[ALPS03860173] Modify em_svr SEPolicy

[Detail] Modify em_svr SEPolicy to support Android P MTK-Commit-Id: bb10076f302a7f07d7fabb0b281a01ff3694efb6 Change-Id: Ic56cf6be0f82d0c146cdeebbc85ed00958577aff CR-Id: ALPS03860173 Feature: Engineering Mode
2020-01-18 09:30:40 +08:00 · 2020-01-18 09:30:40 +08:00 · 5aa62a3b04
commit 5aa62a3b04
parent 551d01441c
2 changed files with 81 additions and 97 deletions
--- a/non_plat/em_svr.te
+++ b/non_plat/em_svr.te
@ -1,45 +1,34 @@
-# Date: W14.38 2014/09/17
-# Operation : Migration
-# Purpose : for em_svr
-allow em_svr nvram_device:blk_file { read write open };
-allow em_svr nvdata_device:blk_file { read write open };
-allow em_svr bootdevice_block_device:blk_file { read write open };
-allow em_svr misc_sd_device:chr_file { read open ioctl };
-allow em_svr als_ps_device:chr_file { read ioctl open };
-allow em_svr gsensor_device:chr_file { read ioctl open };
-allow em_svr gyroscope_device:chr_file { read ioctl open };
-typeattribute em_svr data_between_core_and_vendor_violators;
-allow em_svr nvram_data_file:dir { write read open add_name search };
-allow em_svr nvram_data_file:file { write getattr setattr read create open };
-allow em_svr nvram_data_file:lnk_file read;
-allow em_svr nvdata_file:lnk_file read;
-allow em_svr nvdata_file:dir { write read open add_name search };
-allow em_svr nvdata_file:file { write getattr setattr read create open };
-allow em_svr nvram_device:chr_file { open read write ioctl };
-typeattribute em_svr system_executes_vendor_violators;
-allow em_svr thermal_manager_exec:file { getattr execute read open execute_no_trans };
-allow em_svr proc_mtkcooler:dir search;
-allow em_svr proc_mtkcooler:file { read getattr open write };
-allow em_svr proc_thermal:dir search;
-allow em_svr proc_thermal:file { read getattr open write };
-allow em_svr proc_mtktz:dir search;
-allow em_svr proc_mtktz:file  { read getattr open write };
-allow em_svr proc_slogger:file { read getattr open write };
-allow em_svr proc_lk_env:file { read getattr open write ioctl};
-allow em_svr para_block_device:blk_file { read open };
-# Date: 2015/12/22
-# Operation : M Migration
-# Purpose : Battery Log can change temperature
-userdebug_or_eng(`
-allow em_svr proc_battery_cmd:dir search;
-allow em_svr proc_battery_cmd:file { read getattr open write };
-')
+# Date: WK1812
+# Purpose: add for sensor calibration
+allow em_svr als_ps_device:chr_file { read open ioctl };
+allow em_svr gsensor_device:chr_file { read open ioctl };

-# Date : WK16.33
-# Purpose: Allow to access ged for gralloc_extra functions
-allow em_svr proc_ged:file {open read write ioctl getattr};
-
-# Date : WK17.42
-# Purpose: Allow to query md log filter bin
+# Date: WK1812
+# Purpose: add for MD log filter
 allow em_svr md_block_device:blk_file { read open };

+# Date: WK1812
+# Purpose: add for SIB capture
+allow em_svr para_block_device:blk_file { read open };
+allow em_svr proc_lk_env:file { read write ioctl open };
+
+# Date: WK1812
+# Purpose: add for MSDC get/set
+allow em_svr misc_sd_device:chr_file { read open ioctl };
+
+# Date: WK1812
+# Purpose: add for battery log
+allow em_svr proc_battery_cmd:dir { write search add_name };
+allow em_svr proc_battery_cmd:file { create write open };
+
+# Date: WK1812
+# Purpose: add for light/proximity sensor
+#allow em_svr nvdata_file:dir { write open search read add_name };
+#allow em_svr nvdata_file:file { getattr read write create open setattr };
+allow em_svr nvram_device:blk_file { open read write };
+
+# Date: WK1812
+# Purpose: add for Gyroscope sensor
+allow em_svr gyroscope_device:chr_file { read ioctl open };
+
+
--- a/plat_private/em_svr.te
+++ b/plat_private/em_svr.te
@ -1,6 +1,7 @@
 # ==============================================
 # Policy File of /system/bin/em_svr Executable File

+
 # ==============================================
 # Type Declaration
 # ==============================================
@ -22,66 +23,60 @@ typeattribute em_svr coredomain;

 init_daemon_domain(em_svr)

-# Date: W14.38 2014/09/17
-# Operation : Migration
-# Purpose : for em_svr
-#allow em_svr proc:file write;
-#allow em_svr sysfs:file write;
-allow em_svr shell_exec:file { read execute open getattr execute_no_trans };
-allow em_svr system_file:file execute_no_trans;
+# Date: WK1812
+# Purpose: add for MD log filter
 allow em_svr block_device:dir search;
-allow em_svr graphics_device:chr_file { read write open ioctl};
+allow em_svr sdcardfs:dir { search write add_name };
+allow em_svr sdcardfs:file { write create open };
+
+allow em_svr media_rw_data_file:dir { read write search open add_name };
+allow em_svr media_rw_data_file:file { write create open };
+
+
+
+# Date: WK1812
+# Purpose: add for controlling screen on/off
 allow em_svr graphics_device:dir search;
-allow em_svr radio_data_file:dir { search write add_name create };
-allow em_svr radio_data_file:file { create write open read };
-allow em_svr sysfs_devices_system_cpu:file write;
-#allow em_svr self:capability { dac_override sys_nice fowner chown fsetid };
-allow em_svr self:process execmem;
-allow em_svr system_data_file:dir { write remove_name add_name relabelfrom create open };
-allow em_svr kernel:system module_request;
-allow em_svr sdcard_type:dir create_dir_perms;
-allow em_svr sdcard_type:file create_file_perms;
-
-# Date: 2015/08/09
-# Operation : M Migration
-# Purpose : set policy for surfaceflinger_service
+allow em_svr graphics_device:chr_file { open read write ioctl };
 allow em_svr surfaceflinger_service:service_manager find;
-
-# Date: 2015/08/21
-# Operation : M Migration
-# Purpose : set policy for sysfs:dir
-allow em_svr sysfs:dir write;
-
-# for use binder
 binder_use(em_svr)
 binder_call(em_svr, surfaceflinger)

-# Date: 2017/07/19
-# Operation : O Migration
-# Purpose : add policy for desense/Power/Memory access system file
-allow em_svr toolbox_exec:file { getattr execute read open execute_no_trans };
-allow em_svr vendor_toolbox_exec:file { getattr };
-#allow em_svr proc:file { open read };
-#allow em_svr sysfs:file { read };
-
-# Date: 2017/07/19
-# Operation : O Migration
-# Purpose : add policy for PSensorThreshold/PSensorData read nvram file
-allow em_svr system_data_file:lnk_file { read };
-
-# Date: 2015/09/16
-# Operation : M Migration
-# Purpose : add policy for system data file access
-allow em_svr system_data_file:file open;
-
-# Date: 2017/07/13
-# Operation: O Migration
-# Purpose: add policy for backlight file access
+# Date: WK1812
+# Purpose: add for controlling backlight
 allow em_svr sysfs_leds:dir search;
-allow em_svr sysfs_leds:lnk_file read;
-#allow em_svr sysfs:file open;

-# Date: WK1742
-# Purpose: add em_svr to access md log filter in sdcard
-allow em_svr media_rw_data_file:dir { read write search open add_name };
-allow em_svr media_rw_data_file:file { write create open };
+# Date: WK1812
+# Purpose: add for sensor calibration
+#allow em_svr self:capability { dac_read_search dac_override chown fsetid };
+
+# Date: WK1812
+# Purpose: add for shell cmd
+allow em_svr shell_exec:file { getattr execute read open execute_no_trans };
+
+# Date: WK1812
+# Purpose: add for power battery charge/PMU
+allow em_svr toolbox_exec:file { getattr execute read open execute_no_trans };
+
+# Date: WK1812
+# Purpose: sys file access
+#allow em_svr sysfs:file { getattr read write open };
+allow em_svr sysfs:dir { open read };
+
+# Date: WK1812
+# Purpose: proc file access
+#allow em_svr proc:file { getattr open read write };
+
+
+
+
+
+
+
+
+
+
+
+
+
+