Merge "[ALPS03841705] modify aee_core_forwarder selinux rule" into alps-trunk-p0.basic
Change-Id: I4bad1d381c0ec3b1e76f1bc7a5ae7ae68ad8add9 MTK-Commit-Id: b01515bb610c7a0c60117c97d4f98b5c9f882071
This commit is contained in:
Larry Liang
Gerrit Code Review
commit
2e97184a4b
@ -519,7 +519,6 @@
|
|||||||
#
|
#
|
||||||
/(system\/vendor|vendor)/bin/stp_dump3 u:object_r:stp_dump3_exec:s0
|
/(system\/vendor|vendor)/bin/stp_dump3 u:object_r:stp_dump3_exec:s0
|
||||||
/(system\/vendor|vendor)/bin/wmt_launcher u:object_r:mtk_wmt_launcher_exec:s0
|
/(system\/vendor|vendor)/bin/wmt_launcher u:object_r:mtk_wmt_launcher_exec:s0
|
||||||
/(system\/vendor|vendor)/bin/aee_core_forwarder u:object_r:aee_core_forwarder_exec:s0
|
|
||||||
/(system\/vendor|vendor)/bin/ccci_fsd u:object_r:ccci_fsd_exec:s0
|
/(system\/vendor|vendor)/bin/ccci_fsd u:object_r:ccci_fsd_exec:s0
|
||||||
/(system\/vendor|vendor)/bin/fuelgauged u:object_r:fuelgauged_exec:s0
|
/(system\/vendor|vendor)/bin/fuelgauged u:object_r:fuelgauged_exec:s0
|
||||||
/(system\/vendor|vendor)/bin/fuelgauged_nvram u:object_r:fuelgauged_nvram_exec:s0
|
/(system\/vendor|vendor)/bin/fuelgauged_nvram u:object_r:fuelgauged_nvram_exec:s0
|
||||||
|
|||||||
@ -22,7 +22,6 @@ allow kernel system_data_file:lnk_file r_file_perms;
|
|||||||
# Operation : Migration
|
# Operation : Migration
|
||||||
# Purpose : transit from kernel to aee_core_forwarder domain when executing aee_core_forwarder
|
# Purpose : transit from kernel to aee_core_forwarder domain when executing aee_core_forwarder
|
||||||
typeattribute kernel system_executes_vendor_violators;
|
typeattribute kernel system_executes_vendor_violators;
|
||||||
domain_auto_trans(kernel, aee_core_forwarder_exec, aee_core_forwarder)
|
|
||||||
|
|
||||||
# Date : WK14.43
|
# Date : WK14.43
|
||||||
# Operation : Migration
|
# Operation : Migration
|
||||||
|
|||||||
@ -1,11 +1,11 @@
|
|||||||
# ==============================================
|
# ==============================================
|
||||||
# Policy File of /vendor/bin/aee_core_forwarder Executable File
|
# Policy File of /system/bin/aee_core_forwarder Executable File
|
||||||
|
|
||||||
# ==============================================
|
# ==============================================
|
||||||
# Type Declaration
|
# Type Declaration
|
||||||
# ==============================================
|
# ==============================================
|
||||||
type aee_core_forwarder_exec, exec_type, file_type, vendor_file_type;
|
type aee_core_forwarder_exec, exec_type, file_type;
|
||||||
type aee_core_forwarder, domain;
|
typeattribute aee_core_forwarder coredomain;
|
||||||
|
|
||||||
# ==============================================
|
# ==============================================
|
||||||
# MTK Policy Rule
|
# MTK Policy Rule
|
||||||
@ -13,18 +13,17 @@ type aee_core_forwarder, domain;
|
|||||||
init_daemon_domain(aee_core_forwarder)
|
init_daemon_domain(aee_core_forwarder)
|
||||||
|
|
||||||
#/data/core/zcorexxx.zip
|
#/data/core/zcorexxx.zip
|
||||||
allow aee_core_forwarder aee_core_data_file:dir relabelto;
|
#allow aee_core_forwarder aee_core_data_file:dir relabelto;
|
||||||
allow aee_core_forwarder aee_core_data_file:dir create_dir_perms;
|
#allow aee_core_forwarder aee_core_data_file:dir create_dir_perms;
|
||||||
allow aee_core_forwarder aee_core_data_file:file create_file_perms;
|
#allow aee_core_forwarder aee_core_data_file:file create_file_perms;
|
||||||
typeattribute aee_core_forwarder data_between_core_and_vendor_violators;
|
#allow aee_core_forwarder system_data_file:dir { write relabelfrom create add_name };
|
||||||
allow aee_core_forwarder system_data_file:dir { write relabelfrom create add_name };
|
|
||||||
|
|
||||||
#mkdir /sdcard/mtklog/aee_exp and write /sdcard/mtklog/aee_exp/zcorexxx.zip
|
#mkdir /sdcard/mtklog/aee_exp and write /sdcard/mtklog/aee_exp/zcorexxx.zip
|
||||||
allow aee_core_forwarder sdcard_type:dir create_dir_perms;
|
allow aee_core_forwarder sdcard_type:dir create_dir_perms;
|
||||||
allow aee_core_forwarder sdcard_type:file create_file_perms;
|
allow aee_core_forwarder sdcard_type:file create_file_perms;
|
||||||
allow aee_core_forwarder self:capability fsetid;
|
allow aee_core_forwarder self:capability fsetid;
|
||||||
allow aee_core_forwarder aee_exp_data_file:dir create_dir_perms;
|
#allow aee_core_forwarder aee_exp_data_file:dir create_dir_perms;
|
||||||
allow aee_core_forwarder aee_exp_data_file:file create_file_perms;
|
#allow aee_core_forwarder aee_exp_data_file:file create_file_perms;
|
||||||
|
|
||||||
#mkdir(path, mode)
|
#mkdir(path, mode)
|
||||||
#allow aee_core_forwarder self:capability dac_override;
|
#allow aee_core_forwarder self:capability dac_override;
|
||||||
@ -64,7 +63,7 @@ dontaudit aee_core_forwarder untrusted_app:dir search;
|
|||||||
# Purpose : access for pipefs
|
# Purpose : access for pipefs
|
||||||
allow aee_core_forwarder kernel:fd use;
|
allow aee_core_forwarder kernel:fd use;
|
||||||
# Purpose : read AEE persist property
|
# Purpose : read AEE persist property
|
||||||
allow aee_core_forwarder persist_aee_prop:file r_file_perms;
|
#allow aee_core_forwarder persist_aee_prop:file r_file_perms;
|
||||||
# Purpose: search root dir "/"
|
# Purpose: search root dir "/"
|
||||||
allow aee_core_forwarder tmpfs:dir search;
|
allow aee_core_forwarder tmpfs:dir search;
|
||||||
# Purpose : read /selinux_version
|
# Purpose : read /selinux_version
|
||||||
@ -104,7 +103,7 @@ allow aee_core_forwarder media_rw_data_file:file { create open write };
|
|||||||
# Purpose : type=1400 audit(0.0:6594): avc: denied { connectto } for
|
# Purpose : type=1400 audit(0.0:6594): avc: denied { connectto } for
|
||||||
# path=00616E64726F69643A6165655F616564 scontext=u:r:aee_core_forwarder:s0
|
# path=00616E64726F69643A6165655F616564 scontext=u:r:aee_core_forwarder:s0
|
||||||
# tcontext=u:r:aee_aedv:s0 tclass=unix_stream_socket permissive=0
|
# tcontext=u:r:aee_aedv:s0 tclass=unix_stream_socket permissive=0
|
||||||
allow aee_core_forwarder aee_aedv:unix_stream_socket connectto;
|
#allow aee_core_forwarder aee_aedv:unix_stream_socket connectto;
|
||||||
|
|
||||||
# Data : 2017/08/04
|
# Data : 2017/08/04
|
||||||
# Operation : fix sys_nice selinux warning
|
# Operation : fix sys_nice selinux warning
|
||||||
@ -11,7 +11,7 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
/system/bin/mobile_log_d u:object_r:mobile_log_d_exec:s0
|
/system/bin/mobile_log_d u:object_r:mobile_log_d_exec:s0
|
||||||
|
/system/bin/aee_core_forwarder u:object_r:aee_core_forwarder_exec:s0
|
||||||
/system/bin/mdlogger u:object_r:mdlogger_exec:s0
|
/system/bin/mdlogger u:object_r:mdlogger_exec:s0
|
||||||
/system/bin/emdlogger[0-9]+ u:object_r:emdlogger_exec:s0
|
/system/bin/emdlogger[0-9]+ u:object_r:emdlogger_exec:s0
|
||||||
/system/bin/netdiag u:object_r:netdiag_exec:s0
|
/system/bin/netdiag u:object_r:netdiag_exec:s0
|
||||||
|
|||||||
7
plat_public/aee_core_forwarder.te
Normal file
7
plat_public/aee_core_forwarder.te
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
# ==============================================
|
||||||
|
# Policy File of /system/bin/aee_core_forwarder Executable File
|
||||||
|
|
||||||
|
# ==============================================
|
||||||
|
# Type Declaration
|
||||||
|
# ==============================================
|
||||||
|
type aee_core_forwarder, domain;
|
||||||
Loading…
x
Reference in New Issue
Block a user