Merge "[ALPS04640303] SEPolicy: Fix app violation" into alps-trunk-q0.basic

Change-Id: I54a57ecf9ca4748c666aaf7f253e7c02e48db6b7
MTK-Commit-Id: 6d27da21401c62e0567e2e6c767f62b69c82fca7

non_plat/app.te

@@ -41,3 +41,8 @@ allow { appdomain -isolated_app } radio_data_file:file rw_file_perms;
 # Operation : Migration
 # Purpose : For app com.tencent.qqpimsecure
 allowxperm appdomain appdomain:fifo_file ioctl SNDCTL_TMR_START;
+
+# Date: 2019/06/17
+# Operation : Migration
+# Purpose : appdomain need get mtk_amslog_prop
+get_prop(appdomain, mtk_amslog_prop)

non_plat/platform_app.te

@@ -108,8 +108,3 @@ get_prop(platform_app, vendor_connsysfw_prop)
 # Purpose : JPEG need to use PQ via MMS HIDL
 allow platform_app mtk_hal_mms_hwservice:hwservice_manager find;
 allow platform_app mtk_hal_mms:binder call;
-
-# Date: 2019/06/14
-# Operation : Migration
-# Purpose : platform_app need get mtk_amslog_prop
-get_prop(platform_app, mtk_amslog_prop)

non_plat/system_app.te

@@ -37,6 +37,10 @@ allow system_app mtk_hal_mms:binder call;
 
 # Date: 2019/06/14
 # Operation : Migration
-# Purpose : system_app need get mtk_amslog_prop
-get_prop(system_app, mtk_amslog_prop)
+# Purpose : system_app need vendor_default_prop
 get_prop(system_app, vendor_default_prop)
+
+# Date: 2019/06/17
+# Operation : Migration
+# Purpose :allow system_app to read mtk_em_tel_log_prop
+get_prop(system_app, mtk_em_tel_log_prop)

non_plat/untrusted_app.te

@@ -10,19 +10,3 @@
 #					 from MTK kernel modules for thermal tests at OEM/ODM.
 allow untrusted_app proc_mtktz:dir search;
 allow untrusted_app proc_mtktz:file r_file_perms;
-
-# Date : 2017/08/01
-# Operation: SQC
-# Purpose : Allow Whatstemp, a MTK thermal logging tool, to log thermal related information
-# properly for thermal tests at OEM/ODM.
-allow untrusted_app_25 proc_mtktz:dir search;
-allow untrusted_app_25 proc_mtktz:file { getattr open read };
-allow untrusted_app_25 proc_thermal:dir search;
-allow untrusted_app_25 proc_thermal:file { getattr open read };
-
-allow untrusted_app_25 sysfs_fps:dir search;
-allow untrusted_app_25 sysfs_fps:file { getattr open read };
-allow untrusted_app_25 sysfs_batteryinfo:dir search;
-#allow untrusted_app_25 sysfs_batteryinfo:file { getattr open read };
-allow untrusted_app_25 sysfs_therm:dir { open read search };
-allow untrusted_app_25 sysfs_therm:file { getattr open read };

non_plat/untrusted_app_25.te

@@ -0,0 +1,19 @@
+# ==============================================
+# MTK Policy Rule
+# ==============================================
+
+# Date : 2017/08/01
+# Operation: SQC
+# Purpose : Allow Whatstemp, a MTK thermal logging tool, to log thermal related information
+# properly for thermal tests at OEM/ODM.
+allow untrusted_app_25 proc_mtktz:dir search;
+allow untrusted_app_25 proc_mtktz:file r_file_perms;
+allow untrusted_app_25 proc_thermal:dir search;
+allow untrusted_app_25 proc_thermal:file r_file_perms;
+
+allow untrusted_app_25 sysfs_fps:dir search;
+allow untrusted_app_25 sysfs_fps:file r_file_perms;
+allow untrusted_app_25 sysfs_batteryinfo:dir search;
+#allow untrusted_app_25 sysfs_batteryinfo:file { getattr open read };
+allow untrusted_app_25 sysfs_therm:dir r_dir_perms;
+allow untrusted_app_25 sysfs_therm:file r_file_perms;