From 5068833fef670c7dabdf91e14c14e437a7e51e1e Mon Sep 17 00:00:00 2001 From: "bo.shang" Date: Sat, 18 Jan 2020 10:15:08 +0800 Subject: [PATCH] [ALPS04532537] Copy vendor modem db and filter New feature: Add selinux of HIDL service and client. Use HIDL copy modem db and filter from vendor image to data partition for modem log tool. MTK-Commit-Id: 7fadaf0f2a60d05d7464264ef9e23a75ca27bb66 Change-Id: I12cc8614537f30e90a1717f9838c52283342eb55 CR-Id: ALPS04532537 Feature: Modem Log Tool --- non_plat/attributes | 5 +++-- non_plat/file_contexts | 2 ++ non_plat/hwservice.te | 4 ++++ non_plat/hwservice_contexts | 4 ++++ non_plat/modemdbfilter_service.te | 18 ++++++++++++++++++ non_plat/mtk_hal_md_dbfilter.te | 6 ++++++ plat_private/emdlogger.te | 5 +++++ plat_private/file.te | 9 +++++++++ plat_private/file_contexts | 2 ++ plat_private/mdlogger.te | 6 +++++- plat_private/modemdbfilter_client.te | 22 ++++++++++++++++++++++ plat_public/attributes | 4 ++++ plat_public/modemdbfilter_client.te | 8 ++++++++ 13 files changed, 92 insertions(+), 3 deletions(-) create mode 100755 non_plat/modemdbfilter_service.te create mode 100755 non_plat/mtk_hal_md_dbfilter.te create mode 100755 plat_private/modemdbfilter_client.te create mode 100755 plat_public/modemdbfilter_client.te diff --git a/non_plat/attributes b/non_plat/attributes index 0b0cef7..4c2568f 100644 --- a/non_plat/attributes +++ b/non_plat/attributes @@ -71,5 +71,6 @@ attribute hal_atci; attribute hal_atci_client; attribute hal_atci_server; - - +# Date: 2019/06/12 +# modem db filter hidl +attribute mtk_hal_md_dbfilter_server; diff --git a/non_plat/file_contexts b/non_plat/file_contexts index dbf5c1c..5cc01e5 100644 --- a/non_plat/file_contexts +++ b/non_plat/file_contexts @@ -649,6 +649,8 @@ /vendor/bin/em_hidl u:object_r:em_hidl_exec:s0 +/vendor/bin/hw/modemdbfilter_service u:object_r:modemdbfilter_service_exec:s0 + # Date : 2018/06/15 # Purpose : mtk EM flash reading /proc/mounts u:object_r:proc_flash:s0 diff --git a/non_plat/hwservice.te b/non_plat/hwservice.te index f3ababa..a829740 100644 --- a/non_plat/hwservice.te +++ b/non_plat/hwservice.te @@ -50,3 +50,7 @@ type mtk_hal_keymanage_hwservice, hwservice_manager_type; # GPU HIDL type mtk_hal_gpu_hwservice, hwservice_manager_type; +# Date: 2019/06/12 +# modem db filter hidl +type mtk_hal_md_dbfilter_hwservice, hwservice_manager_type; + diff --git a/non_plat/hwservice_contexts b/non_plat/hwservice_contexts index 4b121be..b481da8 100644 --- a/non_plat/hwservice_contexts +++ b/non_plat/hwservice_contexts @@ -57,3 +57,7 @@ vendor.mediatek.hardware.mms::IMms u:object_r:mtk_hal_mms_hwservice:s0 # GPU HIDL vendor.mediatek.hardware.gpu::IGraphicExt u:object_r:mtk_hal_gpu_hwservice:s0 +# Date: 2019/06/12 +# modem db filter hidl +vendor.mediatek.hardware.modemdbfilter::ICopyDBFilter u:object_r:mtk_hal_md_dbfilter_hwservice:s0 + diff --git a/non_plat/modemdbfilter_service.te b/non_plat/modemdbfilter_service.te new file mode 100755 index 0000000..e1c1090 --- /dev/null +++ b/non_plat/modemdbfilter_service.te @@ -0,0 +1,18 @@ +# ============================================== +# Policy File of /vendor/bin/hw/modemdbfilter_service Executable File + +# ============================================== +# Type Declaration +# ============================================== + +type modemdbfilter_service ,domain; +type modemdbfilter_service_exec, exec_type, file_type, vendor_file_type; +typeattribute modemdbfilter_service mlstrustedsubject; + +#Purpose : for create hidl server +hal_server_domain(modemdbfilter_service, mtk_hal_md_dbfilter) +init_daemon_domain(modemdbfilter_service) + +# ============================================== +# MTK Policy Rule +# ============================================== diff --git a/non_plat/mtk_hal_md_dbfilter.te b/non_plat/mtk_hal_md_dbfilter.te new file mode 100755 index 0000000..5abc292 --- /dev/null +++ b/non_plat/mtk_hal_md_dbfilter.te @@ -0,0 +1,6 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(mtk_hal_md_dbfilter_client, mtk_hal_md_dbfilter_server) +binder_call(mtk_hal_md_dbfilter_server, mtk_hal_md_dbfilter_client) + +add_hwservice(mtk_hal_md_dbfilter_server, mtk_hal_md_dbfilter_hwservice) +allow mtk_hal_md_dbfilter_client mtk_hal_md_dbfilter_hwservice:hwservice_manager find; diff --git a/plat_private/emdlogger.te b/plat_private/emdlogger.te index 6d4010d..c81fe15 100755 --- a/plat_private/emdlogger.te +++ b/plat_private/emdlogger.te @@ -73,3 +73,8 @@ allow emdlogger tmpfs:dir write; allow emdlogger sysfs_dt_firmware_android:file { read open getattr }; allow emdlogger system_file:dir open; allow emdlogger vendor_default_prop:file { read getattr open }; + +## Android Q migration +## purpose: read modem db and filter folder and file +allow emdlogger mddb_filter_data_file:dir { r_dir_perms }; +allow emdlogger mddb_filter_data_file:file { r_file_perms }; diff --git a/plat_private/file.te b/plat_private/file.te index 9a4c39c..da41ba0 100755 --- a/plat_private/file.te +++ b/plat_private/file.te @@ -7,3 +7,12 @@ # Operation : Migration # Purpose : For drmserver type access_sys_file, fs_type, sysfs_type; + +###################################### +# core domain file data + +# For modem db filter HIDL client +# Date: WK1924 +# Operation : Save modem db and filter into data partition +# Purpose : For Modem db and filter file +type mddb_filter_data_file, file_type, data_file_type, core_data_file_type; diff --git a/plat_private/file_contexts b/plat_private/file_contexts index 4d61d91..e92e062 100644 --- a/plat_private/file_contexts +++ b/plat_private/file_contexts @@ -2,6 +2,7 @@ # Data files # +/data/system_de/mdfilter(/.*)? u:object_r:mddb_filter_data_file:s0 ############################# # debugfs files # @@ -14,6 +15,7 @@ /system/bin/aee_core_forwarder u:object_r:aee_core_forwarder_exec:s0 /system/bin/mdlogger u:object_r:mdlogger_exec:s0 /system/bin/emdlogger[0-9]+ u:object_r:emdlogger_exec:s0 +/system/bin/modemdbfilter_client u:object_r:modemdbfilter_client_exec:s0 /system/bin/netdiag u:object_r:netdiag_exec:s0 /system/bin/loghidlsysservice u:object_r:loghidlsysservice_exec:s0 /system/bin/cmddumper u:object_r:cmddumper_exec:s0 diff --git a/plat_private/mdlogger.te b/plat_private/mdlogger.te index b84713a..b1ffcd6 100644 --- a/plat_private/mdlogger.te +++ b/plat_private/mdlogger.te @@ -44,6 +44,10 @@ allow mdlogger storage_file:file { create_file_perms }; ## purpose: avc: denied { read } for name="plat_file_contexts" allow mdlogger file_contexts_file:file { read getattr open }; -# Allow read avc: denied { read } for name="mddb" dev="mmcblk0p25" ino=681 +# Allow read avc: denied { read } for name="mddb" dev="mmcblk0p25" ino=681 # scontext=u:r:mdlogger:s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=0 allow mdlogger system_file:dir read; +## Android Q migration +## purpose: read modem db and filter folder and file +allow mdlogger mddb_filter_data_file:dir { r_dir_perms }; +allow mdlogger mddb_filter_data_file:file { r_file_perms }; diff --git a/plat_private/modemdbfilter_client.te b/plat_private/modemdbfilter_client.te new file mode 100755 index 0000000..c63b2b8 --- /dev/null +++ b/plat_private/modemdbfilter_client.te @@ -0,0 +1,22 @@ +# ============================================== +# Policy File of /system/bin/modemdbfilter_client Executable File + +# ============================================== +# Type Declaration +# ============================================== +# system_file_type for Q +type modemdbfilter_client_exec, exec_type, system_file_type, file_type; +typeattribute modemdbfilter_client coredomain; +init_daemon_domain(modemdbfilter_client) + +# Purpose : for create hidl client +hal_client_domain(modemdbfilter_client, mtk_hal_md_dbfilter) + +# ============================================== +# MTK Policy Rule +# ============================================== +allow modemdbfilter_client mddb_filter_data_file:dir { create_dir_perms relabelto }; +allow modemdbfilter_client mddb_filter_data_file:file { create_file_perms }; +allow modemdbfilter_client system_data_file:dir { create_dir_perms relabelfrom }; +allow modemdbfilter_client file_contexts_file:file { r_file_perms }; + diff --git a/plat_public/attributes b/plat_public/attributes index ee79ce2..53ca171 100644 --- a/plat_public/attributes +++ b/plat_public/attributes @@ -14,3 +14,7 @@ attribute mtk_hal_lbs; attribute mtk_hal_lbs_client; attribute mtk_hal_lbs_server; +# Date: 2019/06/12 +# modem db filter hidl +attribute mtk_hal_md_dbfilter; +attribute mtk_hal_md_dbfilter_client; diff --git a/plat_public/modemdbfilter_client.te b/plat_public/modemdbfilter_client.te new file mode 100755 index 0000000..840b786 --- /dev/null +++ b/plat_public/modemdbfilter_client.te @@ -0,0 +1,8 @@ +# ============================================== +# Policy File of /system/bin/modemdbfilter_client Executable File + +# ============================================== +# Type Declaration +# ============================================== + +type modemdbfilter_client, domain;