[ALPS04833608] SEPolicy: Add specail SELabel for atag,chipid
[Detail] It has risk for allow process to get permission of atag,chipid by using u:object_rsysfs:s0 To avoid that, need to add specail SELabel for atag,chipid [Solution] Add specail SELabel for atag,chipid MTK-Commit-Id: b727ba4e2b59c1dbe59f5e1d9f6b9c5d94c5ffad Change-Id: Ibaf69f387015790c657783bb1234e584e56f67aa CR-Id: ALPS04833608 Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
This commit is contained in:
Shanshan Guo
Shanshan Guo
parent
9e3351da5a
commit
9eeda9d646
@ -431,3 +431,8 @@ type sysfs_pages_volatile, fs_type, sysfs_type;
|
||||
# Date : 2019/10/22
|
||||
# Purpose : allow aee_aedv write /sys/module/mrdump/parameters/lbaooo
|
||||
type sysfs_mrdump_lbaooo, fs_type, sysfs_type;
|
||||
|
||||
# Date : 2019/10/25
|
||||
# Purpose : To avoid using the SELabel of u:object_r:proc:s0 or u:object_r:sysfs:s0
|
||||
# to access /proc/device-tree/chosen/atag,chipid or /sysfs/firmware/devicetree/base/chosen/atag,chipid
|
||||
type sysfs_chipid, fs_type, sysfs_type;
|
||||
|
||||
@ -263,3 +263,8 @@ genfscon sysfs /kernel/mm/ksm/pages_shared u:object_r:sysfs_pages_shared:s0
|
||||
genfscon sysfs /kernel/mm/ksm/pages_sharing u:object_r:sysfs_pages_sharing:s0
|
||||
genfscon sysfs /kernel/mm/ksm/pages_unshared u:object_r:sysfs_pages_unshared:s0
|
||||
genfscon sysfs /kernel/mm/ksm/pages_volatile u:object_r:sysfs_pages_volatile:s0
|
||||
|
||||
# Date : 2019/10/25
|
||||
# Purpose : To avoid using the SELabel of u:object_r:proc:s0 or u:object_r:sysfs:s0
|
||||
# to access /proc/device-tree/chosen/atag,chipid or /sysfs/firmware/devicetree/base/chosen/atag,chipid
|
||||
genfscon sysfs /firmware/devicetree/base/chosen/atag,chipid u:object_r:sysfs_chipid:s0
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user