From 725c0b46e124d91565e88f86afd788434bc090fb Mon Sep 17 00:00:00 2001 From: Yanjie Jiang Date: Sat, 18 Jan 2020 10:19:29 +0800 Subject: [PATCH] [ALPS04760260] ccci: delete rule not used Change sepolicy rule for security. MTK-Commit-Id: 0fe0072748de8b9077117a9d4d67bebea46cf9ec Change-Id: I85a2991ffa2928330989a53ad0597d403274ccce CR-Id: ALPS04760260 Feature: Modem Interface Driver Signed-off-by: Yanjie Jiang --- non_plat/ccci_fsd.te | 6 +++--- non_plat/ccci_mdinit.te | 4 ---- non_plat/file.te | 1 + non_plat/file_contexts | 1 + 4 files changed, 5 insertions(+), 7 deletions(-) diff --git a/non_plat/ccci_fsd.te b/non_plat/ccci_fsd.te index 370fb23..4f5e6a6 100644 --- a/non_plat/ccci_fsd.te +++ b/non_plat/ccci_fsd.te @@ -44,9 +44,9 @@ allow ccci_fsd otp_device:chr_file rw_file_perms; allow ccci_fsd sysfs:file r_file_perms; allow ccci_fsd sysfs_boot_type:file { read open }; #============= ccci_fsd MD block data============== +##restore>NVM_GetDeviceInfo>open /dev/block/platform/bootdevice/by-name/nvram allow ccci_fsd block_device:dir search; allow ccci_fsd nvram_device:blk_file rw_file_perms; -allow ccci_fsd bootdevice_block_device:blk_file rw_file_perms; allow ccci_fsd nvdata_device:blk_file rw_file_perms; #============= ccci_fsd cryption related ============== allow ccci_fsd rawfs:dir create_dir_perms; @@ -63,7 +63,7 @@ allow ccci_fsd kmsg_device:chr_file w_file_perms; allow ccci_fsd proc_lk_env:file rw_file_perms; #============= ccci_fsd MD Low Power Monitor Related ============== -allow ccci_fsd vendor_data_file:dir create_dir_perms; -allow ccci_fsd vendor_data_file:file create_file_perms; +allow ccci_fsd ccci_data_md1_file:dir create_dir_perms; +allow ccci_fsd ccci_data_md1_file:file create_file_perms; allow ccci_fsd sysfs_mmcblk:dir search; allow ccci_fsd sysfs_mmcblk:file { read getattr open }; diff --git a/non_plat/ccci_mdinit.te b/non_plat/ccci_mdinit.te index 11d33c7..3245459 100644 --- a/non_plat/ccci_mdinit.te +++ b/non_plat/ccci_mdinit.te @@ -71,15 +71,11 @@ allow ccci_mdinit protect_s_data_file:dir rw_dir_perms; allow ccci_mdinit protect_s_data_file:file create_file_perms; allow ccci_mdinit nvram_device:blk_file rw_file_perms; allow ccci_mdinit nvdata_device:blk_file rw_file_perms; -allow ccci_mdinit bootdevice_block_device:blk_file rw_file_perms; set_prop(ccci_mdinit, ril_mux_report_case_prop) allow ccci_mdinit ccci_cfg_file:dir create_dir_perms; allow ccci_mdinit ccci_cfg_file:file create_file_perms; -allow ccci_mdinit block_device:dir search; -allow ccci_mdinit preloader_block_device:blk_file r_file_perms; -allow ccci_mdinit secro_block_device:blk_file r_file_perms; #===============security relate ========================== allow ccci_mdinit preloader_device:chr_file rw_file_perms; allow ccci_mdinit misc_sd_device:chr_file r_file_perms; diff --git a/non_plat/file.te b/non_plat/file.te index e44df6c..a8db089 100644 --- a/non_plat/file.te +++ b/non_plat/file.te @@ -137,6 +137,7 @@ type sf_rtt_file, file_type, data_file_type, core_data_file_type; type rild-dongle_socket, file_type; type ccci_cfg_file, file_type, data_file_type; +type ccci_data_md1_file, file_type, data_file_type; type c2k_file, file_type, data_file_type; #For sensor type sensor_data_file, file_type, data_file_type; diff --git a/non_plat/file_contexts b/non_plat/file_contexts index ca2cb8e..70028c4 100644 --- a/non_plat/file_contexts +++ b/non_plat/file_contexts @@ -28,6 +28,7 @@ /data/vendor/gps(/.*)? u:object_r:gps_data_file:s0 /data/anr/SF_RTT(/.*)? u:object_r:sf_rtt_file:s0 /data/vendor/ccci_cfg(/.*)? u:object_r:ccci_cfg_file:s0 +/data/vendor/mdlpm(/.*)? u:object_r:ccci_data_md1_file:s0 /data/vendor/flashless(/.*)? u:object_r:c2k_file:s0 /data/core(/.*)? u:object_r:aee_core_data_file:s0 /data/vendor/core(/.*)? u:object_r:aee_core_vendor_file:s0