NekoSakura/android_device_mediatek_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[ALPS04428522] Add selinux policy for svp

Browse Source 
[Detail] For android Q, we need to add more policy for secure video playback

MTK-Commit-Id: 49b4ab8e0047f4a5002c82af075c77e8bc4e790f

Change-Id: Ib81885e40b14416b57e0776c56cb85591509501a
CR-Id: ALPS04428522
Feature: Trustonic TEE (Trusted Execution Environment)
This commit is contained in:
sharon.feng 2020-01-18 10:16:31 +08:00 committed by Sharon Feng
parent b3838f31bb
commit 8a77128e9d
4 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
non_plat/file.te
View File

@ -355,3 +355,7 @@ type sysfs_mmcblk, fs_type, sysfs_type;
type aee_dipdebug_vendor_file, file_type, data_file_type; type aee_dipdebug_vendor_file, file_type, data_file_type;
type netd_socket, file_type, coredomain_socket; type netd_socket, file_type, coredomain_socket;
# Date : WK19.27
# Purpose: Android Migration for SVP
type proc_m4u, fs_type, proc_type;

3
non_plat/genfs_contexts
View File

@ -128,3 +128,6 @@ genfscon sysfs /devices/platform/battery/Power_Off_Voltage u:object_r:sysfs_powe
genfscon sysfs /devices/platform/battery/FG_daemon_disable u:object_r:sysfs_fg_disable:s0 genfscon sysfs /devices/platform/battery/FG_daemon_disable u:object_r:sysfs_fg_disable:s0
genfscon sysfs /devices/platform/battery/disable_nafg u:object_r:sysfs_dis_nafg:s0 genfscon sysfs /devices/platform/battery/disable_nafg u:object_r:sysfs_dis_nafg:s0
# Date : WK19.27
# Purpose: Android Migration for SVP
genfscon proc /m4u u:object_r:proc_m4u:s0

3
non_plat/ioctl_defines
View File

@ -58,3 +58,6 @@ define(`JPG_BRIDGE_ENC_IO_CONFIG', `0x780c')
define(`JPG_BRIDGE_ENC_IO_WAIT', `0x780d') define(`JPG_BRIDGE_ENC_IO_WAIT', `0x780d')
define(`JPG_BRIDGE_ENC_IO_DEINIT', `0x780e') define(`JPG_BRIDGE_ENC_IO_DEINIT', `0x780e')
define(`JPG_BRIDGE_ENC_IO_START', `0x780f') define(`JPG_BRIDGE_ENC_IO_START', `0x780f')
#####################################
# m4u_priv.h
define(`MTK_M4U_T_SEC_INIT', `0x6732')

8
non_plat/mediacodec.te
View File

@ -16,10 +16,9 @@ allow mediacodec Vcodec_device:chr_file rw_file_perms;
# Operation : Migration # Operation : Migration
# Purpose : VP & VR dump and debug # Purpose : VP & VR dump and debug
allow mediacodec M4U_device_device:chr_file rw_file_perms; allow mediacodec M4U_device_device:chr_file rw_file_perms;
allow mediacodec proc:file {open read}; allow mediacodec proc:file r_file_perms;
allow mediacodec sysfs:file {read write open}; allow mediacodec sysfs:file {read write open};
allow mediacodec debugfs_binder:dir search; allow mediacodec debugfs_binder:dir search;
allow mediacodec proc:file { getattr ioctl };
allow mediacodec MTK_SMI_device:chr_file { ioctl read open }; allow mediacodec MTK_SMI_device:chr_file { ioctl read open };
allow mediacodec storage_file:lnk_file {read write open}; allow mediacodec storage_file:lnk_file {read write open};
allow mediacodec tmpfs:dir search; allow mediacodec tmpfs:dir search;
@ -143,3 +142,8 @@ set_prop(mediacodec, mtk_thermal_config_prop)
allow mediacodec graphics_device:chr_file { ioctl open read }; allow mediacodec graphics_device:chr_file { ioctl open read };
allow mediacodec graphics_device:dir search; allow mediacodec graphics_device:dir search;
# Date : WK19.27
# Purpose: Android Migration for SVP
allow mediacodec proc_m4u:file r_file_perms;
allowxperm mediacodec proc_m4u:file ioctl MTK_M4U_T_SEC_INIT;