diff --git a/non_plat/aee_aedv.te b/non_plat/aee_aedv.te index 707e0c5..33a452f 100644 --- a/non_plat/aee_aedv.te +++ b/non_plat/aee_aedv.te @@ -391,8 +391,6 @@ allow aee_aedv sysfs_boot_mode:file r_file_perms; #userdebug_or_eng(` # allow aee_aedv debugfs_tracing_debug:file { r_file_perms write }; #') -# Purpose: allow aee_aedv self to sys_ptrace/dac_read_search/dac_override -#userdebug_or_eng(`allow aee_aedv self:capability { sys_ptrace dac_read_search dac_override };') #Purpose: Allow aee_aedv to read /sys/mtk_memcfg/slabtrace allow aee_aedv proc_slabtrace:file r_file_perms; diff --git a/non_plat/dumpstate.te b/non_plat/dumpstate.te index 05e61e7..38e7fc3 100644 --- a/non_plat/dumpstate.te +++ b/non_plat/dumpstate.te @@ -114,8 +114,8 @@ allow dumpstate debugfs_rcu:file r_file_perms; # Purpose: Allow dumpstate to read /proc/msdc_debug allow dumpstate proc_msdc_debug:file r_file_perms; -# Purpose: Allow dumpstate to read /proc/pidmap -allow dumpstate proc_pidmap:file r_file_perms; +# Purpose: Allow dumpstate to r/w /proc/pidmap +allow dumpstate proc_pidmap:file rw_file_perms; # Purpose: Allow dumpstate to read /sys/power/vcorefs/vcore_debug allow dumpstate sysfs_vcore_debug:file r_file_perms; @@ -128,3 +128,6 @@ allow dumpstate proc_slabtrace:file r_file_perms; #Purpose: Allow dumpstate to read /proc/mtk_cmdq_debug/status allow dumpstate proc_cmdq_debug:file r_file_perms; + +#Purpose: Allow dumpstate to read /proc/cpuhvfs/dbg_repo +allow dumpstate proc_dbg_repo:file r_file_perms; diff --git a/non_plat/file.te b/non_plat/file.te index 1598c6b..d5290f4 100644 --- a/non_plat/file.te +++ b/non_plat/file.te @@ -70,6 +70,7 @@ type proc_pidmap, fs_type, proc_type; type proc_kpageflags, fs_type, proc_type; type proc_slabtrace, fs_type, proc_type; type proc_cmdq_debug, fs_type, proc_type; +type proc_dbg_repo, fs_type, proc_type; type sysfs_therm, fs_type, sysfs_type; type sysfs_fps, fs_type, sysfs_type; type sysfs_ccci, fs_type, sysfs_type; diff --git a/non_plat/genfs_contexts b/non_plat/genfs_contexts index ab2aa1e..a831a1d 100644 --- a/non_plat/genfs_contexts +++ b/non_plat/genfs_contexts @@ -37,6 +37,7 @@ genfscon proc /pidmap u:object_r:proc_pidmap:s0 genfscon proc /kpageflags u:object_r:proc_kpageflags:s0 genfscon proc /mtk_memcfg/slabtrace u:object_r:proc_slabtrace:s0 genfscon proc /mtk_cmdq_debug/status u:object_r:proc_cmdq_debug:s0 +genfscon proc /cpuhvfs/dbg_repo u:object_r:proc_dbg_repo:s0 genfscon iso9660 / u:object_r:iso9660:s0 diff --git a/plat_private/aee_aed.te b/plat_private/aee_aed.te index 6cdbcd3..70b6b1e 100644 --- a/plat_private/aee_aed.te +++ b/plat_private/aee_aed.te @@ -110,12 +110,7 @@ allow aee_aed sysfs_vibrator:file w_file_perms; # Purpose : make aee_aed can get specific process NE info allow aee_aed domain:dir r_dir_perms; allow aee_aed domain:{ file lnk_file } r_file_perms; -#allow aee_aed { -# domain -# -logd -# -keystore -# -init -#}:process ptrace; + allow aee_aed dalvikcache_data_file:dir r_dir_perms; #allow aee_aed zygote_exec:file r_file_perms; #allow aee_aed init_exec:file r_file_perms; @@ -135,10 +130,5 @@ allow aee_aed self:capability { sys_nice chown fowner kill }; # Purpose: Allow aee_aed to write /sys/kernel/debug/tracing/snapshot userdebug_or_eng(`allow aee_aed debugfs_tracing_debug:file { write open };') -# Purpose: Allow aee_aed self to sys_ptrace/dac_override/dac_read_search -#userdebug_or_eng(` -# allow aee_aed self:capability { sys_ptrace dac_override dac_read_search }; -#') - # Purpose: Allow aee_aed to read/write /sys/kernel/debug/tracing/tracing_on #userdebug_or_eng(` allow aee_aed debugfs_tracing:file { r_file_perms write };') diff --git a/plat_private/aee_core_forwarder.te b/plat_private/aee_core_forwarder.te index d2b0a48..d335d99 100644 --- a/plat_private/aee_core_forwarder.te +++ b/plat_private/aee_core_forwarder.te @@ -92,3 +92,9 @@ allow aee_core_forwarder media_rw_data_file:file { create open write }; # scontext=u:r:aee_core_forwarder:s0 tcontext=u:r:aee_core_forwarder:s0 # tclass=capability permissive=0 allow aee_core_forwarder self:capability sys_nice; + +# Purpose : allow aee_core_forwarder to access hwservicemanager_prop +get_prop(aee_core_forwarder, hwservicemanager_prop) + +# Purpose : allow aee_core_forwarder to connect aee_aed socket +allow aee_core_forwarder aee_aed:unix_stream_socket connectto;