android_device_mediatek_sep.../non_plat/untrusted_app.te

# ==============================================
# MTK Policy Rule
# ==============================================

# TODO:: Security Issue.

# Date : 2014/09/09
# Operation : Development GMO Feature "Move OAT to SD Card"
# Purpose : for GMO ROM Size Slim
#allow untrusted_app dalvikcache_data_file:lnk_file read;

# Date: 2016/02/26
# Operation: Migration
# Purpose: Allow MTK modified ElephantStress and WhatsTemp to read thermal zone temperatures
#					 from MTK kernel modules for thermal tests at OEM/ODM.
allow untrusted_app proc_mtktz:dir search;
allow untrusted_app proc_mtktz:file r_file_perms;

# Date : 2017/08/01
# Operation: SQC
# Purpose : Allow Whatstemp, a MTK thermal logging tool, to log thermal related information
# properly for thermal tests at OEM/ODM.
allow untrusted_app_25 proc_mtktz:dir search;
allow untrusted_app_25 proc_mtktz:file { getattr open read };
allow untrusted_app_25 proc_stat:file { getattr open read };
allow untrusted_app_25 proc_thermal:dir search;
allow untrusted_app_25 proc_thermal:file { getattr open read };

allow untrusted_app_25 sysfs_fps:dir search;
allow untrusted_app_25 sysfs_fps:file { getattr open read };
allow untrusted_app_25 sysfs_power_supply:dir search;
allow untrusted_app_25 sysfs_power_supply:file { getattr open read };
allow untrusted_app_25 sysfs_therm:dir { open read search };
allow untrusted_app_25 sysfs_therm:file { getattr open read };

# Date : 2017/08/10
# Operation: Development RenderScript opt
# Purpose : Allow RenderScript Opt RS2CL to invoke standalone executable
# properly for thermal tests at OEM/ODM.
typeattribute untrusted_app_25 system_executes_vendor_violators;
allow untrusted_app_25 vendor_file:file execute_no_trans;
typeattribute untrusted_app system_executes_vendor_violators;
allow untrusted_app vendor_file:file execute_no_trans;

# Date : WK17.39
# Stage: O Migration, SQC
# Purpose: Allow to use HAL PQ
allow untrusted_app_25 mtk_hal_pq_hwservice:hwservice_manager find;
allow untrusted_app mtk_hal_pq_hwservice:hwservice_manager find;
import from mediatek/master to mediatek/alps-mp-o1.mp1 Change-Id: Ic78db8195c5c51f85c9c6fd3ef8333489afd6e79 MTK-Commit-Id: 848bf57127be9d01fd1df4aab95737855456afee 2020-01-18 09:29:32 +08:00			`# ==============================================`
			`# MTK Policy Rule`
			`# ==============================================`

			`# TODO:: Security Issue.`

			`# Date : 2014/09/09`
			`# Operation : Development GMO Feature "Move OAT to SD Card"`
			`# Purpose : for GMO ROM Size Slim`
			`#allow untrusted_app dalvikcache_data_file:lnk_file read;`

			`# Date: 2016/02/26`
			`# Operation: Migration`
			`# Purpose: Allow MTK modified ElephantStress and WhatsTemp to read thermal zone temperatures`
			`# from MTK kernel modules for thermal tests at OEM/ODM.`
			`allow untrusted_app proc_mtktz:dir search;`
			`allow untrusted_app proc_mtktz:file r_file_perms;`

			`# Date : 2017/08/01`
			`# Operation: SQC`
			`# Purpose : Allow Whatstemp, a MTK thermal logging tool, to log thermal related information`
			`# properly for thermal tests at OEM/ODM.`
			`allow untrusted_app_25 proc_mtktz:dir search;`
			`allow untrusted_app_25 proc_mtktz:file { getattr open read };`
			`allow untrusted_app_25 proc_stat:file { getattr open read };`
			`allow untrusted_app_25 proc_thermal:dir search;`
			`allow untrusted_app_25 proc_thermal:file { getattr open read };`

			`allow untrusted_app_25 sysfs_fps:dir search;`
			`allow untrusted_app_25 sysfs_fps:file { getattr open read };`
			`allow untrusted_app_25 sysfs_power_supply:dir search;`
			`allow untrusted_app_25 sysfs_power_supply:file { getattr open read };`
			`allow untrusted_app_25 sysfs_therm:dir { open read search };`
			`allow untrusted_app_25 sysfs_therm:file { getattr open read };`

			`# Date : 2017/08/10`
			`# Operation: Development RenderScript opt`
			`# Purpose : Allow RenderScript Opt RS2CL to invoke standalone executable`
			`# properly for thermal tests at OEM/ODM.`
[ALPS03825066] P migration selinux build failed fix 1. Mark polices which accessing proc/sysfs file system 2. Add violator attribute to modules violate vendor/system rule. MTK-Commit-Id: 3954cad7a1428cda694d8428c2235a78aa6e7cc8 Change-Id: I401ae5b87eb9a03f324bef83c6678149606b15a8 CR-Id: ALPS03825066 Feature: [Android Default] SELinux, SEAndroid, and SE-MTK 2020-01-18 09:29:36 +08:00			`typeattribute untrusted_app_25 system_executes_vendor_violators;`
import from mediatek/master to mediatek/alps-mp-o1.mp1 Change-Id: Ic78db8195c5c51f85c9c6fd3ef8333489afd6e79 MTK-Commit-Id: 848bf57127be9d01fd1df4aab95737855456afee 2020-01-18 09:29:32 +08:00			`allow untrusted_app_25 vendor_file:file execute_no_trans;`
[ALPS03825066] P migration selinux build failed fix 1. Mark polices which accessing proc/sysfs file system 2. Add violator attribute to modules violate vendor/system rule. MTK-Commit-Id: 3954cad7a1428cda694d8428c2235a78aa6e7cc8 Change-Id: I401ae5b87eb9a03f324bef83c6678149606b15a8 CR-Id: ALPS03825066 Feature: [Android Default] SELinux, SEAndroid, and SE-MTK 2020-01-18 09:29:36 +08:00			`typeattribute untrusted_app system_executes_vendor_violators;`
import from mediatek/master to mediatek/alps-mp-o1.mp1 Change-Id: Ic78db8195c5c51f85c9c6fd3ef8333489afd6e79 MTK-Commit-Id: 848bf57127be9d01fd1df4aab95737855456afee 2020-01-18 09:29:32 +08:00			`allow untrusted_app vendor_file:file execute_no_trans;`

			`# Date : WK17.39`
			`# Stage: O Migration, SQC`
			`# Purpose: Allow to use HAL PQ`
			`allow untrusted_app_25 mtk_hal_pq_hwservice:hwservice_manager find;`
			`allow untrusted_app mtk_hal_pq_hwservice:hwservice_manager find;`