From 3006c81521c6cffc9eb9f555380e6676662ff7d7 Mon Sep 17 00:00:00 2001 From: Sam-KY Lin Date: Sat, 18 Jan 2020 09:42:23 +0800 Subject: [PATCH] [ALPS03897468] kernel: remove sepolicy which violate neverallow rule [Detail] Google introduced new neverallow rule for restricting core_domain & non-core_domain communication via data partition. This patch removes MTK sepolicy rules which violate neverallow rule. MTK-Commit-Id: 2f3ae1f106cdf28f00ee75638dd77fd8242f9746 Change-Id: If6c64eec4f3cf5760988e3c266da83d1d93e649f CR-Id: ALPS03897468 Feature: [Android Default] SELinux, SEAndroid, and SE-MTK --- non_plat/kernel.te | 22 ---------------------- 1 file changed, 22 deletions(-) diff --git a/non_plat/kernel.te b/non_plat/kernel.te index ae49773..105c711 100644 --- a/non_plat/kernel.te +++ b/non_plat/kernel.te @@ -18,11 +18,6 @@ allow kernel vold_device:blk_file rw_file_perms; # Purpose : Access to nvarm for reading MAC. (LOS WIFI feature) allow kernel system_data_file:lnk_file r_file_perms; -# Date : WK14.31 -# Operation : Migration -# Purpose : transit from kernel to aee_core_forwarder domain when executing aee_core_forwarder -typeattribute kernel system_executes_vendor_violators; - # Date : WK14.43 # Operation : Migration # Purpose : Access to nvarm for reading MAC. (LOS WIFI feature) @@ -43,23 +38,6 @@ allow kernel fon_image_data_file:file read; # Purpose : grant proc_thermal for dir search allow kernel proc_thermal:dir search; -# Date : WK16.11 -# Operation : Migration -# Purpose : grant nvram data access permission for kernel thread mtk_wmtd to access nvram file, -# because wifi driver need to access nvram to get radio configuration. On Userdebug or Eng load, -# factory engineers may need to update nvram by Egineer Mode, so we need to grant write permissions -# on Eng or Userdebug load -typeattribute kernel data_between_core_and_vendor_violators; -allow kernel nvram_data_file:dir search; -allow kernel nvram_data_file:file r_file_perms; -allow kernel nvram_data_file:lnk_file read; -allow kernel nvdata_file:lnk_file read; -allow kernel nvdata_file:dir search; -allow kernel nvdata_file:file r_file_perms; -userdebug_or_eng(` - allow kernel nvdata_file:file w_file_perms; -') - # Date : WK16.11 # Operation : Migration # Purpose : grant storage_file and wifi_data_file for kernel thread mtk_wmtd to access /sdcard/wifi.cfg