From 923a563374eca97dfa9c3433788e644b9dd5f83b Mon Sep 17 00:00:00 2001
From: Legis Lu <legis.lu@mediatek.com>
Date: Sat, 18 Jan 2020 09:46:52 +0800
Subject: [PATCH] [ALPS03917508] remvoe neverallow rule for Android P

Update the rule of MM feature to follow Android P

MTK-Commit-Id: c1c04c0eb241b562ee73a0aaf250a8604c2a2093

Change-Id: Iac8c86c545cf53d7e837884fb34335a80ebb749e
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
CR-Id: ALPS03917508
---
 non_plat/mediaserver.te | 25 +++++++++++++------------
 1 file changed, 13 insertions(+), 12 deletions(-)

diff --git a/non_plat/mediaserver.te b/non_plat/mediaserver.te
index 223c0a2..c13cb9c 100644
--- a/non_plat/mediaserver.te
+++ b/non_plat/mediaserver.te
@@ -23,12 +23,12 @@ allow mediaserver lens_device:chr_file rw_file_perms;
 allow mediaserver sdcard_type:dir { w_dir_perms create };
 allow mediaserver sdcard_type:file create;
 typeattribute mediaserver data_between_core_and_vendor_violators;
-allow mediaserver nvram_data_file:dir w_dir_perms;
-allow mediaserver nvram_data_file:file create_file_perms;
+#allow mediaserver nvram_data_file:dir w_dir_perms;
+#allow mediaserver nvram_data_file:file create_file_perms;
 allow mediaserver nvram_data_file:lnk_file read;
 allow mediaserver nvdata_file:lnk_file read;
-allow mediaserver nvdata_file:dir w_dir_perms;
-allow mediaserver nvdata_file:file create_file_perms;
+#allow mediaserver nvdata_file:dir w_dir_perms;
+#allow mediaserver nvdata_file:file create_file_perms;
 allow mediaserver sdcard_type:dir remove_name;
 allow mediaserver sdcard_type:file unlink;
 
@@ -153,9 +153,9 @@ allow mediaserver audiohal_prop:property_service set;
 # Data : WK14.39
 # Operation : Migration
 # Purpose : HW encrypt SW codec
-allow mediaserver mediaserver_data_file:file create_file_perms;
-allow mediaserver mediaserver_data_file:dir create_dir_perms;
-allow mediaserver sec_device:chr_file r_file_perms;
+#allow mediaserver mediaserver_data_file:file create_file_perms;
+#allow mediaserver mediaserver_data_file:dir create_dir_perms;
+#allow mediaserver sec_device:chr_file r_file_perms;
 
 # Date : WK14.40
 # Operation : Migration
@@ -224,8 +224,8 @@ allow mediaserver sysfs_lowmemorykiller:file { read open };
 allow mediaserver proc_mtkcooler:dir search;
 allow mediaserver proc_mtktz:dir search;
 allow mediaserver proc_thermal:dir search;
-allow mediaserver thermal_manager_data_file:file create_file_perms;
-allow mediaserver thermal_manager_data_file:dir { rw_dir_perms setattr };
+#allow mediaserver thermal_manager_data_file:file create_file_perms;
+#allow mediaserver thermal_manager_data_file:dir { rw_dir_perms setattr };
 
 # Date : WK14.46
 # Operation : Migration
@@ -285,8 +285,8 @@ allow mediaserver surfaceflinger:fifo_file {read write};
 
 # Date : WK15.45
 # Purpose : camera read/write /nvcfg/camera data
-allow mediaserver nvcfg_file:dir create_dir_perms;
-allow mediaserver nvcfg_file:file create_file_perms;
+#allow mediaserver nvcfg_file:dir create_dir_perms;
+#allow mediaserver nvcfg_file:file create_file_perms;
 
 
 # Date : WK15.46
@@ -306,7 +306,8 @@ allow mediaserver camera_tsf_device:chr_file rw_file_perms;
 # Purpose : add permission for thermal manager
 domain_auto_trans(mediaserver, thermal_manager_exec, thermal_manager)
 typeattribute mediaserver system_executes_vendor_violators;
-allow mediaserver thermal_manager_exec:file { read getattr open execute};
+#allow mediaserver thermal_manager_exec:file { read getattr open execute};
+allow mediaserver thermal_manager_exec:file { read getattr open};
 
 # Date : WK16.32
 # Operation : N Migration