[ALPS03881723] Workaround build error

[Detail] enable PRODUCT_COMPATIBLE_PROPERTY_OVERRIDE = true, will cause build error [Solution] Mark rules that violate AOSP neverallow rules MTK-Commit-Id: c850c6f1fcb8de76235ea2be51becb7a2ccc6190 Change-Id: Ib9a80f4495d6db588133f929c9ea70e7215ad2aa CR-Id: ALPS03881723 Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
2020-01-18 09:35:54 +08:00 · 2020-01-18 09:35:54 +08:00 · 59f0ec9f6e
commit 59f0ec9f6e
parent bea2ef85fd
9 changed files with 16 additions and 16 deletions
--- a/non_plat/ccci_mdinit.te
+++ b/non_plat/ccci_mdinit.te
@ -35,7 +35,7 @@ set_prop(ccci_mdinit, ctl_ril-daemon-d_prop)
 set_prop(ccci_mdinit, ctl_ril-proxy_prop)
 set_prop(ccci_mdinit, ril_active_md_prop)
 set_prop(ccci_mdinit, mtk_md_prop)
-set_prop(ccci_mdinit, radio_prop)
+#set_prop(ccci_mdinit, radio_prop)
 set_prop(ccci_mdinit, net_cdma_mdmstat)
 #=============allow ccci_mdinit to get tel_switch_prop==============
 get_prop(ccci_mdinit, tel_switch_prop)
--- a/non_plat/gsm0710muxd.te
+++ b/non_plat/gsm0710muxd.te
@ -21,7 +21,7 @@ set_prop(gsm0710muxd, ctl_rildaemon_prop)
 set_prop(gsm0710muxd, ctl_ril-daemon-mtk_prop)
 set_prop(gsm0710muxd, ctl_fusion_ril_mtk_prop)
 set_prop(gsm0710muxd, gsm0710muxd_prop)
-set_prop(gsm0710muxd, radio_prop)
+#set_prop(gsm0710muxd, radio_prop)
 # allow set muxreport control properties
 set_prop(gsm0710muxd, ril_mux_report_case_prop)

--- a/non_plat/md_ctrl.te
+++ b/non_plat/md_ctrl.te
@ -23,7 +23,7 @@ allow md_ctrl emd_device:chr_file { rw_file_perms };
 allow md_ctrl eemcs_device:chr_file { rw_file_perms  };

 # Needed to set vold.encryption.type
-set_prop(md_ctrl, vold_prop)
+#set_prop(md_ctrl, vold_prop)

 # Allow read to sys/kernel/ccci/* files
 allow md_ctrl sysfs_ccci:dir search;
--- a/non_plat/mediacodec.te
+++ b/non_plat/mediacodec.te
@ -150,8 +150,8 @@ allow mediacodec surfaceflinger:fifo_file rw_file_perms;
 # Operator: Whitney SQC
 # Purpose: mediacodec use gpu
 allow mediacodec gpu_device:dir search;
-allow mediacodec debug_prop:property_service set;
-allow mediacodec system_prop:property_service set;
+#allow mediacodec debug_prop:property_service set;
+#allow mediacodec system_prop:property_service set;

 # Date : W18.01
 # Add for turn on SElinux in enforcing mode
@ -199,4 +199,4 @@ allow mediacodec graphics_device:dir search;
 # Date : WK18.03
 # Operation : MT6771 SQC
 # Purpose : Video SW decoder setprop for dex2oat thread 2
-allow mediacodec dalvik_prop:property_service set;
+#allow mediacodec dalvik_prop:property_service set;
--- a/non_plat/mtk_hal_pq.te
+++ b/non_plat/mtk_hal_pq.te
@ -33,8 +33,8 @@ allow mtk_hal_pq graphics_device:chr_file { read write open ioctl };
 # Purpose : Allow property set
 allow mtk_hal_pq init:unix_stream_socket connectto;
 allow mtk_hal_pq property_socket:sock_file write;
-allow mtk_hal_pq system_prop:property_service set;
-allow mtk_hal_pq debug_prop:property_service set;
+#allow mtk_hal_pq system_prop:property_service set;
+#allow mtk_hal_pq debug_prop:property_service set;

 # Purpose : Allow permission to get AmbientLux from hwservice_manager
 allow mtk_hal_pq fwk_sensor_hwservice:hwservice_manager find;
--- a/non_plat/mtkfusionrild.te
+++ b/non_plat/mtkfusionrild.te
@ -22,9 +22,9 @@ allow rild cgroup:dir create_dir_perms;

 # Property service
 # allow set RIL related properties (radio./net./system./etc)
-set_prop(rild, radio_prop)
-set_prop(rild, net_radio_prop)
-set_prop(rild, system_radio_prop)
+#set_prop(rild, radio_prop)
+#set_prop(rild, net_radio_prop)
+#set_prop(rild, system_radio_prop)
 set_prop(rild, persist_ril_prop)
 auditallow rild net_radio_prop:property_service set;
 auditallow rild system_radio_prop:property_service set;
--- a/non_plat/mtkrild.te
+++ b/non_plat/mtkrild.te
@ -25,9 +25,9 @@ allow mtkrild cgroup:dir create_dir_perms;

 # Property service
 # allow set RIL related properties (radio./net./system./etc)
-set_prop(mtkrild, radio_prop)
-set_prop(mtkrild, net_radio_prop)
-set_prop(mtkrild, system_radio_prop)
+#set_prop(mtkrild, radio_prop)
+#set_prop(mtkrild, net_radio_prop)
+#set_prop(mtkrild, system_radio_prop)
 set_prop(mtkrild, persist_ril_prop)
 auditallow mtkrild net_radio_prop:property_service set;
 auditallow mtkrild system_radio_prop:property_service set;
--- a/non_plat/muxreport.te
+++ b/non_plat/muxreport.te
@ -27,7 +27,7 @@ allow muxreport emd_device:chr_file { rw_file_perms };
 # Allow read to sys/kernel/ccci/* files
 allow muxreport sysfs_ccci:dir search;
 allow muxreport sysfs_ccci:file r_file_perms;
-set_prop(muxreport, radio_prop)
+#set_prop(muxreport, radio_prop)

 # Date : WK18.16
 # Operation: P migration
--- a/non_plat/nvram_daemon.te
+++ b/non_plat/nvram_daemon.te
@ -28,7 +28,7 @@ allow nvram_daemon nvdata_device:blk_file rw_file_perms;
 # Date : WK14.34
 # Operation : Migration 
 # Purpose : the option is used to tell that if other processes can access nvram. 
-allow nvram_daemon system_prop:property_service set;
+#allow nvram_daemon system_prop:property_service set;

 # Date : WK14.35
 # Operation : chown folder and file permission