NekoSakura/android_device_mediatek_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[ALPS04760107] Fix high risk selinux

Browse Source 
Fix high risk selinux in atci

MTK-Commit-Id: 920482c8d6406a57b2b653e98b8b28c30c2e6d1b

Change-Id: I6cbd85f3699f055312a5f6b2ea577bd9161ef29e
CR-Id: ALPS04760107
Feature: [Module]ATCI (AT Command Interface)
This commit is contained in:
yizheng.yang 2020-01-18 10:20:00 +08:00
parent ef2d9a611a
commit 1a9ed28058
2 changed files with 2 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
non_plat/atci_service.te
View File

@ -13,9 +13,6 @@ init_daemon_domain(atci_service)
allow atci_service block_device:dir search; allow atci_service block_device:dir search;
allow atci_service misc2_block_device:blk_file { open read write }; allow atci_service misc2_block_device:blk_file { open read write };
allow atci_service misc2_device:chr_file { open read write }; allow atci_service misc2_device:chr_file { open read write };
allow atci_service bootdevice_block_device:blk_file { open read write };
allow atci_service self:capability { net_raw chown fsetid sys_nice net_admin fowner sys_admin };
allow atci_service camera_isp_device:chr_file { read write ioctl open }; allow atci_service camera_isp_device:chr_file { read write ioctl open };
allow atci_service graphics_device:chr_file { read write ioctl open }; allow atci_service graphics_device:chr_file { read write ioctl open };
allow atci_service graphics_device:dir search; allow atci_service graphics_device:dir search;
@ -71,11 +68,9 @@ allow atci_service storage_file:lnk_file read;
#allow atci_service media_rw_data_file:file { read write create open }; #allow atci_service media_rw_data_file:file { read write create open };
#============= atci_service ============== #============= atci_service ==============
allow atci_service property_socket:sock_file write;
allow atci_service CAM_CAL_DRV_device:chr_file { read write ioctl open}; allow atci_service CAM_CAL_DRV_device:chr_file { read write ioctl open};
allow atci_service init:unix_stream_socket connectto; set_prop(atci_service, mtk_em_prop)
allow atci_service mtk_em_prop:property_service set;
# Date : 2016/03/02 # Date : 2016/03/02
# Operation : M-Migration # Operation : M-Migration

6
non_plat/atcid.te
View File

@ -9,8 +9,7 @@ type atcid, domain;
type atcid_exec, exec_type, file_type, vendor_file_type; type atcid_exec, exec_type, file_type, vendor_file_type;
init_daemon_domain(atcid) init_daemon_domain(atcid)
allow atcid init:unix_stream_socket connectto; set_prop(atcid,persist_service_atci_prop)
allow atcid property_socket:sock_file write;
allow atcid block_device:dir search; allow atcid block_device:dir search;
allow atcid socket_device:sock_file write; allow atcid socket_device:sock_file write;
@ -20,11 +19,8 @@ hwbinder_use(atcid)
hal_client_domain(atcid, hal_telephony) hal_client_domain(atcid, hal_telephony)
allow atcid ttyGS_device:chr_file { read write ioctl open }; allow atcid ttyGS_device:chr_file { read write ioctl open };
allow atcid persist_service_atci_prop:property_service set;
allow atcid misc2_device:chr_file { read write open };
allow atcid wmtWifi_device:chr_file { write open }; allow atcid wmtWifi_device:chr_file { write open };
allow atcid misc2_block_device:blk_file { read write open }; allow atcid misc2_block_device:blk_file { read write open };
allow atcid bootdevice_block_device:blk_file { open read write };
allow atci_service gpu_device:chr_file { read write open ioctl getattr }; allow atci_service gpu_device:chr_file { read write open ioctl getattr };
allow atcid self:capability sys_time; allow atcid self:capability sys_time;