[ALPS04763250] Thermal: SEPolicy de-risk
[Detail] 1. using set_prop for SEPolicy optimize. 2. modify high risk sysfs write operation for security. MTK-Commit-Id: 48b34c3013d5402a3d6253945d3b41a148f0d167 Change-Id: I9657ab3f5eee2616f452a442fb6201779edd831c Signed-off-by: jerry-sc.wu <jerry-sc.wu@mediatek.com> CR-Id: ALPS04763250 Feature: Thermal Management
This commit is contained in:
jerry-sc.wu
parent
c947a234d9
commit
31f4d86bf1
@ -110,7 +110,10 @@ genfscon sysfs /devices/virtual/misc/scp_B u:object_r:sysfs_scp:s0
|
||||
genfscon sysfs /devices/virtual/misc/sspm u:object_r:sysfs_sspm:s0
|
||||
genfscon sysfs /devices/virtual/misc/adsp u:object_r:sysfs_adsp:s0
|
||||
|
||||
# Date : 2019/09/12
|
||||
genfscon sysfs /devices/virtual/thermal u:object_r:sysfs_therm:s0
|
||||
genfscon sysfs /devices/class/thermal u:object_r:sysfs_therm:s0
|
||||
|
||||
genfscon sysfs /devices/virtual/switch/fps u:object_r:sysfs_fps:s0
|
||||
|
||||
genfscon sysfs /firmware/devicetree/base/chosen/atag,devinfo u:object_r:sysfs_devinfo:s0
|
||||
@ -227,6 +230,7 @@ genfscon sysfs /devices/platform/trusty u:object_r:mtee_trusty_file:s0
|
||||
# Purpose: allow rild to access /proc/aed/reboot-reason
|
||||
genfscon proc /aed/reboot-reason u:object_r:proc_aed_reboot_reason:s0
|
||||
|
||||
|
||||
# 2019/09/05
|
||||
# Purpose: Allow powerhal to control kernel resources
|
||||
genfscon proc /ppm u:object_r:proc_ppm:s0
|
||||
@ -237,3 +241,4 @@ genfscon proc /ca_drv u:object_r:proc_ca_drv:s0
|
||||
genfscon sysfs /module/ged u:object_r:sysfs_ged:s0
|
||||
genfscon sysfs /module/fbt_cpu u:object_r:sysfs_fbt_cpu:s0
|
||||
genfscon sysfs /module/fbt_fteh u:object_r:sysfs_fbt_fteh:s0
|
||||
|
||||
|
||||
@ -39,16 +39,17 @@ allow thermal_manager camera_isp_device:chr_file { read write };
|
||||
allow thermal_manager cameraserver:fd use;
|
||||
allow thermal_manager kd_camera_hw_device:chr_file { read write };
|
||||
allow thermal_manager MTK_SMI_device:chr_file read;
|
||||
allow thermal_manager property_socket:sock_file write;
|
||||
allow thermal_manager surfaceflinger:fd use;
|
||||
allow thermal_manager init:unix_stream_socket connectto;
|
||||
allow thermal_manager sysfs:file write;
|
||||
set_prop(thermal_manager ,mtk_thermal_config_prop)
|
||||
|
||||
# Date : WK17.12
|
||||
# Date : 2019/09/12
|
||||
# Operation : Migration
|
||||
# Purpose : Allow thermal_manager to notify SPA.
|
||||
allow thermal_manager mtk_thermal_config_prop:file { getattr open read };
|
||||
allow thermal_manager mtk_thermal_config_prop:property_service set;
|
||||
# Purpose : add sysfs permission
|
||||
# path = " sys/devices/virtual/thermal/"
|
||||
# path = " sys/class/thermal/"
|
||||
allow thermal_manager sysfs_therm:file w_file_perms;
|
||||
|
||||
|
||||
|
||||
# Date : WK18.18
|
||||
# Operation : P Migration
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user