[ALPS03934986] Add mtk_default_prop

1. We have too many config properties set by PRODUCT_PROPERTY_OVERRIDES, and these properties usually are not sensitive and allow all processes to read. 2. Since Android P, properties should follow naming rule to add "vendor", and then this will cause properties to be labeled as vendor_default_prop. By default, coredomain is not granted to read vendor_default_prop. Actually these properties are read widely from system/vendor processes. 3. So we introduce "mtk_default_prop" type that grant read access to all processes, including system and vendor. MTK-Commit-Id: 18077a2cb14b7b1ddadb7000e8abb565f0fd49e3 Change-Id: Ia378db3dbb9d0bf388139be3419e013228c79d6e CR-Id: ALPS03934986 Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
2020-01-18 09:59:13 +08:00 · 2020-01-18 09:59:13 +08:00 · 8c75cd68e6
commit 8c75cd68e6
parent 7d98ad0f0f
3 changed files with 23 additions and 1 deletions
--- a/non_plat/property.te
+++ b/non_plat/property.te
@ -1,7 +1,9 @@
 # ==============================================
 # MTK Policy Rule
 # ==============================================
-type mtk_default_prop, property_type;
+
+# MTK properties, allow all system/vendor processes to read.
+type mtk_default_prop, property_type, mtk_core_property_type;

 # Date: W14.32
 # Operation: Migration
--- a/non_plat/property_contexts
+++ b/non_plat/property_contexts
@ -231,3 +231,21 @@ ro.vendor.mtk_pq_color_mode u:object_r:mtk_pq_ro_prop:s0
 ro.vendor.mtk_blulight_def_support u:object_r:mtk_pq_ro_prop:s0
 ro.vendor.mtk_chameleon_support u:object_r:mtk_pq_ro_prop:s0
 ro.vendor.mtk_pq_support u:object_r:mtk_pq_ro_prop:s0
+
+# Mtk properties that allow all system/vendor processes to read.
+# Usually they are config properties (but not limited to)
+ro.vendor.mtk_gmo_ram_optimize u:object_r:mtk_default_prop:s0
+ro.vendor.mtk_tdd_data_only_support u:object_r:mtk_default_prop:s0
+ro.vendor.mtk_audio_alac_support u:object_r:mtk_default_prop:s0
+ro.vendor.mtk_support_mp2_playback u:object_r:mtk_default_prop:s0
+ro.vendor.mtk_audio_ape_support u:object_r:mtk_default_prop:s0
+ro.vendor.mtk_flv_playback_support u:object_r:mtk_default_prop:s0
+ro.vendor.mtk_mtkps_playback_support u:object_r:mtk_default_prop:s0
+ro.vendor.mtk_wmv_playback_support u:object_r:mtk_default_prop:s0
+ro.vendor.mtk_wearable_platform u:object_r:mtk_default_prop:s0
+ro.vendor.mediatek.platform u:object_r:mtk_default_prop:s0
+ro.vendor.mediatek.version.branch u:object_r:mtk_default_prop:s0
+ro.vendor.mediatek.version.release u:object_r:mtk_default_prop:s0
+vendor.met.running u:object_r:mtk_default_prop:s0
+vendor.sys.boot.reason u:object_r:mtk_default_prop:s0
+persist.vendor.sys.activitylog u:object_r:mtk_default_prop:s0
--- a/non_plat/vendor_init.te
+++ b/non_plat/vendor_init.te
@ -29,3 +29,5 @@ set_prop(vendor_init, mtk_gps_support_prop)
 set_prop(vendor_init, mtk_rat_config_prop)
 set_prop(vendor_init, mtk_aal_ro_prop)
 set_prop(vendor_init, mtk_pq_ro_prop)
+set_prop(vendor_init, mtk_default_prop)
+