NekoSakura/android_device_mediatek_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[ALPS02333452] Android p selinux change

Browse Source 
[Detail]
Android has defined neverallow rules
to restrict direct access to system files.
We need to have a custom label for each policy.

[Solution]
Define custom label for drmserver

MTK-Commit-Id: 996de9ff486db13908f6d58b476613957d4f336d

Change-Id: I34c8d86c1baf9daa02e29323007e4136c6048b31
CR-Id: ALPS02333452
Feature: OMA DRM V1.0
This commit is contained in:
mtk33297 2020-01-18 09:38:57 +08:00
parent a0c381a5c3
commit 56f34167cf
3 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
prebuilts/api/26.0/plat_private/drmserver.te
View File

@ -3,4 +3,4 @@
# ====================== # ======================
# =======drmserver====== # =======drmserver======
#allow drmserver sysfs:file { read open }; allow drmserver access_sys_file:file { read open };

6
prebuilts/api/26.0/plat_private/file.te Executable file
View File

@ -0,0 +1,6 @@
# ==============================================
# MTK Policy Rule
# ==============================================
# For drmserver
type access_sys_file, fs_type, sysfs_type;

2
prebuilts/api/26.0/plat_private/file_contexts
View File

@ -37,3 +37,5 @@
# it is used to mount all storages in meta/factory mode # it is used to mount all storages in meta/factory mode
/system/bin/storagemanagerd u:object_r:storagemanagerd_exec:s0 /system/bin/storagemanagerd u:object_r:storagemanagerd_exec:s0
# For drmserver
/sys/block/mmcblk0rpmb/size u:object_r:access_sys_file:s0