NekoSakura/android_device_mediatek_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[ALPS04345534] SEPolicy: add permission for system_app

Browse Source 
[Detail]
For Andorid Q, there is a more stringent restriction for ioctl,
system_app need to access proc_ged by ioctlcmd=0x6700

MTK-Commit-Id: c610a674e4a9dcdadde0eb619326359253f59f15

Change-Id: I33cd7c4e29b6bec1dc0956cf6d4a136f08f1d511
CR-Id: ALPS04345534
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
This commit is contained in:
Shanshan Guo 2020-01-18 10:08:47 +08:00 committed by Shanshan Guo
parent eff15efb2a
commit 1086506de4
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
non_plat/system_app.te
View File

@ -29,3 +29,8 @@ allow system_app mtk_thermal_config_prop:file { getattr open read };
allow system_app aee_exp_data_file:file r_file_perms;
allow system_app aee_exp_data_file:dir r_dir_perms;
allow system_app md_monitor:unix_stream_socket connectto;
# Date : WK19.11
# Operation: Q migration
# Purpose : Allow system_app to use ioctl/ioctlcmd
allowxperm system_app proc_ged:file ioctl GED_BRIDGE_IO_LOG_BUF_GET;