[ALPS02333452] Android p selinux change

[Detail] Android has defined neverallow rules to restrict direct access to system files. We need to have a custom label for each policy. [Solution] Define custom label for drmserver MTK-Commit-Id: 996de9ff486db13908f6d58b476613957d4f336d Change-Id: I34c8d86c1baf9daa02e29323007e4136c6048b31 CR-Id: ALPS02333452 Feature: OMA DRM V1.0
2020-01-18 09:38:57 +08:00 · 2020-01-18 09:38:57 +08:00 · 56f34167cf
commit 56f34167cf
parent a0c381a5c3
3 changed files with 9 additions and 1 deletions
--- a/prebuilts/api/26.0/plat_private/drmserver.te
+++ b/prebuilts/api/26.0/plat_private/drmserver.te
@ -3,4 +3,4 @@
 # ======================

 # =======drmserver======
-#allow drmserver sysfs:file { read open };
+allow drmserver access_sys_file:file { read open };
--- a/prebuilts/api/26.0/plat_private/file.te
+++ b/prebuilts/api/26.0/plat_private/file.te
@ -0,0 +1,6 @@
+# ==============================================
+# MTK Policy Rule
+# ==============================================
+
+# For drmserver
+type access_sys_file, fs_type, sysfs_type;
--- a/prebuilts/api/26.0/plat_private/file_contexts
+++ b/prebuilts/api/26.0/plat_private/file_contexts
@ -37,3 +37,5 @@
 # it is used to mount all storages in meta/factory mode
 /system/bin/storagemanagerd u:object_r:storagemanagerd_exec:s0

+# For drmserver
+/sys/block/mmcblk0rpmb/size u:object_r:access_sys_file:s0