From f1cabb065e55fca7772e67783acb21848bfbf84f Mon Sep 17 00:00:00 2001 From: chien-wei hsu Date: Sat, 18 Jan 2020 09:42:13 +0800 Subject: [PATCH] [ALPS03898061] SeLinux: remove violate setting [Detail] remove workaround of data between core and vendor violator 1. remove audioserver.te violated setting violated by allow audioserver nvdata_file:dir violated by allow audioserver nvram_data_file:dir violated by allow audioserver thermal_manager_data_file:dir violated by allow audioserver mtk_audiohal_data_file:dir violated by allow audioserver thermal_manager_data_file:file violated by allow audioserver nvram_data_file:file violated by allow audioserver nvdata_file:file 2. remove mtk_hal_audio.te violated setting violated by allow mtk_hal_audio system_data_file:dir violated by allow mtk_hal_audio media_rw_data_file:dir violated by allow mtk_hal_audio radio_data_file:dir violated by allow mtk_hal_audio radio_data_file:file violated by allow mtk_hal_audio system_data_file:lnk_file violated by allow mtk_hal_audio system_data_file:file violated by allow mtk_hal_audio media_rw_data_file:file audiohal_data_file is defined as core_data_file_type it cant use in vendor partition. temporarily remove it. MTK-Commit-Id: c0453cc6ede361322deb8f138055accc473511b8 Change-Id: I15649ad3351f1a7ee29956668862aad05efc0778 CR-Id: ALPS03898061 Feature: Phone Sound --- non_plat/audioserver.te | 20 -------------------- non_plat/mtk_hal_audio.te | 21 ++------------------- 2 files changed, 2 insertions(+), 39 deletions(-) diff --git a/non_plat/audioserver.te b/non_plat/audioserver.te index e676994..d0c6303 100644 --- a/non_plat/audioserver.te +++ b/non_plat/audioserver.te @@ -24,9 +24,6 @@ allow audioserver sysfs_lowmemorykiller:file { read open }; allow audioserver proc_mtkcooler:dir search; allow audioserver proc_mtktz:dir search; allow audioserver proc_thermal:dir search; -typeattribute audioserver data_between_core_and_vendor_violators; -allow audioserver thermal_manager_data_file:file create_file_perms; -allow audioserver thermal_manager_data_file:dir { rw_dir_perms setattr }; # Date : WK15.03 # Operation : Migration @@ -67,20 +64,3 @@ allow audioserver aee_aed:unix_stream_socket connectto; allow audioserver mtk_thermal_config_prop:file { getattr open read }; allow audioserver mtk_thermal_config_prop:property_service set; -# Date : WK17.42 -# Operation : MT6737m CTS -# Purpose : Read compensation filter parameter from nvram data -allow audioserver nvdata_file:dir r_dir_perms; -allow audioserver nvdata_file:file r_file_perms; - -# Date : WK17.42 -# Operation : ALPS03606059 -allow audioserver mtk_audiohal_data_file:dir r_dir_perms; - -# Date : WK17.49 -# Operation : Migration -# Purpose : Read audio loudness parameter from nvram data -allow audioserver nvdata_file:dir write; -allow audioserver nvram_data_file:dir w_dir_perms; -allow audioserver nvram_data_file:file create_file_perms; -allow audioserver nvram_data_file:lnk_file read; \ No newline at end of file diff --git a/non_plat/mtk_hal_audio.te b/non_plat/mtk_hal_audio.te index 0bd4263..7695176 100644 --- a/non_plat/mtk_hal_audio.te +++ b/non_plat/mtk_hal_audio.te @@ -14,8 +14,8 @@ allow mtk_hal_audio system_file:dir { open read }; userdebug_or_eng(` # used for pcm capture for debug. - allow mtk_hal_audio audiohal_data_file:dir create_dir_perms; - allow mtk_hal_audio audiohal_data_file:file create_file_perms; + #allow mtk_hal_audio audiohal_data_file:dir create_dir_perms; + #allow mtk_hal_audio audiohal_data_file:file create_file_perms; ') r_dir_file(mtk_hal_audio, proc) @@ -47,8 +47,6 @@ allow mtk_hal_audio nvdata_file:dir w_dir_perms; allow mtk_hal_audio nvdata_file:file create_file_perms; allow mtk_hal_audio sdcard_type:dir remove_name; allow mtk_hal_audio sdcard_type:file unlink; -typeattribute mtk_hal_audio data_between_core_and_vendor_violators; -allow mtk_hal_audio system_data_file:lnk_file read; # Date : WK14.34 # Operation : Migration @@ -61,7 +59,6 @@ allow mtk_hal_audio self:netlink_kobject_uevent_socket { create setopt bind }; # Operation : Migration # Purpose : Smartcard Service allow mtk_hal_audio self:netlink_kobject_uevent_socket read; -allow mtk_hal_audio system_data_file:file open; # Date : WK14.36 # Operation : Migration @@ -147,12 +144,6 @@ allow mtk_hal_audio proc_thermal:dir search; allow mtk_hal_audio thermal_manager_data_file:file create_file_perms; allow mtk_hal_audio thermal_manager_data_file:dir { rw_dir_perms setattr }; -# Data : WK14.46 -# Operation : Migration -# Purpose : for SMS app -allow mtk_hal_audio radio_data_file:dir search; -allow mtk_hal_audio radio_data_file:file open; - # Data : WK14.47 # Operation : Audio playback # Purpose : Music as ringtone @@ -172,7 +163,6 @@ allow mtk_hal_audio offloadservice_device:chr_file rw_file_perms; # Date : WK15.34 # Operation : Migration # Purpose: for camera middleware dump image buffer to sdcard & audio frameworks dump -allow mtk_hal_audio system_data_file:dir write; allow mtk_hal_audio storage_file:dir search; allow mtk_hal_audio storage_file:lnk_file {read write}; allow mtk_hal_audio mnt_user_file:dir {write read search}; @@ -197,7 +187,6 @@ allow mtk_hal_audio sysfs_ccci:dir search; allow mtk_hal_audio debugfs_binder:dir search; allow mtk_hal_audio kmsg_device:chr_file { open write }; allow mtk_hal_audio property_socket:sock_file write; -allow mtk_hal_audio media_rw_data_file:dir { create_dir_perms }; allow mtk_hal_audio fuse:file rw_file_perms; allow mtk_hal_audio init:unix_stream_socket connectto; @@ -220,10 +209,6 @@ allow mtk_hal_audio proc_ged:file {open read write ioctl getattr}; set_prop(mtk_hal_audio,hwservicemanager_prop); allow mtk_hal_audio storage_file:dir search; -# Date : W18.01 -# Add for turn on SElinux in enforcing mode -allow mtk_hal_audio system_data_file:lnk_file r_file_perms; - # Fix bootup violation allow mtk_hal_audio fuse:dir read; @@ -240,8 +225,6 @@ allow mtk_hal_audio self:capability sys_nice; # Audio Tuning Tool Android O porting binder_call(mtk_hal_audio,audiocmdservice_atci); -# audio dump -allow mtk_hal_audio media_rw_data_file:file { create read write open append getattr }; # Add for control PowerHAL allow mtk_hal_audio mtk_hal_power_hwservice:hwservice_manager find;