[ALPS04760404] Remove SElinux code

1. Dont create folder in data by process self MTK-Commit-Id: 137bc58be1b0069794c7b52db91f8532e406bf31 Change-Id: I20c0ca16c66490b81a03192eb642131b50933933 CR-Id: ALPS04760404 Feature: Modem Log Tool
2020-01-18 10:20:51 +08:00 · 2020-01-18 10:20:51 +08:00 · 34e4338c7e
commit 34e4338c7e
parent b069f1aff7
2 changed files with 11 additions and 9 deletions
--- a/non_plat/emdlogger.te
+++ b/non_plat/emdlogger.te
@ -1,7 +1,7 @@
 #allow emdlogger to set property
-allow emdlogger debug_prop:property_service set;
-allow emdlogger persist_mtklog_prop:property_service set;
-allow emdlogger system_radio_prop:property_service set;
+#allow emdlogger debug_prop:property_service set;
+#allow emdlogger persist_mtklog_prop:property_service set;
+#allow emdlogger system_radio_prop:property_service set;

 # ccci device for internal modem
 allow emdlogger ccci_device:chr_file { rw_file_perms };
@ -26,7 +26,7 @@ allow emdlogger sdcard_type:file { create_file_perms };
 allow emdlogger mdlog_data_file:dir { create_dir_perms relabelto };
 allow emdlogger mdlog_data_file:fifo_file { create_file_perms };
 allow emdlogger mdlog_data_file:file { create_file_perms };
-allow emdlogger system_data_file:dir { create_dir_perms relabelfrom};
+#allow emdlogger system_data_file:dir { create_dir_perms relabelfrom};

 # modem logger control port access /dev/ttyC1
 allow emdlogger mdlog_device:chr_file { rw_file_perms};
@ -87,7 +87,7 @@ allow emdlogger para_block_device:blk_file { read open write };
 allow emdlogger proc_lk_env:file { read write ioctl open };

 ## purpose: avc: denied { read } for name="plat_file_contexts"
-allow emdlogger file_contexts_file:file { read getattr open map};
+#allow emdlogger file_contexts_file:file { read getattr open map};

 allow emdlogger block_device:dir search;
 allow emdlogger md_block_device:blk_file { read open };
@ -112,6 +112,8 @@ get_prop(emdlogger, vendor_usb_prop)
 set_prop(emdlogger, persist_mdlog_prop)
 set_prop(emdlogger, vendor_mdl_pulllog_prop)
 set_prop(emdlogger, exported_system_radio_prop)
+set_prop(emdlogger, debug_prop)
+set_prop(emdlogger, system_radio_prop)

 allow emdlogger vendor_configs_file:file map;
 allow emdlogger vendor_default_prop:file map;
--- a/plat_private/emdlogger.te
+++ b/plat_private/emdlogger.te
@ -17,8 +17,8 @@ allow emdlogger sdcard_type:file { create_file_perms };


 # modem logger socket access
-allow emdlogger property_socket:sock_file write;
-allow emdlogger init:unix_stream_socket connectto;
+#allow emdlogger property_socket:sock_file write;
+#allow emdlogger init:unix_stream_socket connectto;
 allow emdlogger platform_app:unix_stream_socket connectto;
 allow emdlogger shell_exec:file { rx_file_perms };
 allow emdlogger system_file:file execute_no_trans;
@ -58,7 +58,7 @@ allow emdlogger media_rw_data_file:file  { create_file_perms };
 allow emdlogger media_rw_data_file:dir { create_dir_perms };

 ## purpose: avc: denied { read } for name="plat_file_contexts"
-allow emdlogger file_contexts_file:file { read getattr open };
+#allow emdlogger file_contexts_file:file { read getattr open };

 ## Android P migration
 ## purpose:  denied { read } for name="cmdline" dev="proc"
@ -82,6 +82,6 @@ allow emdlogger mddb_filter_data_file:file { r_file_perms };
 # save log into /data/debuglogger
 allow emdlogger debuglog_data_file:dir {relabelto create_dir_perms};
 allow emdlogger debuglog_data_file:file create_file_perms;
-allow emdlogger system_data_file:dir create_dir_perms;
+#allow emdlogger system_data_file:dir create_dir_perms;
 # get persist.sys. proeprty
 get_prop(emdlogger, system_prop)