diff --git a/non_plat/aee_aed.te b/non_plat/aee_aed.te index 51e0875..c94a13d 100644 --- a/non_plat/aee_aed.te +++ b/non_plat/aee_aed.te @@ -22,7 +22,6 @@ allow aee_aed mtd_device:chr_file rw_file_perms; allow aee_aed RT_Monitor_device:chr_file r_file_perms; #data/aee_exp -typeattribute aee_aed data_between_core_and_vendor_violators; allow aee_aed aee_exp_data_file:dir create_dir_perms; allow aee_aed aee_exp_data_file:file create_file_perms; diff --git a/non_plat/aee_aedv.te b/non_plat/aee_aedv.te index 7a593d8..26a12af 100644 --- a/non_plat/aee_aedv.te +++ b/non_plat/aee_aedv.te @@ -31,25 +31,24 @@ allow aee_aedv sdcard_type:dir create_dir_perms; allow aee_aedv sdcard_type:file create_file_perms; #data/anr -typeattribute aee_aedv data_between_core_and_vendor_violators; -allow aee_aedv anr_data_file:dir create_dir_perms; -allow aee_aedv anr_data_file:file create_file_perms; +#allow aee_aedv anr_data_file:dir create_dir_perms; +#allow aee_aedv anr_data_file:file create_file_perms; #data/aee_exp -allow aee_aedv aee_exp_data_file:dir create_dir_perms; -allow aee_aedv aee_exp_data_file:file create_file_perms; +allow aee_aedv aee_exp_vendor_file:dir create_dir_perms; +allow aee_aedv aee_exp_vendor_file:file create_file_perms; #data/dumpsys -allow aee_aedv aee_dumpsys_data_file:dir create_dir_perms; -allow aee_aedv aee_dumpsys_data_file:file create_file_perms; +allow aee_aedv aee_dumpsys_vendor_file:dir create_dir_perms; +allow aee_aedv aee_dumpsys_vendor_file:file create_file_perms; #/data/core -allow aee_aedv aee_core_data_file:dir create_dir_perms; -allow aee_aedv aee_core_data_file:file create_file_perms; +allow aee_aedv aee_core_vendor_file:dir create_dir_perms; +allow aee_aedv aee_core_vendor_file:file create_file_perms; # /data/data_tmpfs_log -allow aee_aedv data_tmpfs_log_file:dir create_dir_perms; -allow aee_aedv data_tmpfs_log_file:file create_file_perms; +allow aee_aedv vendor_tmpfs_log_file:dir create_dir_perms; +allow aee_aedv vendor_tmpfs_log_file:file create_file_perms; allow aee_aedv domain:process { sigkill getattr getsched}; allow aee_aedv domain:lnk_file getattr; @@ -78,7 +77,7 @@ userdebug_or_eng(`allow aee_aedv self:capability sys_admin;') # Date: W16.17 # Operation: N0 Migeration # Purpose: creat dir "aee_exp" under /data -allow aee_aedv system_data_file:dir { write create add_name }; +#allow aee_aedv system_data_file:dir { write create add_name }; # Purpose: aee_aedv set property set_prop(aee_aedv, persist_mtk_aee_prop); @@ -89,8 +88,8 @@ set_prop(aee_aedv, debug_mtk_aee_prop); # allow aee_aedv toolbox_exec:file { execute execute_no_trans }; # purpose: allow aee_aedv to access storage on N version -allow aee_aedv media_rw_data_file:file { create_file_perms }; -allow aee_aedv media_rw_data_file:dir { create_dir_perms }; +#allow aee_aedv media_rw_data_file:file { create_file_perms }; +#allow aee_aedv media_rw_data_file:dir { create_dir_perms }; # Purpose: mnt/user/* allow aee_aedv mnt_user_file:dir search; @@ -147,7 +146,7 @@ allow aee_aedv { -keystore -init }:process ptrace; -allow aee_aedv dalvikcache_data_file:dir r_dir_perms; +#allow aee_aedv dalvikcache_data_file:dir r_dir_perms; allow aee_aedv zygote_exec:file r_file_perms; allow aee_aedv init_exec:file r_file_perms; @@ -271,8 +270,8 @@ allow aee_aedv sysfs_leds:file r_file_perms; allow aee_aedv sysfs_ccci:dir search; allow aee_aedv sysfs_ccci:file r_file_perms; -allow aee_aedv system_data_file:dir getattr; -allow aee_aedv system_data_file:file open; +#allow aee_aedv system_data_file:dir getattr; +#allow aee_aedv system_data_file:file open; # Purpose: # 01-01 00:03:44.330 3658 3658 I aee_dumpstatev: type=1400 audit(0.0:5411): avc: denied diff --git a/non_plat/dumpstate.te b/non_plat/dumpstate.te index 1acdd1c..6a7861c 100644 --- a/non_plat/dumpstate.te +++ b/non_plat/dumpstate.te @@ -9,7 +9,6 @@ set_prop(dumpstate, debug_bq_dump_prop); allow dumpstate aed_device:chr_file { read getattr }; # Purpose: data/dumpsys/* -typeattribute dumpstate data_between_core_and_vendor_violators; allow dumpstate aee_dumpsys_data_file:dir { w_dir_perms }; allow dumpstate aee_dumpsys_data_file:file { create_file_perms }; @@ -54,8 +53,8 @@ allow dumpstate sysfs_lowmemorykiller:dir search; allow dumpstate expdb_block_device:blk_file { read write ioctl open }; #/data/anr/SF_RTT -allow dumpstate sf_rtt_file:dir search; -allow dumpstate sf_rtt_file:file r_file_perms; +#allow dumpstate sf_rtt_file:dir search; +#allow dumpstate sf_rtt_file:file r_file_perms; # Data : 2017/03/22 # Operation : add fd use selinux rule diff --git a/non_plat/file.te b/non_plat/file.te index 9512232..9d2e54f 100644 --- a/non_plat/file.te +++ b/non_plat/file.te @@ -94,14 +94,18 @@ type logmisc_data_file, file_type, data_file_type; type logtemp_data_file, file_type, data_file_type; # NE core_forwarder -type aee_core_data_file, file_type, data_file_type; +type aee_core_data_file, file_type, data_file_type, core_data_file_type; +type aee_core_vendor_file, file_type, data_file_type; # NE tombstone type aee_tombstone_data_file, file_type, data_file_type; # AEE exp -type aee_exp_data_file, file_type, data_file_type; -type aee_dumpsys_data_file, file_type, data_file_type; +#type aee_exp_data_file, file_type, data_file_type; +type aee_exp_data_file, file_type, data_file_type, core_data_file_type; +type aee_exp_vendor_file, file_type, data_file_type; +type aee_dumpsys_data_file, file_type, data_file_type, core_data_file_type; +type aee_dumpsys_vendor_file, file_type, data_file_type; # SF rtt dump type sf_rtt_file, file_type, data_file_type; @@ -125,7 +129,8 @@ type proc_icusb, fs_type; type iso9660, fs_type; # data_tmpfs_log -type data_tmpfs_log_file, file_type, data_file_type; +type data_tmpfs_log_file, file_type, data_file_type, core_data_file_type; +type vendor_tmpfs_log_file, file_type, data_file_type; # rawfs for /protect_f on NAND projects type rawfs, fs_type, mlstrustedobject; diff --git a/non_plat/file_contexts b/non_plat/file_contexts index bd60b2f..6e1cdaf 100644 --- a/non_plat/file_contexts +++ b/non_plat/file_contexts @@ -19,8 +19,8 @@ # Data files # #/data/misc/mddb(/.*)? u:object_r:mddb_data_file:s0 -#/data/aee_exp(/.*)? u:object_r:aee_exp_data_file:s0 -#/data/vendor/mtklog/aee_exp(/.*)? u:object_r:aee_exp_data_file:s0 +/data/aee_exp(/.*)? u:object_r:aee_exp_data_file:s0 +/data/vendor/mtklog/aee_exp(/.*)? u:object_r:aee_exp_vendor_file:s0 #/data/agps_supl(/.*)? u:object_r:agpsd_data_file:s0 #/data/mnl_flp(/.*)? u:object_r:mnld_data_file:s0 #/data/mnl_gfc(/.*)? u:object_r:mnld_data_file:s0 @@ -28,12 +28,12 @@ #/data/anr/SF_RTT(/.*)? u:object_r:sf_rtt_file:s0 #/data/ccci_cfg(/.*)? u:object_r:ccci_cfg_file:s0 #/data/flashless(/.*)? u:object_r:c2k_file:s0 -#/data/core(/.*)? u:object_r:aee_core_data_file:s0 -#/data/vendor/core(/.*)? u:object_r:aee_core_data_file:s0 +/data/core(/.*)? u:object_r:aee_core_data_file:s0 +/data/vendor/core(/.*)? u:object_r:aee_core_vendor_file:s0 /data/vendor/tombstones(/.*)? u:object_r:aee_tombstone_data_file:s0 #/data/dontpanic(/.*)? u:object_r:dontpanic_data_file:s0 -#/data/dumpsys(/.*)? u:object_r:aee_dumpsys_data_file:s0 -#/data/vendor/dumpsys(/.*)? u:object_r:aee_dumpsys_data_file:s0 +/data/dumpsys(/.*)? u:object_r:aee_dumpsys_data_file:s0 +/data/vendor/dumpsys(/.*)? u:object_r:aee_dumpsys_vendor_file:s0 /data/extmdl(/.*)? u:object_r:mdlog_data_file:s0 #/data/http-proxy-cfg(/.*)? u:object_r:http_proxy_cfg_data_file:s0 #/data/log_temp(/.*)? u:object_r:logtemp_data_file:s0 @@ -50,8 +50,8 @@ #/data/md3(/.*)? u:object_r:c2k_file:s0 #/data/mal(/.*)? u:object_r:mal_data_file:s0 /data/SF_dump(./*)? u:object_r:sf_bqdump_data_file:s0 -#/data/data_tmpfs_log(/.*)? u:object_r:data_tmpfs_log_file:s0 -#/data/vendor/data_tmpfs_log(/.*)? u:object_r:data_tmpfs_log_file:s0 +/data/data_tmpfs_log(/.*)? u:object_r:data_tmpfs_log_file:s0 +/data/vendor/data_tmpfs_log(/.*)? u:object_r:vendor_tmpfs_log_file:s0 #/data/tmp_mnt/data_tmpfs_log(/.*)? u:object_r:data_tmpfs_log_file:s0 #/data/tmp_mnt/vendor/data_tmpfs_log(/.*)? u:object_r:data_tmpfs_log_file:s0 #/data/setkey.conf u:object_r:ims_ipsec_data_file:s0