From 9eeda9d646045ea1a52ac0eae38877d9cab76de7 Mon Sep 17 00:00:00 2001
From: Shanshan Guo <Shanshan.Guo@mediatek.com>
Date: Sat, 18 Jan 2020 10:21:42 +0800
Subject: [PATCH] [ALPS04833608] SEPolicy: Add specail SELabel for atag,chipid

[Detail]
It has risk for allow process to get permission of atag,chipid
by using u:object_rsysfs:s0
To avoid that, need to add specail SELabel for atag,chipid

[Solution]
Add specail SELabel for atag,chipid

MTK-Commit-Id: b727ba4e2b59c1dbe59f5e1d9f6b9c5d94c5ffad

Change-Id: Ibaf69f387015790c657783bb1234e584e56f67aa
CR-Id: ALPS04833608
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
---
 non_plat/file.te        | 5 +++++
 non_plat/genfs_contexts | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/non_plat/file.te b/non_plat/file.te
index ab973a7..6ca32cb 100644
--- a/non_plat/file.te
+++ b/non_plat/file.te
@@ -431,3 +431,8 @@ type sysfs_pages_volatile, fs_type, sysfs_type;
 # Date : 2019/10/22
 # Purpose : allow aee_aedv write /sys/module/mrdump/parameters/lbaooo
 type sysfs_mrdump_lbaooo, fs_type, sysfs_type;
+
+# Date : 2019/10/25
+# Purpose : To avoid using the SELabel of u:object_r:proc:s0 or u:object_r:sysfs:s0
+# to access /proc/device-tree/chosen/atag,chipid or  /sysfs/firmware/devicetree/base/chosen/atag,chipid
+type sysfs_chipid, fs_type, sysfs_type;
diff --git a/non_plat/genfs_contexts b/non_plat/genfs_contexts
index edf72ff..cb30065 100644
--- a/non_plat/genfs_contexts
+++ b/non_plat/genfs_contexts
@@ -263,3 +263,8 @@ genfscon sysfs /kernel/mm/ksm/pages_shared u:object_r:sysfs_pages_shared:s0
 genfscon sysfs /kernel/mm/ksm/pages_sharing u:object_r:sysfs_pages_sharing:s0
 genfscon sysfs /kernel/mm/ksm/pages_unshared u:object_r:sysfs_pages_unshared:s0
 genfscon sysfs /kernel/mm/ksm/pages_volatile u:object_r:sysfs_pages_volatile:s0
+
+# Date : 2019/10/25
+# Purpose : To avoid using the SELabel of u:object_r:proc:s0 or u:object_r:sysfs:s0
+# to access /proc/device-tree/chosen/atag,chipid or  /sysfs/firmware/devicetree/base/chosen/atag,chipid
+genfscon sysfs /firmware/devicetree/base/chosen/atag,chipid u:object_r:sysfs_chipid:s0