[ALPS02333452] Android p selinux change

[Detail] Android has defined neverallow rules to restrict direct access to system files. We need to have a custom label for each policy. [Solution] Define custom label for drmserver MTK-Commit-Id: c84c43b87a6ac2651a0562b8818bc66516e4a50b Change-Id: Ide4fc49628508aee77e67f3213749210430153a3 CR-Id: ALPS02333452 Feature: OMA DRM V1.0
2020-01-18 09:38:07 +08:00 · 2020-01-18 09:38:07 +08:00 · 1cbaa678fe
commit 1cbaa678fe
parent af8b6473d2
3 changed files with 9 additions and 1 deletions
--- a/plat_private/drmserver.te
+++ b/plat_private/drmserver.te
@ -3,4 +3,4 @@
 # ======================

 # =======drmserver======
-#allow drmserver sysfs:file { read open };
+allow drmserver access_sys_file:file { read open };
--- a/plat_private/file.te
+++ b/plat_private/file.te
@ -0,0 +1,6 @@
+# ==============================================
+# MTK Policy Rule
+# ==============================================
+
+# For drmserver
+type access_sys_file, fs_type, sysfs_type;
--- a/plat_private/file_contexts
+++ b/plat_private/file_contexts
@ -44,3 +44,5 @@

 #MTK vibrator
 /sys/devices/platform/vibrator@0/leds/vibrator(/.*)? u:object_r:sysfs_vibrator:s0
+
+/sys/block/mmcblk0rpmb/size u:object_r:access_sys_file:s0