[ALPS04654001] SEPolicy: add ioctlcmd for app

[Detail] For Andorid Q, there is a more stringent restriction for ioctl, app need to access pipe by ioctlcmd=0x5402. avc: denied { ioctl } for comm="kd" path="pipe:[7173861]" dev="pipefs" ino=7173861 ioctlcmd=0x5402 scontext=u:r:untrusted_app_25:s0:c512,c768 tcontext=u:r:untrusted_app_25:s0:c512,c768 tclass=fifo_file permissive=0 app=com.tencent.qqpimsecure [Solution] Add sepolicy for app to access pipe by ioctlcmd=0x5402 MTK-Commit-Id: d38b9f7f97aab7b23d80d0f3aac8e25a790c8c91 Change-Id: I5ac20bf2dffa0c297b32aaebd75db9e04c35cc79 CR-Id: ALPS04654001 Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
2020-01-18 10:14:59 +08:00 · 2020-01-18 10:14:59 +08:00 · 2bd9ab2104
commit 2bd9ab2104
parent 38ae1361bf
1 changed files with 5 additions and 0 deletions
--- a/non_plat/app.te
+++ b/non_plat/app.te
@ -58,3 +58,8 @@ allow appdomain mdp_device:chr_file rw_file_perms;
 # Operation : Migration
 # Purpose : For platform app com.android.gallery3d
 allow { appdomain -isolated_app } radio_data_file:file rw_file_perms;
+
+# Date : W19.23
+# Operation : Migration
+# Purpose : For app com.tencent.qqpimsecure
+allowxperm appdomain appdomain:fifo_file ioctl SNDCTL_TMR_START;