:file rx_file_perms;
-allow sysinit system_file:dir r_dir_perms;
-allow sysinit system_file:file rx_file_perms;
-allow sysinit toolbox_exec:file rx_file_perms;
+neverallow { domain -init } sysinit:process transition;
 
 userdebug_or_eng(`
-    allow sysinit userinit_data_exec:file { r_file_perms relabelto };
-    allow sysinit sysfs:file rw_file_perms;
-    allow sysinit sysfs_devices_system_cpu:file write;
-    allow sysinit self:capability dac_override;
-    allow sysinit userinit_exec:file rx_file_perms;
-    set_prop(sysinit, userinit_prop)
+    permissive sysinit;
 ')
diff --git a/common/private/userinit.te b/common/private/userinit.te