[ALPS03948310] add sepolicy

[Detail] 1. add sepolicy for aeev 2. add sepolicy for dumpstate hal service [Solution] MTK-Commit-Id: c9a341625f9f299341a0ba5ec02db3ffb2cf7edc Change-Id: Ida4c75fc762293005b1f7942dd23efb9540d5e13 CR-Id: ALPS03948310 Feature: Android Exception Engine(AEE)
2020-01-18 09:59:28 +08:00 · 2020-01-18 09:59:28 +08:00 · 5c7942168d
commit 5c7942168d
parent 77655e590e
3 changed files with 19 additions and 0 deletions
--- a/non_plat/file_contexts
+++ b/non_plat/file_contexts
@ -611,3 +611,6 @@
 /vendor/lib(64)?/libpq_prot\.so                                      u:object_r:same_process_hal_file:s0

 /vendor/lib(64)?/libladder\.so   u:object_r:same_process_hal_file:s0
+
+/vendor/bin/hw/vendor\.mediatek\.hardware\.dumpstate@1\.0-service      u:object_r:hal_dumpstate_impl_exec:s0
+/vendor/bin/aeev  u:object_r:aee_aedv_exec:s0
--- a/non_plat/hal_dumpstate_impl.te
+++ b/non_plat/hal_dumpstate_impl.te
@ -0,0 +1,11 @@
+type hal_dumpstate_impl, domain;
+hal_server_domain(hal_dumpstate_impl, hal_dumpstate)
+
+type hal_dumpstate_impl_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_dumpstate_impl)
+
+allow hal_dumpstate_impl vendor_shell_exec:file rx_file_perms;
+allow hal_dumpstate_impl vendor_toolbox_exec:file rx_file_perms;
+
+allow hal_dumpstate_impl aee_exp_vendor_file:file create_file_perms;
+allow hal_dumpstate_impl aee_exp_vendor_file:dir create_dir_perms;
--- a/plat_private/vendor_shell.te
+++ b/plat_private/vendor_shell.te
@ -0,0 +1,5 @@
+# ==============================================
+# MTK Policy Rule
+# =============================================
+# Purpose : allow vendor_shell to run aeev
+allow vendor_shell aee_aedv_exec:file execute_no_trans;