[ALPS04719663] fix some avc denied issue
update some sepolicy rules MTK-Commit-Id: c1294d5ae7714677077e8d38c6c1624955816cdb Change-Id: Id30499203b004677bf95b221195ef33749ec6a36 CR-Id: ALPS04719663 Feature: Android Exception Engine(AEE)
This commit is contained in:
Huaiming Li
parent
81a6fb6c62
commit
6272c879bf
@ -147,7 +147,7 @@ allow aee_aedv debugfs_wakeup_sources:file { read open };
|
|||||||
allow aee_aedv debugfs_dmlog_debug:file { read open };
|
allow aee_aedv debugfs_dmlog_debug:file { read open };
|
||||||
allow aee_aedv debugfs_page_owner_slim_debug:file { read open };
|
allow aee_aedv debugfs_page_owner_slim_debug:file { read open };
|
||||||
allow aee_aedv debugfs_ion_mm_heap:dir search;
|
allow aee_aedv debugfs_ion_mm_heap:dir search;
|
||||||
allow aee_aedv debugfs_ion_mm_heap:file { read open };
|
allow aee_aedv debugfs_ion_mm_heap:file r_file_perms;
|
||||||
allow aee_aedv debugfs_ion_mm_heap:lnk_file read;
|
allow aee_aedv debugfs_ion_mm_heap:lnk_file read;
|
||||||
allow aee_aedv debugfs_cpuhvfs:dir search;
|
allow aee_aedv debugfs_cpuhvfs:dir search;
|
||||||
allow aee_aedv debugfs_cpuhvfs:file { read open };
|
allow aee_aedv debugfs_cpuhvfs:file { read open };
|
||||||
@ -423,3 +423,15 @@ allow aee_aedv connsyslog_data_vendor_file:dir r_dir_perms;
|
|||||||
|
|
||||||
# Purpose: Allow aee_aedv to read the /proc/*/exe of vendor process
|
# Purpose: Allow aee_aedv to read the /proc/*/exe of vendor process
|
||||||
allow aee_aedv vendor_file_type:file r_file_perms;
|
allow aee_aedv vendor_file_type:file r_file_perms;
|
||||||
|
|
||||||
|
# Purpose: Allow aee_aedv to read /sys/kernel/debug/smi_mon
|
||||||
|
allow aee_aedv debugfs_smi_mon:file r_file_perms;
|
||||||
|
|
||||||
|
# Purpose: Allow aee_aedv to read /proc/isp_p2/isp_p2_kedump
|
||||||
|
allow aee_aedv proc_isp_p2_kedump:file r_file_perms;
|
||||||
|
|
||||||
|
# Purpose: Allow aee_aedv to read /sys/kernel/debug/vpu/vpu_memory
|
||||||
|
allow aee_aedv debugfs_vpu_memory:file r_file_perms;
|
||||||
|
|
||||||
|
# Purpose: Allow aee_aedv to read /proc/cpuhvfs/dbg_repo
|
||||||
|
allow aee_aedv proc_dbg_repo:file r_file_perms;
|
||||||
|
|||||||
@ -171,3 +171,6 @@ allow dumpstate debugfs_kmemleak:file r_file_perms;
|
|||||||
|
|
||||||
#Purpose: Allow dumpstate to read /sys/class/misc/adsp/adsp_last_log
|
#Purpose: Allow dumpstate to read /sys/class/misc/adsp/adsp_last_log
|
||||||
allow dumpstate sysfs_adsp:file r_file_perms;
|
allow dumpstate sysfs_adsp:file r_file_perms;
|
||||||
|
|
||||||
|
#Purpose: Allow dumpstate to read /sys/kernel/debug/smi_mon
|
||||||
|
allow dumpstate debugfs_smi_mon:file r_file_perms;
|
||||||
|
|||||||
@ -376,3 +376,6 @@ type netd_socket, file_type, coredomain_socket;
|
|||||||
# Date : WK19.27
|
# Date : WK19.27
|
||||||
# Purpose: Android Migration for SVP
|
# Purpose: Android Migration for SVP
|
||||||
type proc_m4u, fs_type, proc_type;
|
type proc_m4u, fs_type, proc_type;
|
||||||
|
|
||||||
|
# Date : 2019/08/15
|
||||||
|
type debugfs_smi_mon, fs_type, debugfs_type;
|
||||||
|
|||||||
@ -206,6 +206,8 @@ genfscon debugfs /eara_thermal/enable u:object_r:debugfs_eara_thermal:s0
|
|||||||
# mtk EM power PMU register
|
# mtk EM power PMU register
|
||||||
genfscon debugfs /rt-regmap u:object_r:debugfs_regmap:s0
|
genfscon debugfs /rt-regmap u:object_r:debugfs_regmap:s0
|
||||||
|
|
||||||
|
# 2019/08/15
|
||||||
|
genfscon debugfs /smi_mon u:object_r:debugfs_smi_mon:s0
|
||||||
|
|
||||||
genfscon iso9660 / u:object_r:iso9660:s0
|
genfscon iso9660 / u:object_r:iso9660:s0
|
||||||
genfscon rawfs / u:object_r:rawfs:s0
|
genfscon rawfs / u:object_r:rawfs:s0
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user