Revert "sm6150-common: Force restorecon for /mnt/vendor/persist"

This reverts commit a13246a7fc. This causes dac_override denials, set no_sehash_xattr on persist in fstab instead to fix the issue. Change-Id: I75f824d5b2beca5f7c3835045a7f568736e148f0
2023-06-04 10:58:52 +02:00 · 2023-06-04 10:58:52 +02:00 · 19e23767df
commit 19e23767df
parent 0d51b5d042
3 changed files with 0 additions and 73 deletions
--- a/rootdir/etc/init.target.rc
+++ b/rootdir/etc/init.target.rc
@ -64,7 +64,6 @@ on init
 on fs
    mount_all --early /vendor/etc/fstab.qcom

-    exec u:r:vendor_toolbox:s0 root audio bluetooth graphics media net_raw system vendor_rfs vendor_rfs_shared -- /vendor/bin/toybox_vendor find /mnt/vendor/persist -type d -exec /vendor/bin/toybox_vendor setfattr -x security.sehash {} \;
    restorecon_recursive /mnt/vendor/persist
    mkdir /mnt/vendor/persist/data 0700 system system
    mkdir /mnt/vendor/persist/audio 0755 system system
--- a/sepolicy/vendor/vendor_init.te
+++ b/sepolicy/vendor/vendor_init.te
@ -1,4 +1 @@
 set_prop(vendor_init, vendor_fp_prop)
-
-# Allow vendor_init to relabel unlabeled files and directories
-allow vendor_init unlabeled:{ dir file } { getattr relabelfrom };
--- a/sepolicy/vendor/vendor_toolbox.te
+++ b/sepolicy/vendor/vendor_toolbox.te
@ -1,69 +0,0 @@
-type vendor_toolbox, domain;
-
-init_daemon_domain(vendor_toolbox)
-
-# Allow vendor_toolbox to use sys_admin capability
-allow vendor_toolbox self:capability sys_admin;
-
-# Allow vendor_toolbox to execute /vendor/bin/toybox_vendor
-allow vendor_toolbox vendor_toolbox_exec:file execute_no_trans;
-
-# Allow vendor_toolbox to read directories in rootfs
-allow vendor_toolbox rootfs:dir r_dir_perms;
-
-# Allow vendor_toolbox to remove "security.*" xattrs from /mnt/vendor/persist
-allow vendor_toolbox {
-    mnt_vendor_file
-    persist_block_device
-    unlabeled
-    vendor_persist_alarm_file
-    vendor_persist_audio_file
-    vendor_persist_bluetooth_file
-    vendor_persist_camera_file
-    vendor_persist_data_file
-    vendor_persist_display_file
-    vendor_persist_drm_file
-    vendor_persist_elabel_file
-    vendor_persist_feature_enabler_file
-    vendor_persist_file
-    vendor_persist_haptics_file
-    vendor_persist_hvdcp_file
-    vendor_persist_iar_db_file
-    vendor_persist_mmi_file
-    vendor_persist_qti_fp_file
-    vendor_persist_rfs_file
-    vendor_persist_rfs_shared_hlos_file
-    vendor_persist_secnvm_file
-    vendor_persist_sensors_file
-    vendor_persist_time_file
-    vendor_persist_vpp_file
-    vendor_persist_wcnss_service_file
-}:dir { r_dir_perms setattr };
-
-allow vendor_toolbox {
-    mnt_vendor_file
-    persist_block_device
-    unlabeled
-    vendor_persist_alarm_file
-    vendor_persist_audio_file
-    vendor_persist_bluetooth_file
-    vendor_persist_camera_file
-    vendor_persist_data_file
-    vendor_persist_display_file
-    vendor_persist_drm_file
-    vendor_persist_elabel_file
-    vendor_persist_feature_enabler_file
-    vendor_persist_file
-    vendor_persist_haptics_file
-    vendor_persist_hvdcp_file
-    vendor_persist_iar_db_file
-    vendor_persist_mmi_file
-    vendor_persist_qti_fp_file
-    vendor_persist_rfs_file
-    vendor_persist_rfs_shared_hlos_file
-    vendor_persist_secnvm_file
-    vendor_persist_sensors_file
-    vendor_persist_time_file
-    vendor_persist_vpp_file
-    vendor_persist_wcnss_service_file
-}:{ fifo_file file } { r_file_perms setattr };