[ALPS04700799] Align keymanager sepolicy with p0.mp6
Align keymanager sepolicy with p0.mp6 MTK-Commit-Id: 24a187bc32e2be7663abb880c07659834d71f4b0 Change-Id: Ia98525be2155dcf3261633d1e6c25a775426068d CR-Id: ALPS04700799 Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
This commit is contained in:
Yifei Qiao
parent
8ae5f3bd2c
commit
9708912e27
@ -230,6 +230,8 @@ type vbmeta_block_device, dev_type;
|
||||
type alarm_device, dev_type;
|
||||
type mdp_device, dev_type;
|
||||
type mrdump_device, dev_type;
|
||||
type kb_block_device,dev_type;
|
||||
type dkb_block_device,dev_type;
|
||||
|
||||
##########################
|
||||
# Sensor common Devices Start
|
||||
|
||||
@ -357,6 +357,10 @@ type sysfs_power_off_vol, fs_type, sysfs_type;
|
||||
type sysfs_fg_disable, fs_type, sysfs_type;
|
||||
type sysfs_dis_nafg, fs_type, sysfs_type;
|
||||
|
||||
# drm key manager
|
||||
type provision_file, file_type, data_file_type;
|
||||
type key_install_data_file, file_type, data_file_type;
|
||||
|
||||
# Date : WK18.16
|
||||
# Purpose: Android Migration
|
||||
type sysfs_mmcblk, fs_type, sysfs_type;
|
||||
@ -367,4 +371,4 @@ type netd_socket, file_type, coredomain_socket;
|
||||
|
||||
# Date : WK19.27
|
||||
# Purpose: Android Migration for SVP
|
||||
type proc_m4u, fs_type, proc_type;
|
||||
type proc_m4u, fs_type, proc_type;
|
||||
|
||||
@ -65,6 +65,7 @@
|
||||
/data/vendor/stp_dump(/.*)? u:object_r:stp_dump_data_file:s0
|
||||
/data/vendor/mediadrm(/.*)? u:object_r:mediadrm_vendor_data_file:s0
|
||||
/data/vendor/dipdebug(/.*)? u:object_r:aee_dipdebug_vendor_file:s0
|
||||
/data/vendor/key_provisioning(/.*)? u:object_r:key_install_data_file:s0
|
||||
|
||||
# Misc data
|
||||
#/data/misc/acdapi(/.*)? u:object_r:acdapi_data_file:s0
|
||||
@ -479,6 +480,12 @@
|
||||
/dev/block/platform/bootdevice/by-name/loader_ext(_[ab])? u:object_r:loader_ext_block_device:s0
|
||||
/dev/block/platform/bootdevice/by-name/vbmeta(_system|_vendor)?(_[ab])? u:object_r:vbmeta_block_device:s0
|
||||
|
||||
# Key manager
|
||||
/dev/block/platform/bootdevice/by-name/kb u:object_r:kb_block_device:s0
|
||||
/dev/block/platform/bootdevice/by-name/dkb u:object_r:dkb_block_device:s0
|
||||
/dev/kb u:object_r:kb_block_device:s0
|
||||
/dev/dkb u:object_r:dkb_block_device:s0
|
||||
|
||||
# W19.23 Q new feature - Userdata Checkpoint
|
||||
/dev/block/by-name/md_udc u:object_r:metadata_block_device:s0
|
||||
|
||||
@ -549,6 +556,7 @@
|
||||
/(system\/vendor|vendor)/bin/thermalloadalgod u:object_r:thermalloadalgod_exec:s0
|
||||
/(system\/vendor|vendor)/bin/lbs_hidl_service u:object_r:lbs_hidl_service_exec:s0
|
||||
/(system\/vendor|vendor)/bin/meta_tst u:object_r:meta_tst_exec:s0
|
||||
/(system\/vendor|vendor)/bin/kisd u:object_r:kisd_exec:s0
|
||||
|
||||
/(system\/vendor|vendor)/bin/fm_hidl_service u:object_r:fm_hidl_service_exec:s0
|
||||
/(system\/vendor|vendor)/bin/wlan_assistant u:object_r:wlan_assistant_exec:s0
|
||||
|
||||
@ -6,6 +6,7 @@
|
||||
# Type Declaration
|
||||
# ==============================================
|
||||
|
||||
type kisd ,domain;
|
||||
type kisd_exec, exec_type, file_type, vendor_file_type;
|
||||
typeattribute kisd mlstrustedsubject;
|
||||
|
||||
@ -18,7 +19,6 @@ init_daemon_domain(kisd)
|
||||
allow kisd tee_device:chr_file {read write open ioctl};
|
||||
allow kisd provision_file:dir {read write open ioctl add_name search remove_name};
|
||||
allow kisd provision_file:file {create read write open getattr unlink};
|
||||
#allow kisd system_file:file {execute_no_trans};
|
||||
allow kisd block_device:dir {read write open ioctl search};
|
||||
allow kisd kb_block_device:blk_file {read write open ioctl getattr};
|
||||
allow kisd dkb_block_device:blk_file {read write open ioctl getattr};
|
||||
@ -26,6 +26,7 @@ allow kisd key_install_data_file:dir {write remove_name add_name};
|
||||
allow kisd key_install_data_file:file {write getattr read create unlink open};
|
||||
allow kisd key_install_data_file:dir search;
|
||||
allow kisd mtd_device:chr_file { open read write };
|
||||
allow kisd mtd_device:blk_file { open read write ioctl getattr};
|
||||
allow kisd mtd_device:dir { search };
|
||||
allow kisd kb_block_device:chr_file {read write open ioctl getattr};
|
||||
allow kisd dkb_block_device:chr_file {read write open ioctl getattr};
|
||||
@ -25,7 +25,6 @@
|
||||
/system/bin/aee_aed u:object_r:aee_aed_exec:s0
|
||||
/system/bin/aee_aed64 u:object_r:aee_aed_exec:s0
|
||||
/system/bin/aee_dumpstate u:object_r:dumpstate_exec:s0
|
||||
/(system\/vendor|vendor)/bin/kisd u:object_r:kisd_exec:s0
|
||||
/system/bin/lbs_dbg u:object_r:lbs_dbg_exec:s0
|
||||
|
||||
# google suggest that move aee_aedv_exec to platform @google_issue_id:64130120
|
||||
@ -33,9 +32,6 @@
|
||||
/(system\/vendor|vendor)/bin/aee_aedv64 u:object_r:aee_aedv_exec:s0
|
||||
/vendor/bin/aeev u:object_r:aee_aedv_exec:s0
|
||||
|
||||
# kisd for Key Manager
|
||||
/data/vendor/key_provisioning(/.*)? u:object_r:key_install_data_file:s0
|
||||
|
||||
# storagemanager daemon
|
||||
# it is used to mount all storages in meta/factory mode
|
||||
/system/bin/storagemanagerd u:object_r:vold_exec:s0
|
||||
|
||||
@ -2,6 +2,4 @@
|
||||
# MTK Policy Rule
|
||||
# ==============================================
|
||||
|
||||
type kb_block_device,dev_type;
|
||||
type dkb_block_device,dev_type;
|
||||
type mtd_device, dev_type;
|
||||
|
||||
@ -2,9 +2,5 @@
|
||||
# MTK Policy Rule
|
||||
# ==============================================
|
||||
|
||||
#for drm key install
|
||||
type provision_file, file_type, data_file_type;
|
||||
type key_install_data_file, file_type, data_file_type;
|
||||
|
||||
# lbs debug file
|
||||
type lbs_dbg_data_file, file_type, data_file_type, core_data_file_type;
|
||||
|
||||
@ -1,9 +0,0 @@
|
||||
# ==============================================
|
||||
# Policy File of /vendor/bin/kisd Executable File
|
||||
|
||||
|
||||
# ==============================================
|
||||
# Type Declaration
|
||||
# ==============================================
|
||||
|
||||
type kisd ,domain;
|
||||
@ -22,7 +22,6 @@
|
||||
/system/bin/audiocmdservice_atci u:object_r:audiocmdservice_atci_exec:s0
|
||||
/system/bin/boot_logo_updater u:object_r:boot_logo_updater_exec:s0
|
||||
/system/bin/meta_tst u:object_r:meta_tst_exec:s0
|
||||
/(system\/vendor|vendor)/bin/kisd u:object_r:kisd_exec:s0
|
||||
/system/bin/pre_meta u:object_r:pre_meta_exec:s0
|
||||
/system/bin/factory u:object_r:factory_exec:s0
|
||||
|
||||
@ -30,9 +29,6 @@
|
||||
/(system\/vendor|vendor)/bin/aee_aedv u:object_r:aee_aedv_exec:s0
|
||||
/(system\/vendor|vendor)/bin/aee_aedv64 u:object_r:aee_aedv_exec:s0
|
||||
|
||||
# kisd for Key Manager
|
||||
/data/vendor/key_provisioning(/.*)? u:object_r:key_install_data_file:s0
|
||||
|
||||
# storagemanager daemon
|
||||
# it is used to mount all storages in meta/factory mode
|
||||
/system/bin/storagemanagerd u:object_r:storagemanagerd_exec:s0
|
||||
|
||||
@ -1,31 +0,0 @@
|
||||
# ==============================================
|
||||
# Policy File of /vendor/bin/kisd Executable File
|
||||
|
||||
|
||||
# ==============================================
|
||||
# Type Declaration
|
||||
# ==============================================
|
||||
|
||||
type kisd_exec, exec_type, file_type, vendor_file_type;
|
||||
typeattribute kisd mlstrustedsubject;
|
||||
|
||||
# ==============================================
|
||||
# MTK Policy Rule
|
||||
# ==============================================
|
||||
|
||||
init_daemon_domain(kisd)
|
||||
|
||||
allow kisd tee_device:chr_file {read write open ioctl};
|
||||
allow kisd provision_file:dir {read write open ioctl add_name search remove_name};
|
||||
allow kisd provision_file:file {create read write open getattr unlink};
|
||||
#allow kisd system_file:file {execute_no_trans};
|
||||
allow kisd block_device:dir {read write open ioctl search};
|
||||
allow kisd kb_block_device:blk_file {read write open ioctl getattr};
|
||||
allow kisd dkb_block_device:blk_file {read write open ioctl getattr};
|
||||
allow kisd key_install_data_file:dir {write remove_name add_name};
|
||||
allow kisd key_install_data_file:file {write getattr read create unlink open};
|
||||
allow kisd key_install_data_file:dir search;
|
||||
allow kisd mtd_device:chr_file { open read write };
|
||||
allow kisd mtd_device:dir { search };
|
||||
allow kisd kb_block_device:chr_file {read write open ioctl getattr};
|
||||
allow kisd dkb_block_device:chr_file {read write open ioctl getattr};
|
||||
@ -1,6 +0,0 @@
|
||||
# ==============================================
|
||||
# MTK Policy Rule
|
||||
# ==============================================
|
||||
|
||||
type kb_block_device,dev_type;
|
||||
type dkb_block_device,dev_type;
|
||||
@ -1,7 +0,0 @@
|
||||
# ==============================================
|
||||
# MTK Policy Rule
|
||||
# ==============================================
|
||||
|
||||
#for drm key install
|
||||
type provision_file, file_type, data_file_type;
|
||||
type key_install_data_file, file_type, data_file_type;
|
||||
@ -1,9 +0,0 @@
|
||||
# ==============================================
|
||||
# Policy File of /vendor/bin/kisd Executable File
|
||||
|
||||
|
||||
# ==============================================
|
||||
# Type Declaration
|
||||
# ==============================================
|
||||
|
||||
type kisd ,domain;
|
||||
Loading…
x
Reference in New Issue
Block a user