NekoSakura/android_device_mediatek_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[ALPS03841705] AEE porting on Android P about selinux

Browse Source 
[Detail]
1. add some rules
2. temp solution for getting ro.*.mediatek.version.branch/ ro.*.mediatek.version.release property

MTK-Commit-Id: 12c4d79a10293c4611233c985c29dca94f6e24ae

Change-Id: Ice4d565664f95a456f985ed138f302fe7ac4dbff
CR-Id: ALPS03841705
Feature: Android Exception Engine(AEE)
This commit is contained in:
mtk11285 2020-01-18 09:50:43 +08:00 committed by Weiwei Zhang (张炜玮)
parent 39aae26920
commit 628e0eccb8
8 changed files with 30 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
non_plat/adbd.te
View File

@ -8,3 +8,5 @@
# Operator: Migration # Operator: Migration
# Purpose: Allow adbd to read KE DB # Purpose: Allow adbd to read KE DB
allow adbd aee_dumpsys_data_file:file r_file_perms; allow adbd aee_dumpsys_data_file:file r_file_perms;
allow adbd aee_exp_data_file:dir r_dir_perms;
allow adbd aee_exp_data_file:file r_file_perms;

4
non_plat/aee_aed.te
View File

@ -54,6 +54,10 @@ allow aee_aed proc_cpu_alignment:file { write open };
# Purpose: Allow aee_aed to access /sys/devices/virtual/timed_output/vibrator/enable # Purpose: Allow aee_aed to access /sys/devices/virtual/timed_output/vibrator/enable
allow aee_aed sysfs_vibrator_setting:dir search; allow aee_aed sysfs_vibrator_setting:dir search;
allow aee_aed sysfs_vibrator_setting:file w_file_perms; allow aee_aed sysfs_vibrator_setting:file w_file_perms;
allow aee_aed sysfs_vibrator:dir search;
# Purpose: Allow aee_aed to read /proc/kpageflags # Purpose: Allow aee_aed to read /proc/kpageflags
allow aee_aed proc_kpageflags:file r_file_perms; allow aee_aed proc_kpageflags:file r_file_perms;
# temp solution
get_prop(aee_aed, vendor_default_prop)

9
non_plat/aee_aedv.te
View File

@ -402,6 +402,7 @@ allow aee_aedv proc_last_kmsg:file r_file_perms;
# Purpose: Allow aee_aedv to access /sys/devices/virtual/timed_output/vibrator/enable # Purpose: Allow aee_aedv to access /sys/devices/virtual/timed_output/vibrator/enable
allow aee_aedv sysfs_vibrator_setting:dir search; allow aee_aedv sysfs_vibrator_setting:dir search;
allow aee_aedv sysfs_vibrator_setting:file w_file_perms; allow aee_aedv sysfs_vibrator_setting:file w_file_perms;
allow aee_aedv sysfs_vibrator:dir search;
# Purpose: Allow aee_aedv to read /sys/kernel/debug/rcu/rcu_callback_log # Purpose: Allow aee_aedv to read /sys/kernel/debug/rcu/rcu_callback_log
allow aee_aedv debugfs_rcu:file r_file_perms; allow aee_aedv debugfs_rcu:file r_file_perms;
@ -419,3 +420,11 @@ allow aee_aedv sysfs_boot:file r_file_perms;
userdebug_or_eng(` userdebug_or_eng(`
allow aee_aedv debugfs_tracing_debug:file { r_file_perms write }; allow aee_aedv debugfs_tracing_debug:file { r_file_perms write };
') ')
# Purpose: allow aee_aedv self to sys_ptrace
userdebug_or_eng(`allow aee_aedv self:capability sys_ptrace;')
#Purpose: Allow aee_aedv to read /sys/mtk_memcfg/slabtrace
allow aee_aedv proc_slabtrace:file r_file_perms;
# temp solution
get_prop(aee_aedv, vendor_default_prop)

4
non_plat/dumpstate.te
View File

@ -53,8 +53,8 @@ allow dumpstate sysfs_lowmemorykiller:dir search;
allow dumpstate expdb_block_device:blk_file { read write ioctl open }; allow dumpstate expdb_block_device:blk_file { read write ioctl open };
#/data/anr/SF_RTT #/data/anr/SF_RTT
#allow dumpstate sf_rtt_file:dir search; allow dumpstate sf_rtt_file:dir search;
#allow dumpstate sf_rtt_file:file r_file_perms; allow dumpstate sf_rtt_file:file r_file_perms;
# Data : 2017/03/22 # Data : 2017/03/22
# Operation : add fd use selinux rule # Operation : add fd use selinux rule

1
non_plat/file.te
View File

@ -115,7 +115,6 @@ type aee_core_vendor_file, file_type, data_file_type;
type aee_tombstone_data_file, file_type, data_file_type; type aee_tombstone_data_file, file_type, data_file_type;
# AEE exp # AEE exp
#type aee_exp_data_file, file_type, data_file_type;
type aee_exp_data_file, file_type, data_file_type, core_data_file_type; type aee_exp_data_file, file_type, data_file_type, core_data_file_type;
type aee_exp_vendor_file, file_type, data_file_type; type aee_exp_vendor_file, file_type, data_file_type;
type aee_dumpsys_data_file, file_type, data_file_type, core_data_file_type; type aee_dumpsys_data_file, file_type, data_file_type, core_data_file_type;

5
non_plat/shell.te
View File

@ -18,3 +18,8 @@ set_prop(shell, mtkcam_prop)
# Date : WK17.36 # Date : WK17.36
# Purpose : allow shell to dump the debugging information of power hal. # Purpose : allow shell to dump the debugging information of power hal.
hal_client_domain(shell, hal_power) hal_client_domain(shell, hal_power)
allow shell aee_exp_vendor_file:dir r_dir_perms;
allow shell aee_exp_vendor_file:file r_file_perms;
allow shell aee_exp_data_file:dir r_dir_perms;
allow shell aee_exp_data_file:file r_file_perms;

5
plat_private/aee_aed.te
View File

@ -139,7 +139,10 @@ allow aee_aed crash_dump:file r_file_perms;
allow aee_aed proc_version:file { read open }; allow aee_aed proc_version:file { read open };
# Purpose : allow aee_aed self to sys_nice/chown # Purpose : allow aee_aed self to sys_nice/chown
allow aee_aed self:capability { sys_nice chown }; allow aee_aed self:capability { sys_nice chown fowner};
# Purpose: Allow aee_aed to write /sys/kernel/debug/tracing/snapshot # Purpose: Allow aee_aed to write /sys/kernel/debug/tracing/snapshot
userdebug_or_eng(`allow aee_aed debugfs_tracing_debug:file { write open };') userdebug_or_eng(`allow aee_aed debugfs_tracing_debug:file { write open };')
# Purpose: Allow aee_aed self to sys_ptrace
userdebug_or_eng(`allow aee_aed self:capability sys_ptrace;')

5
plat_private/dumpstate.te
View File

@ -45,5 +45,8 @@ allow dumpstate hal_camera_hwservice:hwservice_manager find;
#Purpose: Allow dumpstate to read/write /sys/kernel/debug/tracing/buffer_total_size_kb #Purpose: Allow dumpstate to read/write /sys/kernel/debug/tracing/buffer_total_size_kb
userdebug_or_eng(`allow dumpstate debugfs_tracing_debug:file { r_file_perms write };') userdebug_or_eng(`allow dumpstate debugfs_tracing_debug:file { r_file_perms write };')
# Purpose: Allow aee_dumpstate to write /sys/devices/virtual/timed_output/vibrator/enable # Purpose: Allow dumpstate to write /sys/devices/virtual/timed_output/vibrator/enable
allow dumpstate sysfs_vibrator:file write; allow dumpstate sysfs_vibrator:file write;
# Purpose : Allow dumpstate self to sys_nice
allow dumpstate self:capability sys_nice;