[ALPS03841705] fix the violation during Android P migration

[Detail] fix the violation during Android P migration

MTK-Commit-Id: 7dae33f4c7435a7eeae86a738d88dc6c3e52e3c3

Change-Id: I1000b278dd411438bf43ca0bda22d83aab52616f
CR-Id: ALPS03841705
Feature: Android Exception Engine(AEE)

non_plat/aee_aed.te

@@ -22,7 +22,6 @@ allow aee_aed mtd_device:chr_file rw_file_perms;
 allow aee_aed RT_Monitor_device:chr_file r_file_perms;
 
 #data/aee_exp
-typeattribute aee_aed data_between_core_and_vendor_violators;
 allow aee_aed aee_exp_data_file:dir create_dir_perms;
 allow aee_aed aee_exp_data_file:file create_file_perms;
 

non_plat/aee_aedv.te

@@ -31,25 +31,24 @@ allow aee_aedv sdcard_type:dir create_dir_perms;
 allow aee_aedv sdcard_type:file create_file_perms;
 
 #data/anr
-typeattribute aee_aedv data_between_core_and_vendor_violators;
+#allow aee_aedv anr_data_file:dir create_dir_perms;
-allow aee_aedv anr_data_file:dir create_dir_perms;
+#allow aee_aedv anr_data_file:file create_file_perms;
-allow aee_aedv anr_data_file:file create_file_perms;
 
 #data/aee_exp
-allow aee_aedv aee_exp_data_file:dir create_dir_perms;
+allow aee_aedv aee_exp_vendor_file:dir create_dir_perms;
-allow aee_aedv aee_exp_data_file:file create_file_perms;
+allow aee_aedv aee_exp_vendor_file:file create_file_perms;
 
 #data/dumpsys
-allow aee_aedv aee_dumpsys_data_file:dir create_dir_perms;
+allow aee_aedv aee_dumpsys_vendor_file:dir create_dir_perms;
-allow aee_aedv aee_dumpsys_data_file:file create_file_perms;
+allow aee_aedv aee_dumpsys_vendor_file:file create_file_perms;
 
 #/data/core
-allow aee_aedv aee_core_data_file:dir create_dir_perms;
+allow aee_aedv aee_core_vendor_file:dir create_dir_perms;
-allow aee_aedv aee_core_data_file:file create_file_perms;
+allow aee_aedv aee_core_vendor_file:file create_file_perms;
 
 # /data/data_tmpfs_log
-allow aee_aedv data_tmpfs_log_file:dir create_dir_perms;
+allow aee_aedv vendor_tmpfs_log_file:dir create_dir_perms;
-allow aee_aedv data_tmpfs_log_file:file create_file_perms;
+allow aee_aedv vendor_tmpfs_log_file:file create_file_perms;
 
 allow aee_aedv domain:process { sigkill getattr getsched};
 allow aee_aedv domain:lnk_file getattr;
@@ -78,7 +77,7 @@ userdebug_or_eng(`allow aee_aedv self:capability sys_admin;')
 # Date: W16.17
 # Operation: N0 Migeration
 # Purpose: creat dir "aee_exp" under /data
-allow aee_aedv system_data_file:dir { write create add_name };
+#allow aee_aedv system_data_file:dir { write create add_name };
 
 # Purpose: aee_aedv set property
 set_prop(aee_aedv, persist_mtk_aee_prop);
@@ -89,8 +88,8 @@ set_prop(aee_aedv, debug_mtk_aee_prop);
 # allow aee_aedv toolbox_exec:file { execute execute_no_trans };
 
 # purpose: allow aee_aedv to access storage on N version
-allow aee_aedv media_rw_data_file:file  { create_file_perms };
+#allow aee_aedv media_rw_data_file:file  { create_file_perms };
-allow aee_aedv media_rw_data_file:dir { create_dir_perms };
+#allow aee_aedv media_rw_data_file:dir { create_dir_perms };
 
 # Purpose: mnt/user/*
 allow aee_aedv mnt_user_file:dir search;
@@ -147,7 +146,7 @@ allow aee_aedv {
   -keystore
   -init
 }:process ptrace;
-allow aee_aedv dalvikcache_data_file:dir r_dir_perms;
+#allow aee_aedv dalvikcache_data_file:dir r_dir_perms;
 allow aee_aedv zygote_exec:file r_file_perms;
 allow aee_aedv init_exec:file r_file_perms;
 
@@ -271,8 +270,8 @@ allow aee_aedv sysfs_leds:file r_file_perms;
 allow aee_aedv sysfs_ccci:dir search;
 allow aee_aedv sysfs_ccci:file r_file_perms;
 
-allow aee_aedv system_data_file:dir getattr;
+#allow aee_aedv system_data_file:dir getattr;
-allow aee_aedv system_data_file:file open;
+#allow aee_aedv system_data_file:file open;
 
 # Purpose:
 # 01-01 00:03:44.330  3658  3658 I aee_dumpstatev: type=1400 audit(0.0:5411): avc: denied

non_plat/dumpstate.te

@@ -9,7 +9,6 @@ set_prop(dumpstate, debug_bq_dump_prop);
 allow dumpstate aed_device:chr_file { read getattr };
 
 # Purpose: data/dumpsys/*
-typeattribute dumpstate data_between_core_and_vendor_violators;
 allow dumpstate aee_dumpsys_data_file:dir { w_dir_perms };
 allow dumpstate aee_dumpsys_data_file:file { create_file_perms };
 
@@ -54,8 +53,8 @@ allow dumpstate sysfs_lowmemorykiller:dir search;
 allow dumpstate expdb_block_device:blk_file { read write ioctl open };
 
 #/data/anr/SF_RTT
-allow dumpstate sf_rtt_file:dir search;
+#allow dumpstate sf_rtt_file:dir search;
-allow dumpstate sf_rtt_file:file r_file_perms;
+#allow dumpstate sf_rtt_file:file r_file_perms;
 
 # Data : 2017/03/22
 # Operation : add fd use selinux rule

non_plat/file.te

@@ -94,14 +94,18 @@ type logmisc_data_file, file_type, data_file_type;
 type logtemp_data_file, file_type, data_file_type;
 
 # NE core_forwarder
-type aee_core_data_file, file_type, data_file_type;
+type aee_core_data_file, file_type, data_file_type, core_data_file_type;
+type aee_core_vendor_file, file_type, data_file_type;
 
 # NE tombstone
 type aee_tombstone_data_file, file_type, data_file_type;
 
 # AEE exp
-type aee_exp_data_file, file_type, data_file_type;
+#type aee_exp_data_file, file_type, data_file_type;
-type aee_dumpsys_data_file, file_type, data_file_type;
+type aee_exp_data_file, file_type, data_file_type, core_data_file_type;
+type aee_exp_vendor_file, file_type, data_file_type;
+type aee_dumpsys_data_file, file_type, data_file_type, core_data_file_type;
+type aee_dumpsys_vendor_file, file_type, data_file_type;
 
 # SF rtt dump
 type sf_rtt_file, file_type, data_file_type;
@@ -125,7 +129,8 @@ type proc_icusb, fs_type;
 type iso9660, fs_type;
 
 # data_tmpfs_log
-type data_tmpfs_log_file, file_type, data_file_type;
+type data_tmpfs_log_file, file_type, data_file_type, core_data_file_type;
+type vendor_tmpfs_log_file, file_type, data_file_type;
 
 # rawfs for /protect_f on NAND projects
 type rawfs, fs_type, mlstrustedobject;

non_plat/file_contexts

@@ -19,8 +19,8 @@
 # Data files
 #
 #/data/misc/mddb(/.*)?    u:object_r:mddb_data_file:s0
-#/data/aee_exp(/.*)?  u:object_r:aee_exp_data_file:s0
+/data/aee_exp(/.*)?  u:object_r:aee_exp_data_file:s0
-#/data/vendor/mtklog/aee_exp(/.*)?  u:object_r:aee_exp_data_file:s0
+/data/vendor/mtklog/aee_exp(/.*)?  u:object_r:aee_exp_vendor_file:s0
 #/data/agps_supl(/.*)?    u:object_r:agpsd_data_file:s0
 #/data/mnl_flp(/.*)?    u:object_r:mnld_data_file:s0
 #/data/mnl_gfc(/.*)?    u:object_r:mnld_data_file:s0
@@ -28,12 +28,12 @@
 #/data/anr/SF_RTT(/.*)? u:object_r:sf_rtt_file:s0
 #/data/ccci_cfg(/.*)? u:object_r:ccci_cfg_file:s0
 #/data/flashless(/.*)? u:object_r:c2k_file:s0
-#/data/core(/.*)? u:object_r:aee_core_data_file:s0
+/data/core(/.*)? u:object_r:aee_core_data_file:s0
-#/data/vendor/core(/.*)? u:object_r:aee_core_data_file:s0
+/data/vendor/core(/.*)? u:object_r:aee_core_vendor_file:s0
 /data/vendor/tombstones(/.*)? u:object_r:aee_tombstone_data_file:s0
 #/data/dontpanic(/.*)? u:object_r:dontpanic_data_file:s0
-#/data/dumpsys(/.*)?    u:object_r:aee_dumpsys_data_file:s0
+/data/dumpsys(/.*)?    u:object_r:aee_dumpsys_data_file:s0
-#/data/vendor/dumpsys(/.*)?    u:object_r:aee_dumpsys_data_file:s0
+/data/vendor/dumpsys(/.*)?    u:object_r:aee_dumpsys_vendor_file:s0
 /data/extmdl(/.*)? u:object_r:mdlog_data_file:s0
 #/data/http-proxy-cfg(/.*)? u:object_r:http_proxy_cfg_data_file:s0
 #/data/log_temp(/.*)? u:object_r:logtemp_data_file:s0
@@ -50,8 +50,8 @@
 #/data/md3(/.*)? u:object_r:c2k_file:s0
 #/data/mal(/.*)? u:object_r:mal_data_file:s0
 /data/SF_dump(./*)? u:object_r:sf_bqdump_data_file:s0
-#/data/data_tmpfs_log(/.*)? u:object_r:data_tmpfs_log_file:s0
+/data/data_tmpfs_log(/.*)? u:object_r:data_tmpfs_log_file:s0
-#/data/vendor/data_tmpfs_log(/.*)? u:object_r:data_tmpfs_log_file:s0
+/data/vendor/data_tmpfs_log(/.*)? u:object_r:vendor_tmpfs_log_file:s0
 #/data/tmp_mnt/data_tmpfs_log(/.*)? u:object_r:data_tmpfs_log_file:s0
 #/data/tmp_mnt/vendor/data_tmpfs_log(/.*)? u:object_r:data_tmpfs_log_file:s0
 #/data/setkey.conf        u:object_r:ims_ipsec_data_file:s0