[ALPS03881723] Workaround to fix build break

[Detail] Googles new commit neverallow coredomain from writing vendor properties cause build break cdb1624c27 [Solution] Declare system_writes_vendor_properties_violators as workaround MTK-Commit-Id: 2b19515d2d98945b0aadfbc9043352ae927497f3 Change-Id: I7be59b6811f6c75ea47da205be902417311fe1d0 CR-Id: ALPS03881723 Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
2020-01-18 09:56:13 +08:00 · 2020-01-18 09:56:13 +08:00 · 05f5d87b88
commit 05f5d87b88
parent 9bfd115a97
20 changed files with 21 additions and 1 deletions
--- a/non_plat/aee_aed.te
+++ b/non_plat/aee_aed.te
@ -38,6 +38,7 @@ allow aee_aed data_tmpfs_log_file:dir create_dir_perms;
 allow aee_aed data_tmpfs_log_file:file create_file_perms;

 # Purpose: aee_aed set property
+typeattribute aee_aed system_writes_vendor_properties_violators;
 set_prop(aee_aed, persist_mtk_aee_prop);
 set_prop(aee_aed, persist_aee_prop);
 set_prop(aee_aed, debug_mtk_aee_prop);
--- a/non_plat/audioserver.te
+++ b/non_plat/audioserver.te
@ -5,6 +5,7 @@
 # Data : WK14.39
 # Operation : Migration
 # Purpose : dump for debug
+typeattribute audioserver system_writes_vendor_properties_violators;
 allow audioserver audiohal_prop:property_service set;

 # Date: WK14.44
--- a/non_plat/bluetooth.te
+++ b/non_plat/bluetooth.te
@ -11,6 +11,7 @@ allow bluetooth storage_stub_file:dir getattr;

 # Date: 2018/01/17
 #allow bluetooth to set property
+typeattribute bluetooth system_writes_vendor_properties_violators;
 set_prop(bluetooth, vendor_bluetooth_prop)
 set_prop(bluetooth, debug_prop)

--- a/non_plat/bootanim.te
+++ b/non_plat/bootanim.te
@ -5,6 +5,7 @@
 # Date : WK14.37
 # Operation : Migration
 # Purpose : for opetator
+typeattribute bootanim system_writes_vendor_properties_violators;
 allow bootanim bootani_prop:property_service set;

 # Date : WK14.46
--- a/non_plat/cameraserver.te
+++ b/non_plat/cameraserver.te
@ -376,6 +376,7 @@ allow cameraserver mtk_cmdq_device:chr_file { read ioctl open };
 # Date : WK17.28
 # Operation : MT6757 SQC
 # Purpose : Change thermal config
+typeattribute cameraserver system_writes_vendor_properties_violators;
 allow cameraserver mtk_thermal_config_prop:file { getattr open read };
 allow cameraserver mtk_thermal_config_prop:property_service set;

--- a/non_plat/cmddumper.te
+++ b/non_plat/cmddumper.te
@ -1,4 +1,5 @@
 #cmddumper access external modem ttySDIO2 
+typeattribute cmddumper system_writes_vendor_properties_violators;
 allow cmddumper ttySDIO_device:chr_file { read write ioctl open };

 # for modem logging sdcard access
--- a/non_plat/dumpstate.te
+++ b/non_plat/dumpstate.te
@ -3,6 +3,7 @@
 # ==============================================

 # Purpose: aee_dumpstate set surfaceflinger property
+typeattribute dumpstate system_writes_vendor_properties_violators;
 set_prop(dumpstate, debug_bq_dump_prop);

 # Purpose: access dev/aed0
--- a/non_plat/emdlogger.te
+++ b/non_plat/emdlogger.te
@ -1,6 +1,7 @@
 #allow emdlogger to set property
 #allow emdlogger debug_mdlogger_prop:property_service set;
 allow emdlogger debug_prop:property_service set;
+typeattribute emdlogger system_writes_vendor_properties_violators;
 allow emdlogger persist_mtklog_prop:property_service set;
 allow emdlogger system_radio_prop:property_service set;

--- a/non_plat/factory.te
+++ b/non_plat/factory.te
@ -70,6 +70,7 @@ allow factory shell_exec:file r_file_perms;

 # Date: WK15.44
 # Purpose: factory idle current status
+typeattribute factory system_writes_vendor_properties_violators;
 allow factory vendor_factory_idle_state_prop:property_service set;

 # Date: WK15.46
--- a/non_plat/mdlogger.te
+++ b/non_plat/mdlogger.te
@ -1,4 +1,5 @@
 #allow mdlogger to set property
+typeattribute mdlogger system_writes_vendor_properties_violators;
 allow mdlogger debug_mdlogger_prop:property_service set;
 allow mdlogger debug_prop:property_service set;

--- a/non_plat/mediaserver.te
+++ b/non_plat/mediaserver.te
@ -357,6 +357,7 @@ allow mediaserver mtk_cmdq_device:chr_file { read ioctl open };
 # Date : WK17.12
 # Operation : MT6799 SQC
 # Purpose : Change thermal config
+typeattribute mediaserver system_writes_vendor_properties_violators;
 allow mediaserver mtk_thermal_config_prop:file { getattr open read };
 allow mediaserver mtk_thermal_config_prop:property_service set;

--- a/non_plat/mobile_log_d.te
+++ b/non_plat/mobile_log_d.te
@ -35,6 +35,7 @@ allow mobile_log_d data_tmpfs_log_file:dir create_dir_perms;
 allow mobile_log_d data_tmpfs_log_file:file create_file_perms;

 #mobile itself property
+typeattribute mobile_log_d system_writes_vendor_properties_violators;
 set_prop(mobile_log_d, mobile_log_prop)

 #Dat: 2017/02/14
--- a/non_plat/mtkbootanimation.te
+++ b/non_plat/mtkbootanimation.te
@ -5,6 +5,7 @@
 # Date : WK14.37
 # Operation : Migration
 # Purpose : for opetator
+typeattribute mtkbootanimation system_writes_vendor_properties_violators;
 allow mtkbootanimation bootani_prop:property_service set;

 # Date : WK14.46
--- a/non_plat/netdiag.te
+++ b/non_plat/netdiag.te
@ -15,6 +15,7 @@ allow netdiag vfat:file create_file_perms;
 allow netdiag tmpfs:lnk_file read;

 #Purpose : for network log property
+typeattribute netdiag system_writes_vendor_properties_violators;
 set_prop(netdiag, debug_netlog_prop)
 set_prop(netdiag, persist_mtklog_prop)
 set_prop(netdiag, debug_mtklog_prop)
--- a/non_plat/platform_app.te
+++ b/non_plat/platform_app.te
@ -80,6 +80,7 @@ allow platform_app aee_aed:unix_stream_socket connectto;
 # Date : WK17.44
 # Operation : O Migration
 # Purpose : allow LocationEM to set mnld property
+typeattribute platform_app system_writes_vendor_properties_violators;
 set_prop(platform_app, mnld_prop)

 # Date : WK17.46
--- a/non_plat/ppp.te
+++ b/non_plat/ppp.te
@ -5,6 +5,6 @@
 # Date : WK14.37
 # Operation : Migration
 # Purpose: for PPPOE Test: Property permission
-
+typeattribute ppp system_writes_vendor_properties_violators;
 allow ppp pppoe_ppp0_prop:property_service set;

--- a/non_plat/radio.te
+++ b/non_plat/radio.te
@ -14,6 +14,8 @@ allow radio surfaceflinger:fifo_file { rw_file_perms };
 # Date : WK16.14 2016/03/30
 # Operation : IT
 # Purpose : for engineermode camera app mode
+
+typeattribute radio system_writes_vendor_properties_violators;
 allow radio mtk_em_prop:property_service set;

 # Date : WK16.24 2016/06/10
--- a/non_plat/shell.te
+++ b/non_plat/shell.te
@ -13,6 +13,7 @@ binder_call(shell, mtk_hal_camera)

 # Date : WK17.35
 # Purpose : allow shell to set mtkcam property.
+typeattribute shell system_writes_vendor_properties_violators;
 set_prop(shell, mtkcam_prop)

 # Date : WK17.36
--- a/non_plat/system_app.te
+++ b/non_plat/system_app.te
@ -13,6 +13,7 @@ hal_client_domain(system_app, mtk_hal_lbs)

 #Dat: 2017/02/14
 #Purpose: allow set telephony Sensitive property
+typeattribute system_app system_writes_vendor_properties_violators;
 set_prop(system_app, mtk_telephony_sensitive_prop)


--- a/non_plat/system_server.te
+++ b/non_plat/system_server.te
@ -88,6 +88,7 @@ allow system_server proc_mtktz:file r_file_perms;
 # Operation: PowerManager set persist.meta.connecttype property
 # Purpose: Reboot target to meta mode,
 # and set persist.meta.connecttype as "wifi" or "usb".
+typeattribute system_server system_writes_vendor_properties_violators;
 allow system_server meta_connecttype_prop:property_service set;

 # Date:W17.02