sepolicy: isolated_app -> isolated_app_all

* neverallow Change-Id: If7dbddf30472de3b7c04c2e4f9a27e03e6ada619
2023-09-03 10:22:36 +05:30 · 2023-09-03 10:22:36 +05:30 · a58d7459e5
commit a58d7459e5
parent d0ef16e8db
10 changed files with 19 additions and 19 deletions
--- a/basic/debug/plat_private/mobile_log_d.te
+++ b/basic/debug/plat_private/mobile_log_d.te
@ -13,7 +13,7 @@ allow mobile_log_d kernel:system syslog_mod;

 #GMO project
 dontaudit mobile_log_d untrusted_app:fd use;
-dontaudit mobile_log_d isolated_app:fd use;
+dontaudit mobile_log_d isolated_app_all:fd use;

 #debug property set
 set_prop(mobile_log_d, debug_prop)
--- a/basic/non_plat/app.te
+++ b/basic/non_plat/app.te
@ -34,7 +34,7 @@ allowxperm appdomain proc_perfmgr:file ioctl {
 # Date : W19.23
 # Operation : Migration
 # Purpose : For platform app com.android.gallery3d
-allow { appdomain -isolated_app } radio_data_file:file rw_file_perms;
+allow { appdomain -isolated_app_all } radio_data_file:file rw_file_perms;

 # Date : W19.23
 # Operation : Migration
@ -43,12 +43,12 @@ allowxperm appdomain appdomain:fifo_file ioctl SNDCTL_TMR_START;

 # Date : W20.26
 # Operation : Migration
-# Purpose : For apps other than isolated_app call hidl
-hwbinder_use({ appdomain -isolated_app })
-get_prop({ appdomain -isolated_app }, hwservicemanager_prop)
-allow { appdomain -isolated_app } hidl_manager_hwservice:hwservice_manager find;
-binder_call({ appdomain -isolated_app }, mtk_safe_halserverdomain_type)
-allow { appdomain -isolated_app } mtk_safe_hwservice_manager_type:hwservice_manager find;
+# Purpose : For apps other than isolated_app_all call hidl
+hwbinder_use({ appdomain -isolated_app_all })
+get_prop({ appdomain -isolated_app_all }, hwservicemanager_prop)
+allow { appdomain -isolated_app_all } hidl_manager_hwservice:hwservice_manager find;
+binder_call({ appdomain -isolated_app_all }, mtk_safe_halserverdomain_type)
+allow { appdomain -isolated_app_all } mtk_safe_hwservice_manager_type:hwservice_manager find;

 # Date : 2021/04/24
 # Operation: addwindow
--- a/basic/non_plat/domain.te
+++ b/basic/non_plat/domain.te
@ -11,7 +11,7 @@ get_prop(domain, mtk_core_property_type)
 # as it is a public interface for all processes to read some OTP data.
 allow {
  domain
-  -isolated_app
+  -isolated_app_all
 } sysfs_devinfo:file r_file_perms;

 # Date : W18.45
@ -19,5 +19,5 @@ allow {
 # Purpose : drvb need dgb2 permission
 allow {
  domain
-  -isolated_app
+  -isolated_app_all
 } sysfs_gpu_mtk:file r_file_perms;
--- a/basic/non_plat/hal_drm_clearkey.te
+++ b/basic/non_plat/hal_drm_clearkey.te
@ -14,4 +14,4 @@ hal_server_domain(hal_drm_clearkey, hal_drm)

 vndbinder_use(hal_drm_clearkey)

-allow hal_drm_clearkey { appdomain -isolated_app }:fd use;
+allow hal_drm_clearkey { appdomain -isolated_app_all }:fd use;
--- a/basic/non_plat/hal_drm_widevine.te
+++ b/basic/non_plat/hal_drm_widevine.te
@ -10,7 +10,7 @@ init_daemon_domain(hal_drm_widevine)
 hal_server_domain(hal_drm_widevine, hal_drm)

 allow hal_drm_widevine mediacodec:fd use;
-allow hal_drm_widevine { appdomain -isolated_app }:fd use;
+allow hal_drm_widevine { appdomain -isolated_app_all }:fd use;

 vndbinder_use(hal_drm_widevine)

--- a/basic/non_plat/merged_hal_service.te
+++ b/basic/non_plat/merged_hal_service.te
@ -42,7 +42,7 @@ hal_client_domain(merged_hal_service, hal_allocator)
 #for default drm permissions
 hal_server_domain(merged_hal_service, hal_drm)
 allow merged_hal_service mediacodec:fd use;
-allow merged_hal_service { appdomain -isolated_app }:fd use;
+allow merged_hal_service { appdomain -isolated_app_all }:fd use;

 # Date : WK18.23
 # Operation : P Migration
--- a/basic/non_plat/mtk_safe_halserverdomain_type.te
+++ b/basic/non_plat/mtk_safe_halserverdomain_type.te
@ -4,5 +4,5 @@

 # Date : W20.26
 # Operation : Migration
-# Purpose : For apps other than isolated_app call hidl
-binder_call(mtk_safe_halserverdomain_type, { appdomain -isolated_app })
+# Purpose : For apps other than isolated_app_all call hidl
+binder_call(mtk_safe_halserverdomain_type, { appdomain -isolated_app_all })
--- a/basic/non_plat/netd.te
+++ b/basic/non_plat/netd.te
@ -31,7 +31,7 @@ allow netd untrusted_app:fd use;
 # Operation :  SQC
 # Purpose :  CTS for wifi
 allow netd untrusted_app:unix_stream_socket rw_socket_perms_no_ioctl;
-allow netd isolated_app:fd use;
+allow netd isolated_app_all:fd use;

 # MTK support app feature
 get_prop(netd, vendor_mtk_app_prop)
--- a/bsp/non_plat/domain.te
+++ b/bsp/non_plat/domain.te
@ -5,7 +5,7 @@
 # Date : WK15.29
 # Operation : Migration
 # Purpose : for device bring up, not to block early migration
-allow { domain -isolated_app } storage_file:dir search;
+allow { domain -isolated_app_all } storage_file:dir search;

 # Date : W17.47
 # Allow system_server to enable/disable logmuch_prop for Wi-Fi logging purpose
--- a/bsp/non_plat/zygote.te
+++ b/bsp/non_plat/zygote.te
@ -19,8 +19,8 @@ allow zygote servicemanager:binder call;

 # Date : WK14.49
 # Operation : SQC
-# Purpose : for isolated_app to use fd (ex: share image by gmail)
-allow zygote isolated_app:fd use;
+# Purpose : for isolated_app_all to use fd (ex: share image by gmail)
+allow zygote isolated_app_all:fd use;

 # Date : WK15.02
 # Operation : SQC