From 8c75cd68e6d7269fbc3c1c8164fd1d064df303bb Mon Sep 17 00:00:00 2001
From: Lili Lin <lili.lin@mediatek.com>
Date: Sat, 18 Jan 2020 09:59:13 +0800
Subject: [PATCH] [ALPS03934986] Add mtk_default_prop

1. We have too many config properties set by PRODUCT_PROPERTY_OVERRIDES,
and these properties usually are not sensitive and allow all processes to read.
2. Since Android P, properties should follow naming rule to add "vendor",
and then this will cause properties to be labeled as vendor_default_prop.
By default, coredomain is not granted to read vendor_default_prop.
Actually these properties are read widely from system/vendor processes.
3. So we introduce "mtk_default_prop" type that grant read access to
all processes, including system and vendor.

MTK-Commit-Id: 18077a2cb14b7b1ddadb7000e8abb565f0fd49e3

Change-Id: Ia378db3dbb9d0bf388139be3419e013228c79d6e
CR-Id: ALPS03934986
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
---
 non_plat/property.te       |  4 +++-
 non_plat/property_contexts | 18 ++++++++++++++++++
 non_plat/vendor_init.te    |  2 ++
 3 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/non_plat/property.te b/non_plat/property.te
index 4415571..e4b6e66 100644
--- a/non_plat/property.te
+++ b/non_plat/property.te
@@ -1,7 +1,9 @@
 # ==============================================
 # MTK Policy Rule
 # ==============================================
-type mtk_default_prop, property_type;
+
+# MTK properties, allow all system/vendor processes to read.
+type mtk_default_prop, property_type, mtk_core_property_type;
 
 # Date: W14.32
 # Operation: Migration
diff --git a/non_plat/property_contexts b/non_plat/property_contexts
index 095aae3..af1bf42 100644
--- a/non_plat/property_contexts
+++ b/non_plat/property_contexts
@@ -231,3 +231,21 @@ ro.vendor.mtk_pq_color_mode u:object_r:mtk_pq_ro_prop:s0
 ro.vendor.mtk_blulight_def_support u:object_r:mtk_pq_ro_prop:s0
 ro.vendor.mtk_chameleon_support u:object_r:mtk_pq_ro_prop:s0
 ro.vendor.mtk_pq_support u:object_r:mtk_pq_ro_prop:s0
+
+# Mtk properties that allow all system/vendor processes to read.
+# Usually they are config properties (but not limited to)
+ro.vendor.mtk_gmo_ram_optimize u:object_r:mtk_default_prop:s0
+ro.vendor.mtk_tdd_data_only_support u:object_r:mtk_default_prop:s0
+ro.vendor.mtk_audio_alac_support u:object_r:mtk_default_prop:s0
+ro.vendor.mtk_support_mp2_playback u:object_r:mtk_default_prop:s0
+ro.vendor.mtk_audio_ape_support u:object_r:mtk_default_prop:s0
+ro.vendor.mtk_flv_playback_support u:object_r:mtk_default_prop:s0
+ro.vendor.mtk_mtkps_playback_support u:object_r:mtk_default_prop:s0
+ro.vendor.mtk_wmv_playback_support u:object_r:mtk_default_prop:s0
+ro.vendor.mtk_wearable_platform u:object_r:mtk_default_prop:s0
+ro.vendor.mediatek.platform u:object_r:mtk_default_prop:s0
+ro.vendor.mediatek.version.branch u:object_r:mtk_default_prop:s0
+ro.vendor.mediatek.version.release u:object_r:mtk_default_prop:s0
+vendor.met.running u:object_r:mtk_default_prop:s0
+vendor.sys.boot.reason u:object_r:mtk_default_prop:s0
+persist.vendor.sys.activitylog u:object_r:mtk_default_prop:s0
diff --git a/non_plat/vendor_init.te b/non_plat/vendor_init.te
index 647b111..9f9d1ca 100644
--- a/non_plat/vendor_init.te
+++ b/non_plat/vendor_init.te
@@ -29,3 +29,5 @@ set_prop(vendor_init, mtk_gps_support_prop)
 set_prop(vendor_init, mtk_rat_config_prop)
 set_prop(vendor_init, mtk_aal_ro_prop)
 set_prop(vendor_init, mtk_pq_ro_prop)
+set_prop(vendor_init, mtk_default_prop)
+