diff --git a/non_plat/file_contexts b/non_plat/file_contexts index 67c5b27..a791821 100644 --- a/non_plat/file_contexts +++ b/non_plat/file_contexts @@ -538,7 +538,8 @@ /(system\/vendor|vendor)/bin/thermal_manager u:object_r:thermal_manager_exec:s0 /(system\/vendor|vendor)/bin/thermalloadalgod u:object_r:thermalloadalgod_exec:s0 /(system\/vendor|vendor)/bin/lbs_hidl_service u:object_r:lbs_hidl_service_exec:s0 - +/(system\/vendor|vendor)/bin/meta_tst u:object_r:meta_tst_exec:s0 +/(system\/vendor|vendor)/bin/pre_meta u:object_r:pre_meta_exec:s0 /(system\/vendor|vendor)/bin/wmt_loader u:object_r:wmt_loader_exec:s0 /(system\/vendor|vendor)/bin/spm_loader u:object_r:spm_loader_exec:s0 /(system\/vendor|vendor)/bin/ccci_mdinit u:object_r:ccci_mdinit_exec:s0 diff --git a/non_plat/meta_tst.te b/non_plat/meta_tst.te index 8fa1060..da03e2c 100644 --- a/non_plat/meta_tst.te +++ b/non_plat/meta_tst.te @@ -1,5 +1,14 @@ # ============================================== -# Policy File of /system/bin/meta_tst Executable File +# Policy File of /vendor/bin/meta_tst Executable File + + + +# ============================================== +# Type Declaration +# ============================================== +type meta_tst, domain; +type meta_tst_exec , exec_type, file_type, vendor_file_type; +init_daemon_domain(meta_tst) # ============================================== # MTK Policy Rule @@ -152,7 +161,7 @@ allow meta_tst mt6605_device:chr_file rw_file_perms; #Date WK14.49 #Operation : Migration #Purpose : DRM key installation -allow meta_tst shell_exec:file rx_file_perms; +#allow meta_tst shell_exec:file rx_file_perms; allow meta_tst system_data_file:dir create; allow meta_tst key_install_data_file:dir w_dir_perms; allow meta_tst key_install_data_file:file create_file_perms; @@ -166,7 +175,7 @@ allow meta_tst proc_lk_env:file rw_file_perms; allow meta_tst block_device:blk_file getattr; allow meta_tst system_block_device:blk_file getattr; #allow meta_tst fuse_device:chr_file getattr; -allow meta_tst shell_exec:file r_file_perms; +#allow meta_tst shell_exec:file r_file_perms; # Date: WK15.52 # Purpose : NVRAM related LID @@ -216,7 +225,7 @@ allow meta_tst gsm0710muxd_device:chr_file rw_file_perms; # Date: WK16.20 # Purpose: meta_tst set sys.usb.config -set_prop(meta_tst, system_radio_prop); +#set_prop(meta_tst, system_radio_prop); #Date: W16.33 # Purpose: N Migration For CCT @@ -240,31 +249,9 @@ allow meta_tst nvcfg_file:dir { search read open }; #Date: W16.45 # Purpose : Allow unmount sdcardfs mounted on /data/media allow meta_tst sdcard_type:filesystem unmount; -allow meta_tst toolbox_exec:file { getattr execute execute_no_trans read open }; +#allow meta_tst toolbox_exec:file { getattr execute execute_no_trans read open }; allow meta_tst storage_stub_file:dir search; -# Date: WK16.16 -# Purpose: support meta mode wifi on -allow meta_tst self:netlink_route_socket { bind create getattr write nlmsg_read read nlmsg_write }; -#allow meta_tst self:packet_socket { bind create write read ioctl }; -#allow meta_tst net_wlan_dns_prop:property_service set; -allow meta_tst self:capability { setgid setuid }; -allow meta_tst self:packet_socket create_socket_perms_no_ioctl; -allow meta_tst self:capability { setgid setuid sys_module sys_time}; -#allow meta_tst wpa_exec:file getattr; -allow meta_tst wifi_data_file:dir create_dir_perms; -allow meta_tst wifi_data_file:sock_file create_file_perms; -#allow meta_tst wpa_exec:file rx_file_perms; -#allow meta_tst wpa_socket:dir create_dir_perms; -#allow meta_tst wpa_socket:sock_file create_file_perms; -allow meta_tst self:netlink_socket create_socket_perms_no_ioctl; -allow meta_tst self:rawip_socket create; -allow meta_tst self:udp_socket create_socket_perms_no_ioctl; -allow meta_tst self:rawip_socket create_socket_perms_no_ioctl; -allow meta_tst proc_ged:file r_file_perms; -allowxperm meta_tst self:udp_socket ioctl {SIOCSIFFLAGS SIOCGIFCONF SIOCIWFIRSTPRIV_08 SIOCIWFIRSTPRIV_09}; -allow meta_tst meta_tst:netlink_generic_socket { read write getattr bind create setopt }; - # Date : WK16.19 # Operation: meta_tst set persist.meta.connecttype property # Purpose: Switch meta connect type, set persist.meta.connecttype as "wifi" or "usb". @@ -321,11 +308,11 @@ allow meta_tst mddb_data_file:dir { search write add_name create getattr read op # Date: W17.43 # Purpose : meta connect with mdlogger by socket. -allow meta_tst emdlogger:unix_stream_socket connectto; +#allow meta_tst emdlogger:unix_stream_socket connectto; # Date: W17.43 # Purpose : meta connect with mobilelog by socket. -allow meta_tst mobile_log_d:unix_stream_socket connectto; +#allow meta_tst mobile_log_d:unix_stream_socket connectto; # Date: W17.43 # Purpose : meta access mobile log. diff --git a/non_plat/pre_meta.te b/non_plat/pre_meta.te index 8c7484d..f5549de 100644 --- a/non_plat/pre_meta.te +++ b/non_plat/pre_meta.te @@ -2,5 +2,12 @@ # MTK Policy Rule # ============================================== +# ============================================== +# Type Declaration +# ============================================== +type pre_meta, domain; +type pre_meta_exec , exec_type, file_type, vendor_file_type; +init_daemon_domain(pre_meta) + allow pre_meta proc_lk_env:file rw_file_perms; -allow pre_meta para_block_device:blk_file rw_file_perms;set_prop(meta_tst, powerctl_prop); \ No newline at end of file +allow pre_meta para_block_device:blk_file rw_file_perms;set_prop(meta_tst, powerctl_prop); diff --git a/plat_private/file_contexts b/plat_private/file_contexts index bce1d1d..2439f5e 100644 --- a/plat_private/file_contexts +++ b/plat_private/file_contexts @@ -22,10 +22,8 @@ /system/bin/aee_aed64 u:object_r:aee_aed_exec:s0 /system/bin/aee_dumpstate u:object_r:dumpstate_exec:s0 /system/bin/audiocmdservice_atci u:object_r:audiocmdservice_atci_exec:s0 -/system/bin/meta_tst u:object_r:meta_tst_exec:s0 /(system\/vendor|vendor)/bin/kisd u:object_r:kisd_exec:s0 /system/bin/factory u:object_r:factory_exec:s0 -/system/bin/pre_meta u:object_r:pre_meta_exec:s0 # google suggest that move aee_aedv_exec to platform @google_issue_id:64130120 /(system\/vendor|vendor)/bin/aee_aedv u:object_r:aee_aedv_exec:s0 diff --git a/plat_private/meta_tst.te b/plat_private/meta_tst.te deleted file mode 100644 index c1e00f2..0000000 --- a/plat_private/meta_tst.te +++ /dev/null @@ -1,47 +0,0 @@ -# ============================================== -# Policy File of /system/bin/meta_tst Executable File - - -# ============================================== -# Type Declaration -# ============================================== - -type meta_tst_exec , exec_type, file_type; -typeattribute meta_tst coredomain; - -# ============================================== -# MTK Policy Rule -# ============================================== - -init_daemon_domain(meta_tst) - -# Date : WK16.12 -# Operation : Migration -# Purpose : for meta mode driver module operation -#============= meta_tst ========================= - -allow meta_tst port:tcp_socket { name_connect name_bind }; -#allow meta_tst self:capability { net_raw chown fsetid sys_nice net_admin fowner dac_override sys_admin }; -allow meta_tst self:tcp_socket { create connect setopt bind }; -allow meta_tst self:tcp_socket { bind setopt listen accept read write }; -allow meta_tst self:udp_socket { create ioctl }; -allow meta_tst self:capability { sys_boot ipc_lock }; -allow meta_tst sysfs_wake_lock:file rw_file_perms; -#allow meta_tst sysfs:file write; -allow meta_tst property_socket:sock_file w_file_perms; -#allow meta_tst vold_socket:sock_file w_file_perms; -allow meta_tst init:unix_stream_socket connectto; -allow meta_tst vold:unix_stream_socket connectto; -allow meta_tst node:tcp_socket node_bind; -allow meta_tst labeledfs:filesystem unmount; -allow meta_tst shell_exec:file execute; -set_prop(meta_tst, powerctl_prop); - -# Date: WK16.12 -# Operation : Migration -# Purpose : for meta mode file system -allow meta_tst system_data_file:sock_file create_file_perms; -allow meta_tst system_file:file x_file_perms; -allow meta_tst system_data_file:dir w_dir_perms; -allow meta_tst block_device:dir search; -allow meta_tst rootfs:file entrypoint; diff --git a/plat_private/pre_meta.te b/plat_private/pre_meta.te deleted file mode 100644 index 7c694eb..0000000 --- a/plat_private/pre_meta.te +++ /dev/null @@ -1,20 +0,0 @@ -# ============================================== -# Type Declaration -# ============================================== - -type pre_meta_exec , exec_type, file_type; -typeattribute pre_meta coredomain; - - -# ============================================== -# MTK Policy Rule -# ============================================== - -init_daemon_domain(pre_meta) - -# Date : WK16.15 -# Operation : For reboot target to meta mode -# Purpose : for pre_meta daemon to access lk_env and reboot target -allow pre_meta block_device:dir search; -allow pre_meta property_socket:sock_file write; -allow pre_meta init:unix_stream_socket connectto; \ No newline at end of file diff --git a/plat_public/meta_tst.te b/plat_public/meta_tst.te deleted file mode 100644 index b5b9a43..0000000 --- a/plat_public/meta_tst.te +++ /dev/null @@ -1,11 +0,0 @@ -# ============================================== -# Policy File of /system/bin/meta_tst Executable File - - -# ============================================== -# Type Declaration -# ============================================== - -type meta_tst ,domain; - - diff --git a/plat_public/pre_meta.te b/plat_public/pre_meta.te deleted file mode 100644 index f179869..0000000 --- a/plat_public/pre_meta.te +++ /dev/null @@ -1,5 +0,0 @@ -# ============================================== -# Policy File of /system/bin/pre_meta Executable File - -type pre_meta ,domain; -