From 12bc2025e2033edf04eeedfae4ce026398424787 Mon Sep 17 00:00:00 2001 From: Juju Sung Date: Sat, 18 Jan 2020 10:08:05 +0800 Subject: [PATCH] [ALPS04239425] Sepolicy: fix undefined type declration [Detail] Unknown type:untrusted_v2_app,alarm_device,qtaguid_proc,mtd_device Duplicated type:proc_slabinfo MTK-Commit-Id: 11ccfcffb994452eb58a697e94a8da748ac73933 Change-Id: I2e847041d14d6b6613044cfaa98f242b7fd9381a CR-Id: ALPS04239425 Feature: Build System --- non_plat/aee_aed.te | 2 +- non_plat/aee_aedv.te | 28 ++++++++--------- non_plat/audiocmdservice_atci.te | 2 +- non_plat/connsyslogger.te | 2 +- non_plat/domain.te | 1 - non_plat/factory.te | 4 +-- non_plat/file.te | 1 - non_plat/file_contexts | 4 --- non_plat/fm_hidl_service.te | 2 +- non_plat/genfs_contexts | 1 - non_plat/init.te | 2 +- non_plat/lbs_dbg.te | 4 +-- non_plat/lbs_hidl_service.te | 2 +- non_plat/merged_hal_service.te | 2 +- non_plat/meta_tst.te | 2 +- non_plat/mtk_hal_bluetooth.te | 6 ++-- non_plat/mtk_hal_camera.te | 2 +- non_plat/mtk_hal_gnss.te | 2 +- non_plat/mtk_hal_light.te | 2 +- non_plat/mtk_hal_power.te | 4 +-- non_plat/mtk_hal_sensors.te | 2 +- non_plat/mtkfusionrild.te | 5 ++-- non_plat/mtkrild.te | 3 +- non_plat/nvram_agent_binder.te | 4 +-- non_plat/radio.te | 4 +-- non_plat/rilproxy.te | 4 +-- non_plat/shell.te | 2 +- non_plat/stp_dump3.te | 2 +- non_plat/system_server.te | 2 +- non_plat/untrusted_app.te | 2 +- plat_private/aee_aed.te | 30 +++++++++---------- plat_private/aee_core_forwarder.te | 2 +- plat_private/boot_logo_updater.te | 2 +- plat_private/cmddumper.te | 2 +- plat_private/crash_dump.te | 3 +- plat_private/dumpstate.te | 4 +-- plat_private/em_svr.te | 6 ++-- plat_private/emdlogger.te | 2 +- plat_private/file_contexts | 8 ++--- plat_private/genfs_contexts | 4 +++ plat_private/kisd.te | 2 +- plat_private/loghidlsysservice.te | 2 +- plat_private/mdlogger.te | 2 +- plat_private/mobile_log_d.te | 2 +- plat_private/mtkbootanimation.te | 2 +- plat_private/netdiag.te | 4 +-- plat_private/thermalindicator.te | 2 +- plat_public/device.te | 3 +- prebuilts/api/26.0/nonplat_sepolicy.cil | 22 +++++++------- prebuilts/api/26.0/plat_private/aee_aed.te | 8 ++--- prebuilts/api/26.0/plat_private/crash_dump.te | 2 +- prebuilts/api/26.0/plat_private/dumpstate.te | 4 +-- prebuilts/api/26.0/plat_private/kisd.te | 2 +- 53 files changed, 110 insertions(+), 115 deletions(-) create mode 100644 plat_private/genfs_contexts diff --git a/non_plat/aee_aed.te b/non_plat/aee_aed.te index 565857c..4e0a8a2 100644 --- a/non_plat/aee_aed.te +++ b/non_plat/aee_aed.te @@ -46,7 +46,7 @@ set_prop(aee_aed, debug_mtk_aee_prop); allow aee_aed proc_lk_env:file rw_file_perms; # Purpose: Allow aee_aed to read /proc/pid/exe -allow aee_aed exec_type:file r_file_perms; +#allow aee_aed exec_type:file r_file_perms; # Purpose: Allow aee_aed to read /proc/cpu/alignment allow aee_aed proc_cpu_alignment:file { write open }; diff --git a/non_plat/aee_aedv.te b/non_plat/aee_aedv.te index e5598fa..61fd020 100644 --- a/non_plat/aee_aedv.te +++ b/non_plat/aee_aedv.te @@ -107,14 +107,14 @@ allow aee_aedv proc_lk_env:file rw_file_perms; # Purpose : make aee_aedv can get specific process NE info allow aee_aedv domain:dir r_dir_perms; allow aee_aedv domain:{ file lnk_file } r_file_perms; -allow aee_aedv { - domain - -logd - -keystore - -init -}:process ptrace; -allow aee_aedv zygote_exec:file r_file_perms; -allow aee_aedv init_exec:file r_file_perms; +#allow aee_aedv { +# domain +# -logd +# -keystore +# -init +#}:process ptrace; +#allow aee_aedv zygote_exec:file r_file_perms; +#allow aee_aedv init_exec:file r_file_perms; # Data : 2017/04/06 # Operation : add selinux rule for crash_dump notify aee_aedv @@ -297,14 +297,14 @@ allow aee_aedv hwservicemanager_prop:file { read open getattr }; # - avc: denied { find } for interface=android.hardware.camera.provider::ICameraProvider pid=2956 # scontext=u:r:aee_aedv:s0 tcontext=u:object_r:hal_camera_hwservice:s0 tclass=hwservice_manager # - Transaction error in ICameraProvider::debug: Status(EX_TRANSACTION_FAILED) -allow aee_aedv hal_camera_hwservice:hwservice_manager { find }; +#allow aee_aedv hal_camera_hwservice:hwservice_manager { find }; binder_call(aee_aedv, mtk_hal_camera) # Purpose: allow aee to read /sys/fs/selinux/enforce to get selinux status allow aee_aedv selinuxfs:file r_file_perms; # Purpose: Allow aee_aedv to read /proc/pid/exe -allow aee_aedv exec_type:file r_file_perms; +#allow aee_aedv exec_type:file r_file_perms; # Purpose: mrdump pre-allocation: immutable and userdata # - avc: denied { linux_immutable } for capability=9 scontext=u:r:aee_aedv:s0 @@ -388,11 +388,11 @@ allow aee_aedv sysfs_vcore_debug:file r_file_perms; allow aee_aedv sysfs_boot_mode:file r_file_perms; #Purpose: Allow aee_aedv to read/write /sys/kernel/debug/tracing/buffer_total_size_kb -userdebug_or_eng(` - allow aee_aedv debugfs_tracing_debug:file { r_file_perms write }; -') +#userdebug_or_eng(` +# allow aee_aedv debugfs_tracing_debug:file { r_file_perms write }; +#') # Purpose: allow aee_aedv self to sys_ptrace/dac_read_search/dac_override -userdebug_or_eng(`allow aee_aedv self:capability { sys_ptrace dac_read_search dac_override };') +#userdebug_or_eng(`allow aee_aedv self:capability { sys_ptrace dac_read_search dac_override };') #Purpose: Allow aee_aedv to read /sys/mtk_memcfg/slabtrace allow aee_aedv proc_slabtrace:file r_file_perms; diff --git a/non_plat/audiocmdservice_atci.te b/non_plat/audiocmdservice_atci.te index 1f410ce..1018f31 100644 --- a/non_plat/audiocmdservice_atci.te +++ b/non_plat/audiocmdservice_atci.te @@ -22,7 +22,7 @@ binder_call(audiocmdservice_atci,mtk_hal_audio); #Android O porting hwbinder_use(audiocmdservice_atci) get_prop(audiocmdservice_atci, hwservicemanager_prop); -allow audiocmdservice_atci hal_audio_hwservice:hwservice_manager find; +#allow audiocmdservice_atci hal_audio_hwservice:hwservice_manager find; #To access the file at /dev/kmsg allow audiocmdservice_atci kmsg_device:chr_file w_file_perms; diff --git a/non_plat/connsyslogger.te b/non_plat/connsyslogger.te index 8a216fd..36746f5 100755 --- a/non_plat/connsyslogger.te +++ b/non_plat/connsyslogger.te @@ -5,7 +5,7 @@ # Type Declaration # ============================================== type connsyslogger,domain; -type connsyslogger_exec, exec_type, file_type; +type connsyslogger_exec, system_file_type, exec_type, file_type; typeattribute connsyslogger coredomain; # Purpose : for create hidl server hal_server_domain(connsyslogger, mtk_hal_log) diff --git a/non_plat/domain.te b/non_plat/domain.te index 3367ed0..3f509d7 100644 --- a/non_plat/domain.te +++ b/non_plat/domain.te @@ -33,7 +33,6 @@ allow coredomain vendor_file:lnk_file { getattr read }; allow { coredomain -untrusted_app_all - -untrusted_v2_app } aee_aed:unix_stream_socket connectto; allow { domain -coredomain -hal_configstore_server -vendor_init } aee_aedv:unix_stream_socket connectto; diff --git a/non_plat/factory.te b/non_plat/factory.te index 9c4ce92..2130782 100644 --- a/non_plat/factory.te +++ b/non_plat/factory.te @@ -310,10 +310,10 @@ allow factory self:tcp_socket create_stream_socket_perms; allow factory self:udp_socket create_socket_perms; allow factory sysfs_wake_lock:file rw_file_perms; -allow factory system_file:file x_file_perms; +#allow factory system_file:file x_file_perms; # For Light HIDL permission -allow factory hal_light_hwservice:hwservice_manager find; +#allow factory hal_light_hwservice:hwservice_manager find; allow factory mtk_hal_light:binder call; allow factory merged_hal_service:binder call; # For vibrator test permission diff --git a/non_plat/file.te b/non_plat/file.te index aa32cde..d1a8cbe 100644 --- a/non_plat/file.te +++ b/non_plat/file.te @@ -55,7 +55,6 @@ type proc_lk_env, fs_type, proc_type; type proc_ged, fs_type, proc_type; type proc_perfmgr, fs_type, proc_type; type proc_wmtdbg, fs_type, proc_type; -type proc_slabinfo, fs_type, proc_type; type proc_zraminfo, fs_type, proc_type; type proc_cpu_alignment, fs_type, proc_type; type proc_gpulog, fs_type, proc_type; diff --git a/non_plat/file_contexts b/non_plat/file_contexts index ce48813..cf599c2 100644 --- a/non_plat/file_contexts +++ b/non_plat/file_contexts @@ -315,8 +315,6 @@ /dev/ttyUSB3 u:object_r:tty_device:s0 /dev/ttyUSB4 u:object_r:tty_device:s0 /dev/TV-out(/.*)? u:object_r:TV_out_device:s0 -/dev/ubi_ctrl u:object_r:mtd_device:s0 -/dev/ubi[_0-9]* u:object_r:mtd_device:s0 /dev/uboot(/.*)? u:object_r:uboot_device:s0 /dev/uibc(/.*)? u:object_r:uibc_device:s0 /dev/uinput(/.*)? u:object_r:uinput_device:s0 @@ -382,8 +380,6 @@ /dev/block/sdc u:object_r:bootdevice_block_device:s0 /dev/block/mmcblk1 u:object_r:mmcblk1_block_device:s0 /dev/block/mmcblk1p1 u:object_r:mmcblk1p1_block_device:s0 -/dev/block/mtd(.*)? u:object_r:mtd_device:s0 -/dev/block/mntlblk(.*)? u:object_r:mtd_device:s0 /dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/proinfo u:object_r:nvram_device:s0 /dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/nvram u:object_r:nvram_device:s0 /dev/block/platform/mtk-\b(msdc|ufs)\b\.0/[0-9]+\.\b(msdc0|ufs0)\b/by-name/nvdata u:object_r:nvdata_device:s0 diff --git a/non_plat/fm_hidl_service.te b/non_plat/fm_hidl_service.te index 896412c..30509ca 100644 --- a/non_plat/fm_hidl_service.te +++ b/non_plat/fm_hidl_service.te @@ -14,6 +14,6 @@ init_daemon_domain(fm_hidl_service) vndbinder_use(fm_hidl_service) -r_dir_file(fm_hidl_service, system_file) +#r_dir_file(fm_hidl_service, system_file) allow fm_hidl_service fm_device:chr_file { rw_file_perms }; \ No newline at end of file diff --git a/non_plat/genfs_contexts b/non_plat/genfs_contexts index 4e89c7d..ab2aa1e 100644 --- a/non_plat/genfs_contexts +++ b/non_plat/genfs_contexts @@ -21,7 +21,6 @@ genfscon proc /ged u:object_r:proc_ged:s0 genfscon proc /perfmgr u:object_r:proc_perfmgr:s0 genfscon proc /driver/wmt_dbg u:object_r:proc_wmtdbg:s0 -genfscon proc /slabinfo u:object_r:proc_slabinfo:s0 genfscon proc /zraminfo u:object_r:proc_zraminfo:s0 genfscon proc /gpulog u:object_r:proc_gpulog:s0 genfscon proc /cpu/alignment u:object_r:proc_cpu_alignment:s0 diff --git a/non_plat/init.te b/non_plat/init.te index cf0bf4d..78f77f0 100644 --- a/non_plat/init.te +++ b/non_plat/init.te @@ -42,7 +42,7 @@ allow init para_block_device:blk_file w_file_perms; # Operation : Migration # Purpose : disable AT_SECURE for LD_PRELOAD userdebug_or_eng(` - allow init { domain -lmkd -crash_dump }:process noatsecure; + allow init { domain -lmkd -crash_dump -llkd }:process noatsecure; ') # Date : WK16.26 diff --git a/non_plat/lbs_dbg.te b/non_plat/lbs_dbg.te index 7372073..db0f047 100755 --- a/non_plat/lbs_dbg.te +++ b/non_plat/lbs_dbg.te @@ -9,7 +9,7 @@ type lbs_dbg, domain; # MTK Policy Rule # ============================================== file_type_auto_trans(lbs_dbg, system_data_file, lbs_dbg_data_file); -type lbs_dbg_exec, exec_type, file_type; +type lbs_dbg_exec, system_file_type, exec_type, file_type; typeattribute lbs_dbg coredomain; init_daemon_domain(lbs_dbg) @@ -53,4 +53,4 @@ allow lbs_dbg media_rw_data_file:file unlink; allow lbs_dbg sdcardfs:file unlink; allow lbs_dbg vfat:dir { write remove_name create add_name }; -allow lbs_dbg vfat:file { write rename create open getattr unlink }; \ No newline at end of file +allow lbs_dbg vfat:file { write rename create open getattr unlink }; diff --git a/non_plat/lbs_hidl_service.te b/non_plat/lbs_hidl_service.te index 785ea42..36ccad0 100644 --- a/non_plat/lbs_hidl_service.te +++ b/non_plat/lbs_hidl_service.te @@ -5,7 +5,7 @@ type lbs_hidl_service_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(lbs_hidl_service) vndbinder_use(lbs_hidl_service) -r_dir_file(lbs_hidl_service, system_file) +#r_dir_file(lbs_hidl_service, system_file) unix_socket_connect(lbs_hidl_service, agpsd, mtk_agpsd); allow lbs_hidl_service mtk_agpsd:unix_dgram_socket sendto; allow lbs_hidl_service mnld:unix_dgram_socket sendto; diff --git a/non_plat/merged_hal_service.te b/non_plat/merged_hal_service.te index 3594dae..9b8d2f7 100644 --- a/non_plat/merged_hal_service.te +++ b/non_plat/merged_hal_service.te @@ -20,7 +20,7 @@ allow merged_hal_service sysfs:file write; #mtk libs_hidl_service permissions hal_server_domain(merged_hal_service, mtk_hal_lbs) vndbinder_use(merged_hal_service) -r_dir_file(merged_hal_service, system_file) +#r_dir_file(merged_hal_service, system_file) unix_socket_connect(merged_hal_service, agpsd, mtk_agpsd); allow merged_hal_service mtk_agpsd:unix_dgram_socket sendto; diff --git a/non_plat/meta_tst.te b/non_plat/meta_tst.te index 2423969..06850c6 100644 --- a/non_plat/meta_tst.te +++ b/non_plat/meta_tst.te @@ -277,7 +277,7 @@ allow meta_tst mddb_data_file:dir { search write add_name create getattr read op # Purpose : Allow meta_tst to call Audio HAL service binder_call(meta_tst, mtk_hal_audio) allow meta_tst mtk_hal_audio:binder call; -allow meta_tst hal_audio_hwservice:hwservice_manager find; +#allow meta_tst hal_audio_hwservice:hwservice_manager find; allow meta_tst mtk_audiohal_data_file:dir {read search open}; allow meta_tst proc:file {read open}; allow meta_tst audio_device:chr_file rw_file_perms; diff --git a/non_plat/mtk_hal_bluetooth.te b/non_plat/mtk_hal_bluetooth.te index 23d1101..46b9d03 100644 --- a/non_plat/mtk_hal_bluetooth.te +++ b/non_plat/mtk_hal_bluetooth.te @@ -2,7 +2,7 @@ type mtk_hal_bluetooth, domain; type mtk_hal_bluetooth_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(mtk_hal_bluetooth) -r_dir_file(mtk_hal_bluetooth, system_file) +#r_dir_file(mtk_hal_bluetooth, system_file) # call into the Bluetooth process (callbacks) binder_call(mtk_hal_bluetooth, bluetooth) hwbinder_use(mtk_hal_bluetooth); @@ -39,9 +39,9 @@ allow mtk_hal_bluetooth nvdata_file:lnk_file read; # Purpose: Allow to search /mnt/vendor/* for fstab when using NVM_Init() allow mtk_hal_bluetooth mnt_vendor_file:dir search; -allow mtk_hal_bluetooth hwservicemanager_prop:file r_file_perms; +get_prop(mtk_hal_bluetooth, hwservicemanager_prop) -add_hwservice(hal_bluetooth, mtk_hal_bluetooth_hwservice) +#add_hwservice(hal_bluetooth, mtk_hal_bluetooth_hwservice) allow hal_bluetooth_client mtk_hal_bluetooth_hwservice:hwservice_manager find; allow mtk_hal_bluetooth system_data_file:lnk_file read; diff --git a/non_plat/mtk_hal_camera.te b/non_plat/mtk_hal_camera.te index 0256e6b..ee555b9 100644 --- a/non_plat/mtk_hal_camera.te +++ b/non_plat/mtk_hal_camera.te @@ -52,7 +52,7 @@ binder_call(mtk_hal_camera, mtk_hal_power) # Purpose: Allow camerahalserver to find a service from hwservice_manager # ----------------------------------- allow mtk_hal_camera hal_graphics_mapper_hwservice:hwservice_manager find; -allow mtk_hal_camera hal_graphics_allocator_hwservice:hwservice_manager find; +#allow mtk_hal_camera hal_graphics_allocator_hwservice:hwservice_manager find; allow mtk_hal_camera fwk_sensor_hwservice:hwservice_manager find; allow mtk_hal_camera mtk_hal_power_hwservice:hwservice_manager find; allow mtk_hal_camera nvram_data_file:lnk_file { read write getattr setattr read create open }; diff --git a/non_plat/mtk_hal_gnss.te b/non_plat/mtk_hal_gnss.te index 5cf7294..175ff10 100644 --- a/non_plat/mtk_hal_gnss.te +++ b/non_plat/mtk_hal_gnss.te @@ -7,7 +7,7 @@ init_daemon_domain(mtk_hal_gnss) #TODO:: work around solution, wait for correct solution from google vndbinder_use(mtk_hal_gnss) -r_dir_file(mtk_hal_gnss, system_file) +#r_dir_file(mtk_hal_gnss, system_file) # Communicate over a socket created by mnld process. allow mtk_hal_gnss mnld_data_file:sock_file create_file_perms; diff --git a/non_plat/mtk_hal_light.te b/non_plat/mtk_hal_light.te index 26faf12..7a69812 100644 --- a/non_plat/mtk_hal_light.te +++ b/non_plat/mtk_hal_light.te @@ -20,5 +20,5 @@ allow mtk_hal_light sysfs_leds:lnk_file read; allow mtk_hal_light sysfs_leds:file rw_file_perms; allow mtk_hal_light sysfs_leds:dir r_dir_perms; -allow mtk_hal_light hwservicemanager_prop:file r_file_perms; +get_prop(mtk_hal_light, hwservicemanager_prop) hal_server_domain(mtk_hal_light,hal_light); diff --git a/non_plat/mtk_hal_power.te b/non_plat/mtk_hal_power.te index 105b1e0..e611fe4 100644 --- a/non_plat/mtk_hal_power.te +++ b/non_plat/mtk_hal_power.te @@ -8,11 +8,11 @@ type mtk_hal_power_exec, exec_type, file_type, vendor_file_type; init_daemon_domain(mtk_hal_power) hwbinder_use(mtk_hal_power); -allow mtk_hal_power hwservicemanager_prop:file r_file_perms; +get_prop(mtk_hal_power, hwservicemanager_prop) allow mtk_hal_power hal_power_hwservice:hwservice_manager { add find }; allow mtk_hal_power hidl_base_hwservice:hwservice_manager add; -add_hwservice(hal_power, mtk_hal_power_hwservice) +#add_hwservice(hal_power, mtk_hal_power_hwservice) allow hal_power_client mtk_hal_power_hwservice:hwservice_manager find; hal_server_domain(mtk_hal_power, hal_power); diff --git a/non_plat/mtk_hal_sensors.te b/non_plat/mtk_hal_sensors.te index 142a6ac..a0da1ca 100644 --- a/non_plat/mtk_hal_sensors.te +++ b/non_plat/mtk_hal_sensors.te @@ -31,7 +31,7 @@ allow mtk_hal_sensors sysfs:file rw_file_perms; # hal sensor for chr_file allow mtk_hal_sensors hwmsensor_device:chr_file r_file_perms; -allow mtk_hal_sensors hwservicemanager_prop:file r_file_perms; +get_prop(mtk_hal_sensors, hwservicemanager_prop) #hwservicemanager hal_server_domain(mtk_hal_sensors, hal_sensors); diff --git a/non_plat/mtkfusionrild.te b/non_plat/mtkfusionrild.te index ad510e0..bbac9e1 100644 --- a/non_plat/mtkfusionrild.te +++ b/non_plat/mtkfusionrild.te @@ -42,7 +42,7 @@ allow rild bluetooth_efs_file:dir r_dir_perms; # (radio data/system data/proc/etc) # Violate Android P rule allow rild sdcardfs:dir r_dir_perms; -allow rild system_file:file x_file_perms; +#allow rild system_file:file x_file_perms; allow rild proc:file rw_file_perms; allow rild proc_net:file w_file_perms; @@ -51,7 +51,6 @@ allow rild proc_net:file w_file_perms; allow rild self:netlink_route_socket nlmsg_write; # Allow read/write to devices/files -allow rild alarm_device:chr_file rw_file_perms; allow rild radio_device:chr_file rw_file_perms; allow rild radio_device:blk_file r_file_perms; allow rild mtd_device:dir search; @@ -99,7 +98,7 @@ allow rild mtk_agpsd:unix_stream_socket connectto; #Date 2017/10/12 #Purpose: allow set MTU size -allow rild toolbox_exec:file getattr; +#allow rild toolbox_exec:file getattr; allow rild mtk_net_ipv6_prop:property_service set; #Dat: 2017/10/17 diff --git a/non_plat/mtkrild.te b/non_plat/mtkrild.te index 25a528e..8c30d35 100644 --- a/non_plat/mtkrild.te +++ b/non_plat/mtkrild.te @@ -53,7 +53,7 @@ allow mtkrild bluetooth_efs_file:dir r_dir_perms; # Violate Android P rule allow mtkrild sdcardfs:dir r_dir_perms; # Violate Android P rule -allow mtkrild system_file:file x_file_perms; +#allow mtkrild system_file:file x_file_perms; allow mtkrild proc:file rw_file_perms; allow mtkrild proc_net:file w_file_perms; @@ -61,7 +61,6 @@ allow mtkrild proc_net:file w_file_perms; allow mtkrild self:netlink_route_socket nlmsg_write; # Allow read/write to devices/files -allow mtkrild alarm_device:chr_file rw_file_perms; allow mtkrild radio_device:chr_file rw_file_perms; allow mtkrild radio_device:blk_file r_file_perms; allow mtkrild mtd_device:dir search; diff --git a/non_plat/nvram_agent_binder.te b/non_plat/nvram_agent_binder.te index ebb46fa..c72ecc9 100644 --- a/non_plat/nvram_agent_binder.te +++ b/non_plat/nvram_agent_binder.te @@ -50,7 +50,7 @@ allow nvram_agent_binder mtd_device:dir search; allow nvram_agent_binder mtd_device:chr_file rw_file_perms; #for nvram agent hidl -allow nvram_agent_binder hwservicemanager_prop:file r_file_perms; +get_prop(nvram_agent_binder, hwservicemanager_prop) #for nvram hidl client support allow nvram_agent_binder sysfs:file { read open }; @@ -71,4 +71,4 @@ get_prop(nvram_daemon, tel_switch_prop) # Purpose: Allow to search /mnt/vendor/nvdata when using nvram function allow nvram_agent_binder mnt_vendor_file:dir search; -allow nvram_agent_binder sysfs_boot_mode:file r_file_perms; \ No newline at end of file +allow nvram_agent_binder sysfs_boot_mode:file r_file_perms; diff --git a/non_plat/radio.te b/non_plat/radio.te index cef8d4d..139abba 100644 --- a/non_plat/radio.te +++ b/non_plat/radio.te @@ -104,7 +104,7 @@ hal_client_domain(radio, hal_imsa) #Dat: 2017/06/29 #Purpose: For audio parameter tuning -allow radio hal_audio_hwservice:hwservice_manager find; +#allow radio hal_audio_hwservice:hwservice_manager find; binder_call(radio,mtk_hal_audio) # TODO : Will move to plat_private when SEPolicy split done @@ -148,7 +148,7 @@ get_prop(radio, mtk_debug_md_reset_prop) # Operation : P migration # Purpose : For EM access battery info allow radio sysfs_batteryinfo:dir search; -allow radio sysfs_batteryinfo:file { read write getattr open create}; +#allow radio sysfs_batteryinfo:file { read write getattr open create}; allow radio sysfs_vbus:file { read getattr open }; # Date : 2018/06/15 diff --git a/non_plat/rilproxy.te b/non_plat/rilproxy.te index 3e71cff..83d1f86 100644 --- a/non_plat/rilproxy.te +++ b/non_plat/rilproxy.te @@ -33,7 +33,7 @@ allow rild netd_socket:sock_file read; #Date : W17.13 #Purpose: Treble SEpolicy denied clean up -allow rild hwservicemanager_prop:file r_file_perms; +get_prop(rild, hwservicemanager_prop) #Date : W17.18 #Purpose: Treble SEpolicy denied clean up @@ -47,7 +47,7 @@ vndbinder_use(rild) #Date : W17.20 #Purpose: allow access to audio hal binder_call(rild, mtk_hal_audio) -allow rild hal_audio_hwservice:hwservice_manager find; +#allow rild hal_audio_hwservice:hwservice_manager find; #Date : W18.15 #Purpose: allow rild access to vendor.ril.ipo system property diff --git a/non_plat/shell.te b/non_plat/shell.te index 824ad2f..b292564 100644 --- a/non_plat/shell.te +++ b/non_plat/shell.te @@ -8,7 +8,7 @@ allow shell aee_aed:unix_stream_socket connectto; # Date : WK17.35 # Purpose : allow shell to dump the debugging information of camera hal. -allow shell hal_camera_hwservice:hwservice_manager { find }; +#allow shell hal_camera_hwservice:hwservice_manager { find }; binder_call(shell, mtk_hal_camera) # Date : WK17.36 diff --git a/non_plat/stp_dump3.te b/non_plat/stp_dump3.te index 8b43ba2..426f6ea 100644 --- a/non_plat/stp_dump3.te +++ b/non_plat/stp_dump3.te @@ -6,7 +6,7 @@ # Type Declaration # ============================================== -type stp_dump3_exec, exec_type, file_type; +type stp_dump3_exec, system_file_type, exec_type, file_type; type stp_dump3, domain; typeattribute stp_dump3 coredomain; diff --git a/non_plat/system_server.te b/non_plat/system_server.te index 831b17c..13ba006 100644 --- a/non_plat/system_server.te +++ b/non_plat/system_server.te @@ -29,7 +29,7 @@ allow system_server aee_dumpsys_data_file:file w_file_perms; allow system_server aee_exp_data_file:file w_file_perms; # Dump native process backtrace. -allow system_server exec_type:file r_file_perms; +#allow system_server exec_type:file r_file_perms; # Querying zygote socket. allow system_server zygote:unix_stream_socket { getopt getattr }; diff --git a/non_plat/untrusted_app.te b/non_plat/untrusted_app.te index c77de10..3d3c42a 100644 --- a/non_plat/untrusted_app.te +++ b/non_plat/untrusted_app.te @@ -23,6 +23,6 @@ allow untrusted_app_25 proc_thermal:file { getattr open read }; allow untrusted_app_25 sysfs_fps:dir search; allow untrusted_app_25 sysfs_fps:file { getattr open read }; allow untrusted_app_25 sysfs_batteryinfo:dir search; -allow untrusted_app_25 sysfs_batteryinfo:file { getattr open read }; +#allow untrusted_app_25 sysfs_batteryinfo:file { getattr open read }; allow untrusted_app_25 sysfs_therm:dir { open read search }; allow untrusted_app_25 sysfs_therm:file { getattr open read }; diff --git a/plat_private/aee_aed.te b/plat_private/aee_aed.te index 2bf37ad..6cdbcd3 100644 --- a/plat_private/aee_aed.te +++ b/plat_private/aee_aed.te @@ -4,7 +4,7 @@ # ============================================== # Type Declaration # ============================================== -type aee_aed_exec, exec_type, file_type; +type aee_aed_exec, system_file_type, exec_type, file_type; typeattribute aee_aed coredomain; typeattribute aee_aed mlstrustedsubject; @@ -32,7 +32,7 @@ allow aee_aed domain:lnk_file getattr; allow aee_aed usermodehelper:file r_file_perms; #suid_dumpable. this is neverallow -# allow aee_aed proc_security:file r_file_perms; +#allow aee_aed proc_security:file r_file_perms; #property allow aee_aed init:unix_stream_socket connectto; @@ -100,7 +100,7 @@ allow aee_aed dumpstate:file r_file_perms; allow aee_aed logdr_socket:sock_file write; allow aee_aed logd:unix_stream_socket connectto; -# allow aee_aed system_ndebug_socket:sock_file write; mask for never allow rule +#allow aee_aed system_ndebug_socket:sock_file write; # vibrator allow aee_aed sysfs_vibrator:file w_file_perms; @@ -110,15 +110,15 @@ allow aee_aed sysfs_vibrator:file w_file_perms; # Purpose : make aee_aed can get specific process NE info allow aee_aed domain:dir r_dir_perms; allow aee_aed domain:{ file lnk_file } r_file_perms; -allow aee_aed { - domain - -logd - -keystore - -init -}:process ptrace; +#allow aee_aed { +# domain +# -logd +# -keystore +# -init +#}:process ptrace; allow aee_aed dalvikcache_data_file:dir r_dir_perms; -allow aee_aed zygote_exec:file r_file_perms; -allow aee_aed init_exec:file r_file_perms; +#allow aee_aed zygote_exec:file r_file_perms; +#allow aee_aed init_exec:file r_file_perms; # Data : 2017/04/06 # Operation : add selinux rule for crash_dump notify aee_aed @@ -136,9 +136,9 @@ allow aee_aed self:capability { sys_nice chown fowner kill }; userdebug_or_eng(`allow aee_aed debugfs_tracing_debug:file { write open };') # Purpose: Allow aee_aed self to sys_ptrace/dac_override/dac_read_search -userdebug_or_eng(` - allow aee_aed self:capability { sys_ptrace dac_override dac_read_search }; -') +#userdebug_or_eng(` +# allow aee_aed self:capability { sys_ptrace dac_override dac_read_search }; +#') # Purpose: Allow aee_aed to read/write /sys/kernel/debug/tracing/tracing_on -userdebug_or_eng(` allow aee_aed debugfs_tracing:file { r_file_perms write };') +#userdebug_or_eng(` allow aee_aed debugfs_tracing:file { r_file_perms write };') diff --git a/plat_private/aee_core_forwarder.te b/plat_private/aee_core_forwarder.te index 141fb55..d2b0a48 100644 --- a/plat_private/aee_core_forwarder.te +++ b/plat_private/aee_core_forwarder.te @@ -4,7 +4,7 @@ # ============================================== # Type Declaration # ============================================== -type aee_core_forwarder_exec, exec_type, file_type; +type aee_core_forwarder_exec, system_file_type, exec_type, file_type; typeattribute aee_core_forwarder coredomain; # ============================================== diff --git a/plat_private/boot_logo_updater.te b/plat_private/boot_logo_updater.te index d46b0f2..069a9f0 100644 --- a/plat_private/boot_logo_updater.te +++ b/plat_private/boot_logo_updater.te @@ -3,7 +3,7 @@ # New added for move to /system typeattribute boot_logo_updater coredomain; -type boot_logo_updater_exec , exec_type, file_type; +type boot_logo_updater_exec, system_file_type, exec_type, file_type; # ============================================== # MTK Policy Rule diff --git a/plat_private/cmddumper.te b/plat_private/cmddumper.te index 405bebe..7e1a3d9 100644 --- a/plat_private/cmddumper.te +++ b/plat_private/cmddumper.te @@ -3,7 +3,7 @@ # ============================================== # New added for move to /system -type cmddumper_exec, exec_type, file_type; +type cmddumper_exec, system_file_type, exec_type, file_type; typeattribute cmddumper coredomain; init_daemon_domain(cmddumper) diff --git a/plat_private/crash_dump.te b/plat_private/crash_dump.te index 5cd2c58..bd905cb 100644 --- a/plat_private/crash_dump.te +++ b/plat_private/crash_dump.te @@ -1 +1,2 @@ -allow crash_dump aee_aed:unix_stream_socket connectto; \ No newline at end of file +allow crash_dump aee_aed:unix_stream_socket connectto; + diff --git a/plat_private/dumpstate.te b/plat_private/dumpstate.te index 486476a..a6f49c2 100644 --- a/plat_private/dumpstate.te +++ b/plat_private/dumpstate.te @@ -14,7 +14,7 @@ allow dumpstate mnt_user_file:lnk_file read; allow dumpstate storage_file:lnk_file read; # Purpose: timer_intval. this is neverallow -allow dumpstate app_data_file:dir search; +#allow dumpstate app_data_file:dir search; allow dumpstate kmsg_device:chr_file r_file_perms; # Purpose: @@ -39,7 +39,7 @@ allow dumpstate gpu_device:dir search; # Purpose: 01-01 08:30:57.474 286 286 E SELinux : avc: denied { find } for interface= # android.hardware.camera.provider::ICameraProvider pid=3133 scontext=u:r:dumpstate:s0 tcontext= # u:object_r:hal_camera_hwservice:s0 tclass=hwservice_manager -allow dumpstate hal_camera_hwservice:hwservice_manager find; +#allow dumpstate hal_camera_hwservice:hwservice_manager find; #Purpose: Allow dumpstate to read/write /sys/kernel/debug/tracing/buffer_total_size_kb userdebug_or_eng(`allow dumpstate debugfs_tracing_debug:file { r_file_perms write };') diff --git a/plat_private/em_svr.te b/plat_private/em_svr.te index cd5e887..708c587 100644 --- a/plat_private/em_svr.te +++ b/plat_private/em_svr.te @@ -6,7 +6,7 @@ # Type Declaration # ============================================== -type em_svr_exec , exec_type, file_type; +type em_svr_exec, system_file_type, exec_type, file_type; typeattribute em_svr coredomain; # ============================================== @@ -65,8 +65,8 @@ allow em_svr sysfs:dir { open read }; # Date: WK1822 # Purpose: battery temprature setting allow em_svr sysfs_batteryinfo:dir search; -allow em_svr sysfs_batteryinfo:file { write open }; -r_dir_file(em_svr, sysfs_batteryinfo); +#allow em_svr sysfs_batteryinfo:file { write open }; +#r_dir_file(em_svr, sysfs_batteryinfo); diff --git a/plat_private/emdlogger.te b/plat_private/emdlogger.te index 330fd01..6d4010d 100755 --- a/plat_private/emdlogger.te +++ b/plat_private/emdlogger.te @@ -3,7 +3,7 @@ # ============================================== # New added for move to /system -type emdlogger_exec , exec_type, file_type; +type emdlogger_exec, system_file_type, exec_type, file_type; typeattribute emdlogger coredomain; init_daemon_domain(emdlogger) diff --git a/plat_private/file_contexts b/plat_private/file_contexts index 4b9abd1..32d79e8 100644 --- a/plat_private/file_contexts +++ b/plat_private/file_contexts @@ -42,7 +42,7 @@ /system/bin/mtkbootanimation u:object_r:mtkbootanimation_exec:s0 /system/bin/boot_logo_updater u:object_r:boot_logo_updater_exec:s0 -#MTK vibrator -/sys/devices/platform/vibrator@0/leds/vibrator(/.*)? u:object_r:sysfs_vibrator:s0 - -/sys/block/mmcblk0rpmb/size u:object_r:access_sys_file:s0 +/dev/ubi_ctrl u:object_r:mtd_device:s0 +/dev/ubi[_0-9]* u:object_r:mtd_device:s0 +/dev/block/mtd(.*)? u:object_r:mtd_device:s0 +/dev/block/mntlblk(.*)? u:object_r:mtd_device:s0 diff --git a/plat_private/genfs_contexts b/plat_private/genfs_contexts new file mode 100644 index 0000000..def96b3 --- /dev/null +++ b/plat_private/genfs_contexts @@ -0,0 +1,4 @@ +#MTK vibrator +genfscon sysfs /devices/platform/vibrator@0/leds/vibrator u:object_r:sysfs_vibrator:s0 + +genfscon sysfs /block/mmcblk0rpmb/size u:object_r:access_sys_file:s0 diff --git a/plat_private/kisd.te b/plat_private/kisd.te index 46897b3..4a46812 100644 --- a/plat_private/kisd.te +++ b/plat_private/kisd.te @@ -18,7 +18,7 @@ init_daemon_domain(kisd) allow kisd tee_device:chr_file {read write open ioctl}; allow kisd provision_file:dir {read write open ioctl add_name search remove_name}; allow kisd provision_file:file {create read write open getattr unlink}; -allow kisd system_file:file {execute_no_trans}; +#allow kisd system_file:file {execute_no_trans}; allow kisd block_device:dir {read write open ioctl search}; allow kisd kb_block_device:blk_file {read write open ioctl getattr}; allow kisd dkb_block_device:blk_file {read write open ioctl getattr}; diff --git a/plat_private/loghidlsysservice.te b/plat_private/loghidlsysservice.te index 4e7b9c0..4edbfba 100755 --- a/plat_private/loghidlsysservice.te +++ b/plat_private/loghidlsysservice.te @@ -4,7 +4,7 @@ # ============================================== # Type Declaration # ============================================== -type loghidlsysservice_exec, exec_type, file_type; +type loghidlsysservice_exec, system_file_type, exec_type, file_type; typeattribute loghidlsysservice coredomain; diff --git a/plat_private/mdlogger.te b/plat_private/mdlogger.te index ba5559f..b84713a 100644 --- a/plat_private/mdlogger.te +++ b/plat_private/mdlogger.te @@ -3,7 +3,7 @@ # ============================================== # New added for move to /system -type mdlogger_exec , exec_type, file_type; +type mdlogger_exec , system_file_type, exec_type, file_type; typeattribute mdlogger coredomain; init_daemon_domain(mdlogger) diff --git a/plat_private/mobile_log_d.te b/plat_private/mobile_log_d.te index d4e679c..d9567a8 100644 --- a/plat_private/mobile_log_d.te +++ b/plat_private/mobile_log_d.te @@ -3,7 +3,7 @@ # ============================================== # New added for moving to /system -type mobile_log_d_exec , exec_type, file_type; +type mobile_log_d_exec, system_file_type, exec_type, file_type; typeattribute mobile_log_d coredomain; init_daemon_domain(mobile_log_d) diff --git a/plat_private/mtkbootanimation.te b/plat_private/mtkbootanimation.te index 2eb64a4..bcb7456 100644 --- a/plat_private/mtkbootanimation.te +++ b/plat_private/mtkbootanimation.te @@ -6,7 +6,7 @@ typeattribute mtkbootanimation coredomain; init_daemon_domain(mtkbootanimation) -type mtkbootanimation_exec, exec_type, file_type; +type mtkbootanimation_exec, system_file_type, exec_type, file_type; # Date W17.39 # Operation Migration diff --git a/plat_private/netdiag.te b/plat_private/netdiag.te index f793e4d..33f34a0 100755 --- a/plat_private/netdiag.te +++ b/plat_private/netdiag.te @@ -3,7 +3,7 @@ # ============================================== # New added for move to /system -type netdiag_exec , exec_type, file_type; +type netdiag_exec, system_file_type, exec_type, file_type; typeattribute netdiag coredomain; init_daemon_domain(netdiag) @@ -31,8 +31,6 @@ allow netdiag system_file:file rx_file_perms; allow netdiag self:capability { net_admin setuid net_raw setgid}; allow netdiag shell_exec:file rx_file_perms; -#/proc/3523/net/xt_qtaguid/ctrl & /proc -allow netdiag qtaguid_proc:file r_file_perms; #access /proc/318/net/psched allow netdiag proc_net:file r_file_perms; diff --git a/plat_private/thermalindicator.te b/plat_private/thermalindicator.te index 735f3ca..ae20d75 100644 --- a/plat_private/thermalindicator.te +++ b/plat_private/thermalindicator.te @@ -3,7 +3,7 @@ # ============================================================================= # New added for move to /system -type thermalindicator_exec, exec_type, file_type; +type thermalindicator_exec, system_file_type, exec_type, file_type; typeattribute thermalindicator coredomain; init_daemon_domain(thermalindicator) diff --git a/plat_public/device.te b/plat_public/device.te index c034b64..86cb28f 100644 --- a/plat_public/device.te +++ b/plat_public/device.te @@ -3,4 +3,5 @@ # ============================================== type kb_block_device,dev_type; -type dkb_block_device,dev_type; \ No newline at end of file +type dkb_block_device,dev_type; +type mtd_device, dev_type; diff --git a/prebuilts/api/26.0/nonplat_sepolicy.cil b/prebuilts/api/26.0/nonplat_sepolicy.cil index 1df48e5..fb49be1 100755 --- a/prebuilts/api/26.0/nonplat_sepolicy.cil +++ b/prebuilts/api/26.0/nonplat_sepolicy.cil @@ -22,7 +22,7 @@ (typeattributeset domain (adbd_26_0 audioserver_26_0 blkid_26_0 blkid_untrusted_26_0 bluetooth_26_0 bootanim_26_0 bootstat_26_0 bufferhubd_26_0 cameraserver_26_0 charger_26_0 clatd_26_0 cppreopts_26_0 crash_dump_26_0 dex2oat_26_0 dhcp_26_0 dnsmasq_26_0 drmserver_26_0 dumpstate_26_0 ephemeral_app_26_0 fingerprintd_26_0 fsck_26_0 fsck_untrusted_26_0 gatekeeperd_26_0 healthd_26_0 hwservicemanager_26_0 idmap_26_0 incident_26_0 incidentd_26_0 init_26_0 inputflinger_26_0 install_recovery_26_0 installd_26_0 isolated_app_26_0 kernel_26_0 keystore_26_0 lmkd_26_0 logd_26_0 logpersist_26_0 mdnsd_26_0 mediacodec_26_0 mediadrmserver_26_0 mediaextractor_26_0 mediametrics_26_0 mediaserver_26_0 modprobe_26_0 mtp_26_0 netd_26_0 netutils_wrapper_26_0 nfc_26_0 otapreopt_chroot_26_0 otapreopt_slot_26_0 performanced_26_0 perfprofd_26_0 platform_app_26_0 postinstall_26_0 postinstall_dexopt_26_0 ppp_26_0 preopt2cachename_26_0 priv_app_26_0 profman_26_0 racoon_26_0 radio_26_0 recovery_26_0 recovery_persist_26_0 recovery_refresh_26_0 rild_26_0 runas_26_0 sdcardd_26_0 servicemanager_26_0 sgdisk_26_0 shared_relro_26_0 shell_26_0 slideshow_26_0 su_26_0 surfaceflinger_26_0 system_app_26_0 system_server_26_0 tee_26_0 tombstoned_26_0 toolbox_26_0 tzdatacheck_26_0 ueventd_26_0 uncrypt_26_0 untrusted_app_26_0 untrusted_app_25_26_0 untrusted_v2_app_26_0 update_engine_26_0 update_verifier_26_0 vdc_26_0 virtual_touchpad_26_0 vndservicemanager_26_0 vold_26_0 vr_hwc_26_0 watchdogd_26_0 webview_zygote_26_0 wificond_26_0 zygote_26_0 aee_aed_26_0 aee_aedv_26_0 audiocmdservice_atci_26_0 boot_logo_updater_26_0 cmddumper_26_0 em_svr_26_0 emdlogger_26_0 factory_26_0 fuelgauged_static_26_0 kisd_26_0 mdlogger_26_0 meta_tst_26_0 mobile_log_d_26_0 netdiag_26_0 pre_meta_26_0 thermalindicator_26_0 hal_audio_default hal_bluetooth_default hal_bootctl_default hal_camera_default hal_configstore_default hal_contexthub_default hal_drm_default hal_dumpstate_default hal_fingerprint_default hal_gatekeeper_default hal_gnss_default hal_graphics_allocator_default hal_graphics_composer_default hal_health_default hal_ir_default hal_keymaster_default hal_light_default hal_memtrack_default hal_nfc_default hal_power_default hal_sensors_default hal_thermal_default hal_tv_cec_default hal_tv_input_default hal_usb_default hal_vibrator_default hal_vr_default hal_wifi_default hal_wifi_offload_default hal_wifi_supplicant_default hostapd vendor_modprobe MtkCodecService aee_core_forwarder biosensord_nvram ccci_fsd ccci_mdinit fuelgauged fuelgauged_nvram gsm0710muxd hal_drm_widevine hal_keymaster_attestation lbs_hidl_service md_ctrl mmc_ffu mnld MPED mtk_agpsd mtk_hal_audio mtk_hal_bluetooth mtk_hal_camera mtk_hal_gnss mtk_hal_imsa mtk_hal_light mtk_hal_power mtk_hal_pq mtk_hal_sensors mtk_wmt_launcher mtkrild muxreport nvram_agent_binder nvram_daemon slpd spm_loader stp_dump3 sysenv_daemon thermal_manager thermalloadalgod vendor_app wifi2agps wmt_loader epdg_wod ipsec mtkmal volte_imcb volte_imsm_md volte_stack volte_ua wfca)) (typeattributeset fs_type (device_26_0 labeledfs_26_0 pipefs_26_0 sockfs_26_0 rootfs_26_0 proc_26_0 proc_security_26_0 proc_drop_caches_26_0 proc_overcommit_memory_26_0 usermodehelper_26_0 qtaguid_proc_26_0 proc_bluetooth_writable_26_0 proc_cpuinfo_26_0 proc_interrupts_26_0 proc_iomem_26_0 proc_meminfo_26_0 proc_misc_26_0 proc_modules_26_0 proc_net_26_0 proc_perf_26_0 proc_stat_26_0 proc_sysrq_26_0 proc_timer_26_0 proc_tty_drivers_26_0 proc_uid_cputime_showstat_26_0 proc_uid_cputime_removeuid_26_0 proc_uid_io_stats_26_0 proc_uid_procstat_set_26_0 proc_zoneinfo_26_0 selinuxfs_26_0 cgroup_26_0 sysfs_26_0 sysfs_uio_26_0 sysfs_batteryinfo_26_0 sysfs_bluetooth_writable_26_0 sysfs_leds_26_0 sysfs_hwrandom_26_0 sysfs_nfc_power_writable_26_0 sysfs_wake_lock_26_0 sysfs_mac_address_26_0 configfs_26_0 sysfs_devices_system_cpu_26_0 sysfs_lowmemorykiller_26_0 sysfs_wlan_fwpath_26_0 sysfs_vibrator_26_0 sysfs_thermal_26_0 sysfs_zram_26_0 sysfs_zram_uevent_26_0 inotify_26_0 devpts_26_0 tmpfs_26_0 shm_26_0 mqueue_26_0 fuse_26_0 sdcardfs_26_0 vfat_26_0 debugfs_26_0 debugfs_mmc_26_0 debugfs_trace_marker_26_0 debugfs_tracing_26_0 debugfs_tracing_instances_26_0 debugfs_wifi_tracing_26_0 tracing_shell_writable_26_0 tracing_shell_writable_debug_26_0 pstorefs_26_0 functionfs_26_0 oemfs_26_0 usbfs_26_0 binfmt_miscfs_26_0 app_fusefs_26_0 proc_thermal proc_mtkcooler proc_mtktz proc_slogger proc_lk_env proc_ged sysfs_therm sysfs_power_supply sysfs_fps sysfs_ccci sysfs_mmc1 sysfs_ssw sysfs_vcorefs_pwrctrl sysfs_md32 sysfs_scp sysfs_sspm sysfs_devinfo sysfs_dcm sysfs_dcs proc_icusb iso9660 rawfs fuseblk proc_mrdump_rst proc_battery_cmd debugfs_binder debugfs_blockio debugfs_fuseio debugfs_usb debugfs_fb debugfs_cpuhvfs debugfs_usb20_phy debugfs_dynamic_debug debugfs_wakeup_sources debugfs_shrinker_debug debugfs_dmlog_debug debugfs_page_owner_slim_debug debugfs_rcu debugfs_ged debugfs_gpu_mali_midgard debugfs_gpu_mali_utgard debugfs_gpu_img debugfs_ion debugfs_ion_mm_heap)) (typeattributeset contextmount_type (oemfs_26_0 app_fusefs_26_0)) -(typeattributeset file_type (bootanim_exec_26_0 bootstat_exec_26_0 bufferhubd_exec_26_0 cameraserver_exec_26_0 clatd_exec_26_0 cppreopts_exec_26_0 crash_dump_exec_26_0 dex2oat_exec_26_0 dhcp_exec_26_0 dnsmasq_exec_26_0 drmserver_exec_26_0 drmserver_socket_26_0 dumpstate_exec_26_0 sysfs_usb_26_0 unlabeled_26_0 system_file_26_0 vendor_hal_file_26_0 vendor_file_26_0 vendor_app_file_26_0 vendor_configs_file_26_0 same_process_hal_file_26_0 vndk_sp_file_26_0 vendor_framework_file_26_0 vendor_overlay_file_26_0 runtime_event_log_tags_file_26_0 logcat_exec_26_0 coredump_file_26_0 system_data_file_26_0 unencrypted_data_file_26_0 install_data_file_26_0 drm_data_file_26_0 adb_data_file_26_0 anr_data_file_26_0 tombstone_data_file_26_0 apk_data_file_26_0 apk_tmp_file_26_0 apk_private_data_file_26_0 apk_private_tmp_file_26_0 dalvikcache_data_file_26_0 ota_data_file_26_0 ota_package_file_26_0 user_profile_data_file_26_0 profman_dump_data_file_26_0 resourcecache_data_file_26_0 shell_data_file_26_0 property_data_file_26_0 bootchart_data_file_26_0 heapdump_data_file_26_0 nativetest_data_file_26_0 ringtone_file_26_0 preloads_data_file_26_0 preloads_media_file_26_0 dhcp_data_file_26_0 mnt_media_rw_file_26_0 mnt_user_file_26_0 mnt_expand_file_26_0 storage_file_26_0 mnt_media_rw_stub_file_26_0 storage_stub_file_26_0 postinstall_mnt_dir_26_0 postinstall_file_26_0 adb_keys_file_26_0 audio_data_file_26_0 audiohal_data_file_26_0 audioserver_data_file_26_0 bluetooth_data_file_26_0 bluetooth_logs_data_file_26_0 bootstat_data_file_26_0 boottrace_data_file_26_0 camera_data_file_26_0 gatekeeper_data_file_26_0 incident_data_file_26_0 keychain_data_file_26_0 keystore_data_file_26_0 media_data_file_26_0 media_rw_data_file_26_0 misc_user_data_file_26_0 net_data_file_26_0 nfc_data_file_26_0 radio_data_file_26_0 reboot_data_file_26_0 recovery_data_file_26_0 shared_relro_file_26_0 systemkeys_data_file_26_0 textclassifier_data_file_26_0 vpn_data_file_26_0 wifi_data_file_26_0 zoneinfo_data_file_26_0 vold_data_file_26_0 perfprofd_data_file_26_0 tee_data_file_26_0 update_engine_data_file_26_0 method_trace_data_file_26_0 app_data_file_26_0 system_app_data_file_26_0 cache_file_26_0 cache_backup_file_26_0 cache_private_backup_file_26_0 cache_recovery_file_26_0 efs_file_26_0 wallpaper_file_26_0 shortcut_manager_icons_26_0 icon_file_26_0 asec_apk_file_26_0 asec_public_file_26_0 asec_image_file_26_0 backup_data_file_26_0 bluetooth_efs_file_26_0 fingerprintd_data_file_26_0 app_fuse_file_26_0 adbd_socket_26_0 bluetooth_socket_26_0 dnsproxyd_socket_26_0 dumpstate_socket_26_0 fwmarkd_socket_26_0 lmkd_socket_26_0 logd_socket_26_0 logdr_socket_26_0 logdw_socket_26_0 mdns_socket_26_0 mdnsd_socket_26_0 misc_logd_file_26_0 mtpd_socket_26_0 netd_socket_26_0 property_socket_26_0 racoon_socket_26_0 rild_socket_26_0 rild_debug_socket_26_0 system_wpa_socket_26_0 system_ndebug_socket_26_0 tombstoned_crash_socket_26_0 tombstoned_intercept_socket_26_0 uncrypt_socket_26_0 vold_socket_26_0 webview_zygote_socket_26_0 wpa_socket_26_0 zygote_socket_26_0 gps_control_26_0 pdx_display_dir_26_0 pdx_performance_dir_26_0 pdx_bufferhub_dir_26_0 pdx_display_client_endpoint_socket_26_0 pdx_display_manager_endpoint_socket_26_0 pdx_display_screenshot_endpoint_socket_26_0 pdx_display_vsync_endpoint_socket_26_0 pdx_performance_client_endpoint_socket_26_0 pdx_bufferhub_client_endpoint_socket_26_0 file_contexts_file_26_0 mac_perms_file_26_0 property_contexts_file_26_0 seapp_contexts_file_26_0 sepolicy_file_26_0 service_contexts_file_26_0 hwservice_contexts_file_26_0 vndservice_contexts_file_26_0 fingerprintd_exec_26_0 fsck_exec_26_0 gatekeeperd_exec_26_0 healthd_exec_26_0 hwservicemanager_exec_26_0 idmap_exec_26_0 init_exec_26_0 inputflinger_exec_26_0 install_recovery_exec_26_0 installd_exec_26_0 keystore_exec_26_0 lmkd_exec_26_0 logd_exec_26_0 mediacodec_exec_26_0 mediadrmserver_exec_26_0 mediaextractor_exec_26_0 mediametrics_exec_26_0 mediaserver_exec_26_0 mtp_exec_26_0 netd_exec_26_0 netutils_wrapper_exec_26_0 otapreopt_chroot_exec_26_0 otapreopt_slot_exec_26_0 performanced_exec_26_0 perfprofd_exec_26_0 ppp_exec_26_0 preopt2cachename_exec_26_0 profman_exec_26_0 racoon_exec_26_0 recovery_persist_exec_26_0 recovery_refresh_exec_26_0 runas_exec_26_0 sdcardd_exec_26_0 servicemanager_exec_26_0 sgdisk_exec_26_0 shell_exec_26_0 su_exec_26_0 tombstoned_exec_26_0 toolbox_exec_26_0 tzdatacheck_exec_26_0 uncrypt_exec_26_0 update_engine_exec_26_0 update_verifier_exec_26_0 vdc_exec_26_0 vendor_shell_exec_26_0 vendor_toolbox_exec_26_0 virtual_touchpad_exec_26_0 vold_exec_26_0 vr_hwc_exec_26_0 webview_zygote_exec_26_0 wificond_exec_26_0 zygote_exec_26_0 provision_file_26_0 key_install_data_file_26_0 hostapd_socket hal_audio_default_exec hal_audio_default_tmpfs hal_bluetooth_default_exec hal_bluetooth_default_tmpfs hal_bootctl_default_exec hal_bootctl_default_tmpfs hal_camera_default_exec hal_camera_default_tmpfs hal_configstore_default_exec hal_configstore_default_tmpfs hal_contexthub_default_exec hal_contexthub_default_tmpfs hal_drm_default_exec hal_drm_default_tmpfs hal_dumpstate_default_exec hal_dumpstate_default_tmpfs hal_fingerprint_default_exec hal_fingerprint_default_tmpfs hal_gatekeeper_default_exec hal_gatekeeper_default_tmpfs hal_gnss_default_exec hal_gnss_default_tmpfs hal_graphics_allocator_default_exec hal_graphics_allocator_default_tmpfs hal_graphics_composer_default_exec hal_graphics_composer_default_tmpfs hal_health_default_exec hal_health_default_tmpfs hal_ir_default_exec hal_ir_default_tmpfs hal_keymaster_default_exec hal_keymaster_default_tmpfs hal_light_default_exec hal_light_default_tmpfs hal_memtrack_default_exec hal_memtrack_default_tmpfs hal_nfc_default_exec hal_nfc_default_tmpfs mediacodec_tmpfs hal_power_default_exec hal_power_default_tmpfs hal_sensors_default_exec hal_sensors_default_tmpfs hal_thermal_default_exec hal_thermal_default_tmpfs hal_tv_cec_default_exec hal_tv_cec_default_tmpfs hal_tv_input_default_exec hal_tv_input_default_tmpfs hal_usb_default_exec hal_usb_default_tmpfs hal_vibrator_default_exec hal_vibrator_default_tmpfs hal_vr_default_exec hal_vr_default_tmpfs hal_wifi_default_exec hal_wifi_default_tmpfs hal_wifi_offload_default_exec hal_wifi_offload_default_tmpfs hal_wifi_supplicant_default_exec hal_wifi_supplicant_default_tmpfs hostapd_exec hostapd_tmpfs rild_exec rild_tmpfs tee_exec tee_tmpfs vndservicemanager_exec vndservicemanager_tmpfs MtkCodecService_exec aee_core_forwarder_exec aee_core_forwarder_tmpfs biosensord_nvram_exec biosensord_nvram_file biosensord_nvram_tmpfs ccci_fsd_exec ccci_fsd_tmpfs ccci_mdinit_exec ccci_mdinit_tmpfs custom_file lost_found_data_file dontpanic_data_file resource_cache_data_file http_proxy_cfg_data_file acdapi_data_file ppp_data_file wide_dhcpv6_data_file wpa_supplicant_data_file radvd_data_file volte_vt_socket dfo_socket rild2_socket rild3_socket rild4_socket rild_mal_socket rild_mal_at_socket rild_mal_md2_socket rild_mal_at_md2_socket rild_ims_socket rild_imsm_socket rild_oem_socket rild_mtk_ut_socket rild_mtk_ut_2_socket rild_mtk_modem_socket rild_md2_socket rild2_md2_socket rild_debug_md2_socket rild_oem_md2_socket rild_mtk_ut_md2_socket rild_mtk_ut_2_md2_socket rild_mtk_modem_md2_socket rild_vsim_socket rild_vsim_md2_socket mal_mfi_socket mal_data_file netdiag_socket wpa_wlan0_socket soc_vt_imcb_socket soc_vt_tcv_socket soc_vt_stk_socket soc_vt_svc_socket dbus_bluetooth_socket bt_int_adp_socket bt_a2dp_stream_socket bt_data_file agpsd_socket agpsd_data_file mnld_socket mnld_data_file gps_data_file MPED_socket MPED_data_file sysctl_socket backuprestore_socket protect_f_data_file protect_s_data_file persist_data_file nvram_data_file nvdata_file nvcfg_file cct_data_file mediaserver_data_file mediacodec_data_file logmisc_data_file logtemp_data_file aee_core_data_file aee_tombstone_data_file aee_exp_data_file aee_dumpsys_data_file sf_rtt_file rild-dongle_socket ccci_cfg_file c2k_file sensor_data_file stp_dump_data_file sysfs_keypad_file rild_via_socket rpc_socket rild_ctclient_socket data_tmpfs_log_file fon_image_data_file ims_ipsec_data_file thermal_manager_data_file adbd_data_file autokd_data_file sf_bqdump_data_file nfc_socket factory_data_file mdlog_data_file mtk_audiohal_data_file fuelgauged_exec fuelgauged_file fuelgauged_tmpfs fuelgauged_nvram_exec fuelgauged_nvram_file fuelgauged_nvram_tmpfs gsm0710muxd_exec gsm0710muxd_tmpfs hal_drm_widevine_exec hal_drm_widevine_tmpfs hal_keymaster_attestation_exec hal_keymaster_attestation_tmpfs lbs_hidl_service_exec lbs_hidl_service_tmpfs md_ctrl_exec md_ctrl_tmpfs mmc_ffu_exec mmc_ffu_tmpfs mnld_exec mnld_tmpfs MPED_exec MPED_tmpfs mtk_agpsd_exec mtk_agpsd_tmpfs mtk_hal_audio_exec mtk_hal_audio_tmpfs mtk_hal_bluetooth_exec mtk_hal_bluetooth_tmpfs mtk_hal_camera_exec mtk_hal_camera_tmpfs mtk_hal_gnss_exec mtk_hal_gnss_tmpfs mtk_hal_imsa_exec mtk_hal_imsa_tmpfs mtk_hal_light_exec mtk_hal_light_tmpfs mtk_hal_power_exec mtk_hal_power_tmpfs mtk_hal_pq_exec mtk_hal_pq_tmpfs mtk_hal_sensors_exec mtk_hal_sensors_tmpfs mtk_wmt_launcher_exec mtk_wmt_launcher_tmpfs mtkrild_exec mtkrild_tmpfs muxreport_exec muxreport_tmpfs nvram_agent_binder_exec nvram_agent_binder_tmpfs nvram_daemon_exec nvram_daemon_tmpfs slpd_exec slpd_tmpfs spm_loader_exec spm_loader_tmpfs stp_dump3_exec stp_dump3_tmpfs sysenv_daemon_exec sysenv_daemon_tmpfs thermal_manager_exec thermal_manager_tmpfs thermalloadalgod_exec thermalloadalgod_tmpfs vendor_app_tmpfs wifi2agps_exec wifi2agps_tmpfs wmt_loader_exec wmt_loader_tmpfs epdg_wod_exec wod_ipsec_conf_file wod_apn_conf_file wod_action_socket wod_sim_socket wod_ipsec_socket wod_dns_socket epdg_wod_tmpfs volte_imcb_socket volte_ua_socket volte_stack_socket starter_exec charon_exec ipsec_exec stroke_exec mtkmal_exec mtkmal_tmpfs volte_imcb_exec volte_imsa1_socket volte_imsvt1_socket volte_imcb_tmpfs volte_imsm_md_exec volte_imsm_md_tmpfs volte_stack_exec volte_stack_tmpfs volte_ua_exec volte_ua_tmpfs wfca_exec wfca_tmpfs)) +#(typeattributeset file_type (bootanim_exec_26_0 bootstat_exec_26_0 bufferhubd_exec_26_0 cameraserver_exec_26_0 clatd_exec_26_0 cppreopts_exec_26_0 crash_dump_exec_26_0 dex2oat_exec_26_0 dhcp_exec_26_0 dnsmasq_exec_26_0 drmserver_exec_26_0 drmserver_socket_26_0 dumpstate_exec_26_0 sysfs_usb_26_0 unlabeled_26_0 system_file_26_0 vendor_hal_file_26_0 vendor_file_26_0 vendor_app_file_26_0 vendor_configs_file_26_0 same_process_hal_file_26_0 vndk_sp_file_26_0 vendor_framework_file_26_0 vendor_overlay_file_26_0 runtime_event_log_tags_file_26_0 logcat_exec_26_0 coredump_file_26_0 system_data_file_26_0 unencrypted_data_file_26_0 install_data_file_26_0 drm_data_file_26_0 adb_data_file_26_0 anr_data_file_26_0 tombstone_data_file_26_0 apk_data_file_26_0 apk_tmp_file_26_0 apk_private_data_file_26_0 apk_private_tmp_file_26_0 dalvikcache_data_file_26_0 ota_data_file_26_0 ota_package_file_26_0 user_profile_data_file_26_0 profman_dump_data_file_26_0 resourcecache_data_file_26_0 shell_data_file_26_0 property_data_file_26_0 bootchart_data_file_26_0 heapdump_data_file_26_0 nativetest_data_file_26_0 ringtone_file_26_0 preloads_data_file_26_0 preloads_media_file_26_0 dhcp_data_file_26_0 mnt_media_rw_file_26_0 mnt_user_file_26_0 mnt_expand_file_26_0 storage_file_26_0 mnt_media_rw_stub_file_26_0 storage_stub_file_26_0 postinstall_mnt_dir_26_0 postinstall_file_26_0 adb_keys_file_26_0 audio_data_file_26_0 audiohal_data_file_26_0 audioserver_data_file_26_0 bluetooth_data_file_26_0 bluetooth_logs_data_file_26_0 bootstat_data_file_26_0 boottrace_data_file_26_0 camera_data_file_26_0 gatekeeper_data_file_26_0 incident_data_file_26_0 keychain_data_file_26_0 keystore_data_file_26_0 media_data_file_26_0 media_rw_data_file_26_0 misc_user_data_file_26_0 net_data_file_26_0 nfc_data_file_26_0 radio_data_file_26_0 reboot_data_file_26_0 recovery_data_file_26_0 shared_relro_file_26_0 systemkeys_data_file_26_0 textclassifier_data_file_26_0 vpn_data_file_26_0 wifi_data_file_26_0 zoneinfo_data_file_26_0 vold_data_file_26_0 perfprofd_data_file_26_0 tee_data_file_26_0 update_engine_data_file_26_0 method_trace_data_file_26_0 app_data_file_26_0 system_app_data_file_26_0 cache_file_26_0 cache_backup_file_26_0 cache_private_backup_file_26_0 cache_recovery_file_26_0 efs_file_26_0 wallpaper_file_26_0 shortcut_manager_icons_26_0 icon_file_26_0 asec_apk_file_26_0 asec_public_file_26_0 asec_image_file_26_0 backup_data_file_26_0 bluetooth_efs_file_26_0 fingerprintd_data_file_26_0 app_fuse_file_26_0 adbd_socket_26_0 bluetooth_socket_26_0 dnsproxyd_socket_26_0 dumpstate_socket_26_0 fwmarkd_socket_26_0 lmkd_socket_26_0 logd_socket_26_0 logdr_socket_26_0 logdw_socket_26_0 mdns_socket_26_0 mdnsd_socket_26_0 misc_logd_file_26_0 mtpd_socket_26_0 netd_socket_26_0 property_socket_26_0 racoon_socket_26_0 rild_socket_26_0 rild_debug_socket_26_0 system_wpa_socket_26_0 system_ndebug_socket_26_0 tombstoned_crash_socket_26_0 tombstoned_intercept_socket_26_0 uncrypt_socket_26_0 vold_socket_26_0 webview_zygote_socket_26_0 wpa_socket_26_0 zygote_socket_26_0 gps_control_26_0 pdx_display_dir_26_0 pdx_performance_dir_26_0 pdx_bufferhub_dir_26_0 pdx_display_client_endpoint_socket_26_0 pdx_display_manager_endpoint_socket_26_0 pdx_display_screenshot_endpoint_socket_26_0 pdx_display_vsync_endpoint_socket_26_0 pdx_performance_client_endpoint_socket_26_0 pdx_bufferhub_client_endpoint_socket_26_0 file_contexts_file_26_0 mac_perms_file_26_0 property_contexts_file_26_0 seapp_contexts_file_26_0 sepolicy_file_26_0 service_contexts_file_26_0 hwservice_contexts_file_26_0 vndservice_contexts_file_26_0 fingerprintd_exec_26_0 fsck_exec_26_0 gatekeeperd_exec_26_0 healthd_exec_26_0 hwservicemanager_exec_26_0 idmap_exec_26_0 init_exec_26_0 inputflinger_exec_26_0 install_recovery_exec_26_0 installd_exec_26_0 keystore_exec_26_0 lmkd_exec_26_0 logd_exec_26_0 mediacodec_exec_26_0 mediadrmserver_exec_26_0 mediaextractor_exec_26_0 mediametrics_exec_26_0 mediaserver_exec_26_0 mtp_exec_26_0 netd_exec_26_0 netutils_wrapper_exec_26_0 otapreopt_chroot_exec_26_0 otapreopt_slot_exec_26_0 performanced_exec_26_0 perfprofd_exec_26_0 ppp_exec_26_0 preopt2cachename_exec_26_0 profman_exec_26_0 racoon_exec_26_0 recovery_persist_exec_26_0 recovery_refresh_exec_26_0 runas_exec_26_0 sdcardd_exec_26_0 servicemanager_exec_26_0 sgdisk_exec_26_0 shell_exec_26_0 su_exec_26_0 tombstoned_exec_26_0 toolbox_exec_26_0 tzdatacheck_exec_26_0 uncrypt_exec_26_0 update_engine_exec_26_0 update_verifier_exec_26_0 vdc_exec_26_0 vendor_shell_exec_26_0 vendor_toolbox_exec_26_0 virtual_touchpad_exec_26_0 vold_exec_26_0 vr_hwc_exec_26_0 webview_zygote_exec_26_0 wificond_exec_26_0 zygote_exec_26_0 provision_file_26_0 key_install_data_file_26_0 hostapd_socket hal_audio_default_exec hal_audio_default_tmpfs hal_bluetooth_default_exec hal_bluetooth_default_tmpfs hal_bootctl_default_exec hal_bootctl_default_tmpfs hal_camera_default_exec hal_camera_default_tmpfs hal_configstore_default_exec hal_configstore_default_tmpfs hal_contexthub_default_exec hal_contexthub_default_tmpfs hal_drm_default_exec hal_drm_default_tmpfs hal_dumpstate_default_exec hal_dumpstate_default_tmpfs hal_fingerprint_default_exec hal_fingerprint_default_tmpfs hal_gatekeeper_default_exec hal_gatekeeper_default_tmpfs hal_gnss_default_exec hal_gnss_default_tmpfs hal_graphics_allocator_default_exec hal_graphics_allocator_default_tmpfs hal_graphics_composer_default_exec hal_graphics_composer_default_tmpfs hal_health_default_exec hal_health_default_tmpfs hal_ir_default_exec hal_ir_default_tmpfs hal_keymaster_default_exec hal_keymaster_default_tmpfs hal_light_default_exec hal_light_default_tmpfs hal_memtrack_default_exec hal_memtrack_default_tmpfs hal_nfc_default_exec hal_nfc_default_tmpfs mediacodec_tmpfs hal_power_default_exec hal_power_default_tmpfs hal_sensors_default_exec hal_sensors_default_tmpfs hal_thermal_default_exec hal_thermal_default_tmpfs hal_tv_cec_default_exec hal_tv_cec_default_tmpfs hal_tv_input_default_exec hal_tv_input_default_tmpfs hal_usb_default_exec hal_usb_default_tmpfs hal_vibrator_default_exec hal_vibrator_default_tmpfs hal_vr_default_exec hal_vr_default_tmpfs hal_wifi_default_exec hal_wifi_default_tmpfs hal_wifi_offload_default_exec hal_wifi_offload_default_tmpfs hal_wifi_supplicant_default_exec hal_wifi_supplicant_default_tmpfs hostapd_exec hostapd_tmpfs rild_exec rild_tmpfs tee_exec tee_tmpfs vndservicemanager_exec vndservicemanager_tmpfs MtkCodecService_exec aee_core_forwarder_exec aee_core_forwarder_tmpfs biosensord_nvram_exec biosensord_nvram_file biosensord_nvram_tmpfs ccci_fsd_exec ccci_fsd_tmpfs ccci_mdinit_exec ccci_mdinit_tmpfs custom_file lost_found_data_file dontpanic_data_file resource_cache_data_file http_proxy_cfg_data_file acdapi_data_file ppp_data_file wide_dhcpv6_data_file wpa_supplicant_data_file radvd_data_file volte_vt_socket dfo_socket rild2_socket rild3_socket rild4_socket rild_mal_socket rild_mal_at_socket rild_mal_md2_socket rild_mal_at_md2_socket rild_ims_socket rild_imsm_socket rild_oem_socket rild_mtk_ut_socket rild_mtk_ut_2_socket rild_mtk_modem_socket rild_md2_socket rild2_md2_socket rild_debug_md2_socket rild_oem_md2_socket rild_mtk_ut_md2_socket rild_mtk_ut_2_md2_socket rild_mtk_modem_md2_socket rild_vsim_socket rild_vsim_md2_socket mal_mfi_socket mal_data_file netdiag_socket wpa_wlan0_socket soc_vt_imcb_socket soc_vt_tcv_socket soc_vt_stk_socket soc_vt_svc_socket dbus_bluetooth_socket bt_int_adp_socket bt_a2dp_stream_socket bt_data_file agpsd_socket agpsd_data_file mnld_socket mnld_data_file gps_data_file MPED_socket MPED_data_file sysctl_socket backuprestore_socket protect_f_data_file protect_s_data_file persist_data_file nvram_data_file nvdata_file nvcfg_file cct_data_file mediaserver_data_file mediacodec_data_file logmisc_data_file logtemp_data_file aee_core_data_file aee_tombstone_data_file aee_exp_data_file aee_dumpsys_data_file sf_rtt_file rild-dongle_socket ccci_cfg_file c2k_file sensor_data_file stp_dump_data_file sysfs_keypad_file rild_via_socket rpc_socket rild_ctclient_socket data_tmpfs_log_file fon_image_data_file ims_ipsec_data_file thermal_manager_data_file adbd_data_file autokd_data_file sf_bqdump_data_file nfc_socket factory_data_file mdlog_data_file mtk_audiohal_data_file fuelgauged_exec fuelgauged_file fuelgauged_tmpfs fuelgauged_nvram_exec fuelgauged_nvram_file fuelgauged_nvram_tmpfs gsm0710muxd_exec gsm0710muxd_tmpfs hal_drm_widevine_exec hal_drm_widevine_tmpfs hal_keymaster_attestation_exec hal_keymaster_attestation_tmpfs lbs_hidl_service_exec lbs_hidl_service_tmpfs md_ctrl_exec md_ctrl_tmpfs mmc_ffu_exec mmc_ffu_tmpfs mnld_exec mnld_tmpfs MPED_exec MPED_tmpfs mtk_agpsd_exec mtk_agpsd_tmpfs mtk_hal_audio_exec mtk_hal_audio_tmpfs mtk_hal_bluetooth_exec mtk_hal_bluetooth_tmpfs mtk_hal_camera_exec mtk_hal_camera_tmpfs mtk_hal_gnss_exec mtk_hal_gnss_tmpfs mtk_hal_imsa_exec mtk_hal_imsa_tmpfs mtk_hal_light_exec mtk_hal_light_tmpfs mtk_hal_power_exec mtk_hal_power_tmpfs mtk_hal_pq_exec mtk_hal_pq_tmpfs mtk_hal_sensors_exec mtk_hal_sensors_tmpfs mtk_wmt_launcher_exec mtk_wmt_launcher_tmpfs mtkrild_exec mtkrild_tmpfs muxreport_exec muxreport_tmpfs nvram_agent_binder_exec nvram_agent_binder_tmpfs nvram_daemon_exec nvram_daemon_tmpfs slpd_exec slpd_tmpfs spm_loader_exec spm_loader_tmpfs stp_dump3_exec stp_dump3_tmpfs sysenv_daemon_exec sysenv_daemon_tmpfs thermal_manager_exec thermal_manager_tmpfs thermalloadalgod_exec thermalloadalgod_tmpfs vendor_app_tmpfs wifi2agps_exec wifi2agps_tmpfs wmt_loader_exec wmt_loader_tmpfs epdg_wod_exec wod_ipsec_conf_file wod_apn_conf_file wod_action_socket wod_sim_socket wod_ipsec_socket wod_dns_socket epdg_wod_tmpfs volte_imcb_socket volte_ua_socket volte_stack_socket starter_exec charon_exec ipsec_exec stroke_exec mtkmal_exec mtkmal_tmpfs volte_imcb_exec volte_imsa1_socket volte_imsvt1_socket volte_imcb_tmpfs volte_imsm_md_exec volte_imsm_md_tmpfs volte_stack_exec volte_stack_tmpfs volte_ua_exec volte_ua_tmpfs wfca_exec wfca_tmpfs)) (typeattributeset exec_type (bootanim_exec_26_0 bootstat_exec_26_0 bufferhubd_exec_26_0 cameraserver_exec_26_0 clatd_exec_26_0 cppreopts_exec_26_0 crash_dump_exec_26_0 dex2oat_exec_26_0 dhcp_exec_26_0 dnsmasq_exec_26_0 drmserver_exec_26_0 dumpstate_exec_26_0 logcat_exec_26_0 fingerprintd_exec_26_0 fsck_exec_26_0 gatekeeperd_exec_26_0 healthd_exec_26_0 hwservicemanager_exec_26_0 idmap_exec_26_0 init_exec_26_0 inputflinger_exec_26_0 install_recovery_exec_26_0 installd_exec_26_0 keystore_exec_26_0 lmkd_exec_26_0 logd_exec_26_0 mediacodec_exec_26_0 mediadrmserver_exec_26_0 mediaextractor_exec_26_0 mediametrics_exec_26_0 mediaserver_exec_26_0 mtp_exec_26_0 netd_exec_26_0 netutils_wrapper_exec_26_0 otapreopt_chroot_exec_26_0 otapreopt_slot_exec_26_0 performanced_exec_26_0 perfprofd_exec_26_0 ppp_exec_26_0 preopt2cachename_exec_26_0 profman_exec_26_0 racoon_exec_26_0 recovery_persist_exec_26_0 recovery_refresh_exec_26_0 runas_exec_26_0 sdcardd_exec_26_0 servicemanager_exec_26_0 sgdisk_exec_26_0 shell_exec_26_0 su_exec_26_0 tombstoned_exec_26_0 toolbox_exec_26_0 tzdatacheck_exec_26_0 uncrypt_exec_26_0 update_engine_exec_26_0 update_verifier_exec_26_0 vdc_exec_26_0 vendor_shell_exec_26_0 vendor_toolbox_exec_26_0 virtual_touchpad_exec_26_0 vold_exec_26_0 vr_hwc_exec_26_0 webview_zygote_exec_26_0 wificond_exec_26_0 zygote_exec_26_0 hal_audio_default_exec hal_bluetooth_default_exec hal_bootctl_default_exec hal_camera_default_exec hal_configstore_default_exec hal_contexthub_default_exec hal_drm_default_exec hal_dumpstate_default_exec hal_fingerprint_default_exec hal_gatekeeper_default_exec hal_gnss_default_exec hal_graphics_allocator_default_exec hal_graphics_composer_default_exec hal_health_default_exec hal_ir_default_exec hal_keymaster_default_exec hal_light_default_exec hal_memtrack_default_exec hal_nfc_default_exec hal_power_default_exec hal_sensors_default_exec hal_thermal_default_exec hal_tv_cec_default_exec hal_tv_input_default_exec hal_usb_default_exec hal_vibrator_default_exec hal_vr_default_exec hal_wifi_default_exec hal_wifi_offload_default_exec hal_wifi_supplicant_default_exec hostapd_exec rild_exec tee_exec vndservicemanager_exec MtkCodecService_exec aee_core_forwarder_exec biosensord_nvram_exec ccci_fsd_exec ccci_mdinit_exec fuelgauged_exec fuelgauged_nvram_exec gsm0710muxd_exec hal_drm_widevine_exec hal_keymaster_attestation_exec lbs_hidl_service_exec md_ctrl_exec mmc_ffu_exec mnld_exec MPED_exec mtk_agpsd_exec mtk_hal_audio_exec mtk_hal_bluetooth_exec mtk_hal_camera_exec mtk_hal_gnss_exec mtk_hal_imsa_exec mtk_hal_light_exec mtk_hal_power_exec mtk_hal_pq_exec mtk_hal_sensors_exec mtk_wmt_launcher_exec mtkrild_exec muxreport_exec nvram_agent_binder_exec nvram_daemon_exec slpd_exec spm_loader_exec stp_dump3_exec sysenv_daemon_exec thermal_manager_exec thermalloadalgod_exec wifi2agps_exec wmt_loader_exec epdg_wod_exec starter_exec charon_exec ipsec_exec stroke_exec mtkmal_exec volte_imcb_exec volte_imsm_md_exec volte_stack_exec volte_ua_exec wfca_exec)) (typeattributeset data_file_type (system_data_file_26_0 unencrypted_data_file_26_0 install_data_file_26_0 drm_data_file_26_0 adb_data_file_26_0 anr_data_file_26_0 tombstone_data_file_26_0 apk_data_file_26_0 apk_tmp_file_26_0 apk_private_data_file_26_0 apk_private_tmp_file_26_0 dalvikcache_data_file_26_0 ota_data_file_26_0 ota_package_file_26_0 user_profile_data_file_26_0 profman_dump_data_file_26_0 resourcecache_data_file_26_0 shell_data_file_26_0 property_data_file_26_0 bootchart_data_file_26_0 heapdump_data_file_26_0 nativetest_data_file_26_0 ringtone_file_26_0 preloads_data_file_26_0 preloads_media_file_26_0 dhcp_data_file_26_0 adb_keys_file_26_0 audio_data_file_26_0 audiohal_data_file_26_0 audioserver_data_file_26_0 bluetooth_data_file_26_0 bluetooth_logs_data_file_26_0 bootstat_data_file_26_0 boottrace_data_file_26_0 camera_data_file_26_0 gatekeeper_data_file_26_0 incident_data_file_26_0 keychain_data_file_26_0 keystore_data_file_26_0 media_data_file_26_0 media_rw_data_file_26_0 misc_user_data_file_26_0 net_data_file_26_0 nfc_data_file_26_0 radio_data_file_26_0 reboot_data_file_26_0 recovery_data_file_26_0 shared_relro_file_26_0 systemkeys_data_file_26_0 textclassifier_data_file_26_0 vpn_data_file_26_0 wifi_data_file_26_0 zoneinfo_data_file_26_0 vold_data_file_26_0 perfprofd_data_file_26_0 tee_data_file_26_0 update_engine_data_file_26_0 method_trace_data_file_26_0 app_data_file_26_0 system_app_data_file_26_0 wallpaper_file_26_0 shortcut_manager_icons_26_0 icon_file_26_0 asec_apk_file_26_0 asec_public_file_26_0 asec_image_file_26_0 backup_data_file_26_0 fingerprintd_data_file_26_0 app_fuse_file_26_0 provision_file_26_0 key_install_data_file_26_0 biosensord_nvram_file custom_file lost_found_data_file dontpanic_data_file resource_cache_data_file http_proxy_cfg_data_file acdapi_data_file ppp_data_file wide_dhcpv6_data_file wpa_supplicant_data_file radvd_data_file mal_data_file bt_data_file agpsd_data_file mnld_data_file gps_data_file MPED_data_file protect_f_data_file protect_s_data_file persist_data_file nvram_data_file nvdata_file nvcfg_file cct_data_file mediaserver_data_file mediacodec_data_file logmisc_data_file logtemp_data_file aee_core_data_file aee_tombstone_data_file aee_exp_data_file aee_dumpsys_data_file sf_rtt_file ccci_cfg_file c2k_file sensor_data_file stp_dump_data_file data_tmpfs_log_file fon_image_data_file ims_ipsec_data_file thermal_manager_data_file adbd_data_file autokd_data_file sf_bqdump_data_file nfc_socket factory_data_file mdlog_data_file mtk_audiohal_data_file fuelgauged_file fuelgauged_nvram_file metlog_data_file wod_ipsec_conf_file wod_apn_conf_file)) (typeattributeset core_data_file_type (system_data_file_26_0 unencrypted_data_file_26_0 install_data_file_26_0 drm_data_file_26_0 adb_data_file_26_0 anr_data_file_26_0 tombstone_data_file_26_0 apk_data_file_26_0 apk_tmp_file_26_0 apk_private_data_file_26_0 apk_private_tmp_file_26_0 dalvikcache_data_file_26_0 ota_data_file_26_0 ota_package_file_26_0 user_profile_data_file_26_0 profman_dump_data_file_26_0 resourcecache_data_file_26_0 shell_data_file_26_0 property_data_file_26_0 bootchart_data_file_26_0 heapdump_data_file_26_0 nativetest_data_file_26_0 ringtone_file_26_0 preloads_data_file_26_0 preloads_media_file_26_0 dhcp_data_file_26_0 adb_keys_file_26_0 audio_data_file_26_0 audiohal_data_file_26_0 audioserver_data_file_26_0 bluetooth_data_file_26_0 bluetooth_logs_data_file_26_0 bootstat_data_file_26_0 boottrace_data_file_26_0 camera_data_file_26_0 gatekeeper_data_file_26_0 incident_data_file_26_0 keychain_data_file_26_0 keystore_data_file_26_0 media_data_file_26_0 media_rw_data_file_26_0 misc_user_data_file_26_0 net_data_file_26_0 nfc_data_file_26_0 radio_data_file_26_0 reboot_data_file_26_0 recovery_data_file_26_0 shared_relro_file_26_0 systemkeys_data_file_26_0 textclassifier_data_file_26_0 vpn_data_file_26_0 wifi_data_file_26_0 zoneinfo_data_file_26_0 vold_data_file_26_0 perfprofd_data_file_26_0 update_engine_data_file_26_0 method_trace_data_file_26_0 app_data_file_26_0 system_app_data_file_26_0 wallpaper_file_26_0 shortcut_manager_icons_26_0 icon_file_26_0 asec_apk_file_26_0 asec_public_file_26_0 asec_image_file_26_0 backup_data_file_26_0 fingerprintd_data_file_26_0 app_fuse_file_26_0 adbd_data_file sf_bqdump_data_file nfc_socket factory_data_file mdlog_data_file)) @@ -8332,9 +8332,9 @@ (allow vndservicemanager_26_0 lbs_hidl_service (dir (search))) (allow vndservicemanager_26_0 lbs_hidl_service (file (read open))) (allow vndservicemanager_26_0 lbs_hidl_service (process (getattr))) -(allow lbs_hidl_service system_file_26_0 (dir (ioctl read getattr lock search open))) -(allow lbs_hidl_service system_file_26_0 (file (ioctl read getattr lock open))) -(allow lbs_hidl_service system_file_26_0 (lnk_file (ioctl read getattr lock open))) +#(allow lbs_hidl_service system_file_26_0 (dir (ioctl read getattr lock search open))) +#(allow lbs_hidl_service system_file_26_0 (file (ioctl read getattr lock open))) +#(allow lbs_hidl_service system_file_26_0 (lnk_file (ioctl read getattr lock open))) (allow lbs_hidl_service agpsd_socket (sock_file (write))) (allow lbs_hidl_service mtk_agpsd (unix_stream_socket (connectto))) (allow lbs_hidl_service mtk_agpsd (unix_dgram_socket (sendto))) @@ -9031,9 +9031,9 @@ (typetransition mtk_hal_bluetooth tmpfs_26_0 file mtk_hal_bluetooth_tmpfs) (allow mtk_hal_bluetooth mtk_hal_bluetooth_tmpfs (file (read write getattr))) (allow mtk_hal_bluetooth tmpfs_26_0 (dir (getattr search))) -(allow mtk_hal_bluetooth system_file_26_0 (dir (ioctl read getattr lock search open))) -(allow mtk_hal_bluetooth system_file_26_0 (file (ioctl read getattr lock open))) -(allow mtk_hal_bluetooth system_file_26_0 (lnk_file (ioctl read getattr lock open))) +#(allow mtk_hal_bluetooth system_file_26_0 (dir (ioctl read getattr lock search open))) +#(allow mtk_hal_bluetooth system_file_26_0 (file (ioctl read getattr lock open))) +#(allow mtk_hal_bluetooth system_file_26_0 (lnk_file (ioctl read getattr lock open))) (allow mtk_hal_bluetooth bluetooth_26_0 (binder (call transfer))) (allow bluetooth_26_0 mtk_hal_bluetooth (binder (transfer))) (allow mtk_hal_bluetooth bluetooth_26_0 (fd (use))) @@ -9227,9 +9227,9 @@ (allow vndservicemanager_26_0 mtk_hal_gnss (dir (search))) (allow vndservicemanager_26_0 mtk_hal_gnss (file (read open))) (allow vndservicemanager_26_0 mtk_hal_gnss (process (getattr))) -(allow mtk_hal_gnss system_file_26_0 (dir (ioctl read getattr lock search open))) -(allow mtk_hal_gnss system_file_26_0 (file (ioctl read getattr lock open))) -(allow mtk_hal_gnss system_file_26_0 (lnk_file (ioctl read getattr lock open))) +#(allow mtk_hal_gnss system_file_26_0 (dir (ioctl read getattr lock search open))) +#(allow mtk_hal_gnss system_file_26_0 (file (ioctl read getattr lock open))) +#(allow mtk_hal_gnss system_file_26_0 (lnk_file (ioctl read getattr lock open))) (allow mtk_hal_gnss mnld_data_file (sock_file (ioctl read write create getattr setattr lock append unlink rename open))) (allow mtk_hal_gnss mnld_data_file (sock_file (ioctl read write getattr lock append open))) (allow mtk_hal_gnss mnld_data_file (dir (ioctl read write create getattr setattr lock append unlink rename open))) @@ -10571,7 +10571,7 @@ (allow wfca node_26_0 (udp_socket (node_bind))) (allow wfca port_26_0 (udp_socket (name_bind))) (allow wfca fwmarkd_socket_26_0 (sock_file (write))) -(allow wfca system_file_26_0 (file (execute_no_trans))) +#(allow wfca system_file_26_0 (file (execute_no_trans))) (allow wfca ccci_device (chr_file (ioctl read write open))) (allow wfca sysfs_wake_lock_26_0 (file (read write open))) (allow wfca self (rawip_socket (read write create getattr bind setopt))) diff --git a/prebuilts/api/26.0/plat_private/aee_aed.te b/prebuilts/api/26.0/plat_private/aee_aed.te index 1ba4f0a..85ac8b7 100755 --- a/prebuilts/api/26.0/plat_private/aee_aed.te +++ b/prebuilts/api/26.0/plat_private/aee_aed.te @@ -41,7 +41,7 @@ allow aee_aed property_socket:sock_file write; allow aee_aed system_file:file execute_no_trans; allow aee_aed init:process getsched; -allow aee_aed kernel:process getsched; +#allow aee_aed kernel:process getsched; # Date: W15.34 # Operation: Migration @@ -78,8 +78,8 @@ domain_auto_trans(aee_aed, dumpstate_exec, dumpstate) # allow aee_aed aee_core_forwarder:file { read getattr open }; userdebug_or_eng(` - allow aee_aed su:dir {search read open }; - allow aee_aed su:file { read getattr open }; +# allow aee_aed su:dir {search read open }; +# allow aee_aed su:file { read getattr open }; ') # /data/tombstone @@ -90,7 +90,7 @@ allow aee_aed tombstone_data_file:file create_file_perms; allow aee_aed self:capability { fowner chown fsetid sys_nice sys_resource net_admin sys_module}; # system(cmd) aee_dumpstate aee_archive -allow aee_aed shell_exec:file rx_file_perms; +#allow aee_aed shell_exec:file rx_file_perms; # PROCESS_FILE_STATE allow aee_aed dumpstate:unix_stream_socket { read write ioctl }; diff --git a/prebuilts/api/26.0/plat_private/crash_dump.te b/prebuilts/api/26.0/plat_private/crash_dump.te index 5cd2c58..238ac06 100755 --- a/prebuilts/api/26.0/plat_private/crash_dump.te +++ b/prebuilts/api/26.0/plat_private/crash_dump.te @@ -1 +1 @@ -allow crash_dump aee_aed:unix_stream_socket connectto; \ No newline at end of file +#allow crash_dump aee_aed:unix_stream_socket connectto; \ No newline at end of file diff --git a/prebuilts/api/26.0/plat_private/dumpstate.te b/prebuilts/api/26.0/plat_private/dumpstate.te index 5660ca0..8010f66 100755 --- a/prebuilts/api/26.0/plat_private/dumpstate.te +++ b/prebuilts/api/26.0/plat_private/dumpstate.te @@ -14,7 +14,7 @@ allow dumpstate mnt_user_file:lnk_file read; allow dumpstate storage_file:lnk_file read; # Purpose: timer_intval. this is neverallow -allow dumpstate app_data_file:dir search; +#allow dumpstate app_data_file:dir search; allow dumpstate kmsg_device:chr_file r_file_perms; # Purpose: @@ -40,4 +40,4 @@ allow dumpstate gpu_device:dir search; # Purpose: 01-01 08:30:57.474 286 286 E SELinux : avc: denied { find } for interface= # android.hardware.camera.provider::ICameraProvider pid=3133 scontext=u:r:dumpstate:s0 tcontext= # u:object_r:hal_camera_hwservice:s0 tclass=hwservice_manager -allow dumpstate hal_camera_hwservice:hwservice_manager find; +#allow dumpstate hal_camera_hwservice:hwservice_manager find; diff --git a/prebuilts/api/26.0/plat_private/kisd.te b/prebuilts/api/26.0/plat_private/kisd.te index 46897b3..4a46812 100755 --- a/prebuilts/api/26.0/plat_private/kisd.te +++ b/prebuilts/api/26.0/plat_private/kisd.te @@ -18,7 +18,7 @@ init_daemon_domain(kisd) allow kisd tee_device:chr_file {read write open ioctl}; allow kisd provision_file:dir {read write open ioctl add_name search remove_name}; allow kisd provision_file:file {create read write open getattr unlink}; -allow kisd system_file:file {execute_no_trans}; +#allow kisd system_file:file {execute_no_trans}; allow kisd block_device:dir {read write open ioctl search}; allow kisd kb_block_device:blk_file {read write open ioctl getattr}; allow kisd dkb_block_device:blk_file {read write open ioctl getattr};