[ALPS03841705] AEE porting on Android P about selinux
[Detail] 1. add some rules 2. transfer aee_core_forwarder domain form kerenl to aee_core_forwarder MTK-Commit-Id: 7ad2c5df75565153ccec471f0eb2224c912515cd Change-Id: I9b576e3937d04b5848baeb156718d0469fa05a75 CR-Id: ALPS03841705 Feature: Android Exception Engine(AEE)
This commit is contained in:
mtk11285
parent
cf19167a30
commit
a76cdd9cee
@ -45,13 +45,20 @@ set_prop(aee_aed, debug_mtk_aee_prop);
|
||||
# /proc/lk_env
|
||||
allow aee_aed proc_lk_env:file rw_file_perms;
|
||||
|
||||
# Purpose: Allow aee_aedv to read /proc/pid/exe
|
||||
# Purpose: Allow aee_aed to read /proc/pid/exe
|
||||
allow aee_aed exec_type:file r_file_perms;
|
||||
|
||||
# Purpose: Allow aee_aedv to read /proc/cpu/alignment
|
||||
# Purpose: Allow aee_aed to read /proc/cpu/alignment
|
||||
allow aee_aed proc_cpu_alignment:file { write open };
|
||||
|
||||
# Date : WK18.20
|
||||
# Operation : Migration
|
||||
# Purpose : no permission for vendor_default_prop
|
||||
get_prop(aee_aed, vendor_default_prop)
|
||||
|
||||
# Purpose: Allow aee_aed to access /sys/devices/virtual/timed_output/vibrator/enable
|
||||
allow aee_aed sysfs_vibrator_setting:dir search;
|
||||
allow aee_aed sysfs_vibrator_setting:file w_file_perms;
|
||||
|
||||
# Purpose: Allow aee_aed to read /proc/kpageflags
|
||||
allow aee_aed proc_kpageflags:file r_file_perms;
|
||||
|
||||
@ -361,39 +361,66 @@ allow aee_aedv sysfs_scp:file r_file_perms;
|
||||
allow aee_aedv self:capability { fsetid sys_nice chown fowner };
|
||||
|
||||
# Purpose: allow aee_aedv to read /proc/buddyinfo
|
||||
allow aee_aedv proc_buddyinfo:file { read open };
|
||||
allow aee_aedv proc_buddyinfo:file r_file_perms;
|
||||
|
||||
# Purpose: allow aee_aedv to read /proc/cmdline
|
||||
allow aee_aedv proc_cmdline:file { read open };
|
||||
allow aee_aedv proc_cmdline:file r_file_perms;
|
||||
|
||||
# Purpose: allow aee_aedv to read /proc/slabinfo
|
||||
allow aee_aedv proc_slabinfo:file { read open };
|
||||
allow aee_aedv proc_slabinfo:file r_file_perms;
|
||||
|
||||
# Purpose: allow aee_aedv to read /proc/stat
|
||||
allow aee_aedv proc_stat:file { read open };
|
||||
allow aee_aedv proc_stat:file r_file_perms;
|
||||
|
||||
# Purpose: allow aee_aedv to read /proc/version
|
||||
allow aee_aedv proc_version:file { read open };
|
||||
allow aee_aedv proc_version:file r_file_perms;
|
||||
|
||||
# Purpose: allow aee_aedv to read /proc/vmallocinfo
|
||||
allow aee_aedv proc_vmallocinfo:file { read open };
|
||||
allow aee_aedv proc_vmallocinfo:file r_file_perms;
|
||||
|
||||
# Purpose: allow aee_aedv to read /proc/vmstat
|
||||
allow aee_aedv proc_vmstat:file { read open };
|
||||
allow aee_aedv proc_vmstat:file r_file_perms;
|
||||
|
||||
# Purpose: Allow aee_aedv to read /proc/cpu/alignment
|
||||
allow aee_aedv proc_cpu_alignment:file { write open };
|
||||
allow aee_aedv proc_cpu_alignment:file w_file_perms;
|
||||
|
||||
# Purpose: Allow aee_aedv to read /proc/gpulog
|
||||
allow aee_aedv proc_gpulog:file { read open };
|
||||
allow aee_aedv proc_gpulog:file r_file_perms;
|
||||
|
||||
# Purpose: Allow aee_aedv to read /proc/chip/hw_ver
|
||||
allow aee_aedv proc_hw_ver:file { read open };
|
||||
allow aee_aedv proc_hw_ver:file r_file_perms;
|
||||
|
||||
# Purpose: Allow aee_aedv to read /proc/sched_debug
|
||||
allow aee_aedv proc_sched_debug:file { read open };
|
||||
allow aee_aedv proc_sched_debug:file r_file_perms;
|
||||
|
||||
# Date : WK18.20
|
||||
# Operation : Migration
|
||||
# Purpose : no permission for vendor_default_prop
|
||||
get_prop(aee_aedv, vendor_default_prop)
|
||||
|
||||
# Purpose: Allow aee_aedv to read /proc/atf_log
|
||||
allow aee_aedv proc_atf_log:dir search;
|
||||
|
||||
# Purpose: Allow aee_aedv to read /proc/last_kmsg
|
||||
allow aee_aedv proc_last_kmsg:file r_file_perms;
|
||||
|
||||
# Purpose: Allow aee_aedv to access /sys/devices/virtual/timed_output/vibrator/enable
|
||||
allow aee_aedv sysfs_vibrator_setting:dir search;
|
||||
allow aee_aedv sysfs_vibrator_setting:file w_file_perms;
|
||||
|
||||
# Purpose: Allow aee_aedv to read /sys/kernel/debug/rcu/rcu_callback_log
|
||||
allow aee_aedv debugfs_rcu:file r_file_perms;
|
||||
|
||||
# Purpose: Allow aee_aedv to read /proc/msdc_debug
|
||||
allow aee_aedv proc_msdc_debug:file r_file_perms;
|
||||
|
||||
# Purpose: Allow aee_aedv to read /sys/power/vcorefs/vcore_debug
|
||||
allow aee_aedv sysfs_vcore_debug:file r_file_perms;
|
||||
|
||||
# Purpose: Allow aee_aedv to read /sys/devices/virtual/BOOT/BOOT/boot/boot_mode
|
||||
allow aee_aedv sysfs_boot:file r_file_perms;
|
||||
|
||||
#Purpose: Allow aee_aedv to read/write /sys/kernel/debug/tracing/buffer_total_size_kb
|
||||
userdebug_or_eng(`
|
||||
allow aee_aedv debugfs_tracing_debug:file { r_file_perms write };
|
||||
')
|
||||
|
||||
9
non_plat/aee_core_forwarder.te
Normal file
9
non_plat/aee_core_forwarder.te
Normal file
@ -0,0 +1,9 @@
|
||||
# ==============================================
|
||||
# Policy File of /system/bin/aee_core_forwarder Executable File
|
||||
|
||||
# ==============================================
|
||||
# MTK Policy Rule
|
||||
# ==============================================
|
||||
|
||||
allow aee_core_forwarder aee_exp_data_file:dir { write add_name search };
|
||||
allow aee_core_forwarder aee_exp_data_file:file { write create open getattr };
|
||||
@ -91,19 +91,37 @@ allow dumpstate gpu_device:dir search;
|
||||
allow dumpstate mtk_hal_camera:binder { call };
|
||||
|
||||
# Purpose: Allow aee_dumpstate to read /proc/slabinfo
|
||||
allow dumpstate proc_slabinfo:file { read open };
|
||||
allow dumpstate proc_slabinfo:file r_file_perms;
|
||||
|
||||
# Purpose: Allow aee_dumpstate to read /proc/zraminfo
|
||||
allow dumpstate proc_zraminfo:file { read open };
|
||||
|
||||
# Purpose: Allow aee_dumpstate to write /sys/devices/virtual/timed_output/vibrator/enable
|
||||
allow dumpstate sysfs_vibrator:file write;
|
||||
allow dumpstate proc_zraminfo:file r_file_perms;
|
||||
|
||||
# Purpose: Allow aee_dumpstate to read /proc/gpulog
|
||||
allow dumpstate proc_gpulog:file { read open };
|
||||
allow dumpstate proc_gpulog:file r_file_perms;
|
||||
|
||||
# Purpose: Allow aee_dumpstate to read /proc/sched_debug
|
||||
allow dumpstate proc_sched_debug:file { read open };
|
||||
allow dumpstate proc_sched_debug:file r_file_perms;
|
||||
|
||||
# Purpose: Allow aee_dumpstate to read /proc/chip/hw_ver
|
||||
allow dumpstate proc_hw_ver:file { read open };
|
||||
allow dumpstate proc_hw_ver:file r_file_perms;
|
||||
|
||||
# Purpose: Allow aee_dumpstate to write /sys/devices/virtual/timed_output/vibrator/enable
|
||||
allow dumpstate sysfs_vibrator_setting:file write;
|
||||
|
||||
# Purpose: Allow dumpstate to read /sys/kernel/debug/rcu/rcu_callback_log
|
||||
allow dumpstate debugfs_rcu:file r_file_perms;
|
||||
|
||||
# Purpose: Allow dumpstate to read /proc/msdc_debug
|
||||
allow dumpstate proc_msdc_debug:file r_file_perms;
|
||||
|
||||
# Purpose: Allow dumpstate to read /sys/power/vcorefs/vcore_debug
|
||||
allow dumpstate sysfs_vcore_debug:file r_file_perms;
|
||||
|
||||
# Purpose: Allow dumpstate to read /data/anr/SF_RTT/rtt_dump.txt
|
||||
allow dumpstate sf_rtt_file:file r_file_perms;
|
||||
|
||||
#Purpose: Allow dumpstate to read/write /sys/mtk_memcfg/slabtrace
|
||||
allow dumpstate proc_slabtrace:file r_file_perms;
|
||||
|
||||
#Purpose: Allow dumpstate to read/write /sys/mtk_cmdq_debug/status
|
||||
allow dumpstate proc_cmqd_debug:file r_file_perms;
|
||||
|
||||
@ -65,6 +65,10 @@ type proc_gz_log, fs_type, proc_type;
|
||||
type proc_last_kmsg, fs_type, proc_type;
|
||||
type proc_bootprof, fs_type, proc_type;
|
||||
type proc_pl_lk, fs_type, proc_type;
|
||||
type proc_msdc_debug, fs_type, proc_type;
|
||||
type proc_kpageflags, fs_type, proc_type;
|
||||
type proc_slabtrace, fs_type, proc_type;
|
||||
type proc_cmqd_debug, fs_type, proc_type;
|
||||
type sysfs_therm, fs_type, sysfs_type;
|
||||
type sysfs_fps, fs_type, sysfs_type;
|
||||
type sysfs_ccci, fs_type, sysfs_type;
|
||||
@ -76,6 +80,7 @@ type sysfs_sspm, fs_type, sysfs_type;
|
||||
type sysfs_devinfo, fs_type, sysfs_type, mlstrustedobject;
|
||||
type sysfs_dcm, fs_type, sysfs_type;
|
||||
type sysfs_dcs, fs_type, sysfs_type;
|
||||
type sysfs_vcore_debug, fs_type, sysfs_type;
|
||||
type agpsd_socket, file_type;
|
||||
type agpsd_data_file, file_type, data_file_type;
|
||||
type mnld_socket, file_type;
|
||||
|
||||
@ -30,6 +30,11 @@ genfscon proc /gz_log u:object_r:proc_gz_log:s0
|
||||
genfscon proc /last_kmsg u:object_r:proc_last_kmsg:s0
|
||||
genfscon proc /bootprof u:object_r:proc_bootprof:s0
|
||||
genfscon proc /pl_lk u:object_r:proc_pl_lk:s0
|
||||
genfscon proc /msdc_debug u:object_r:proc_msdc_debug:s0
|
||||
genfscon proc /kpageflags u:object_r:proc_kpageflags:s0
|
||||
genfscon proc /mtk_memcfg/slabtrace u:object_r:proc_slabtrace:s0
|
||||
genfscon proc /mtk_cmdq_debug/status u:object_r:proc_cmqd_debug:s0
|
||||
|
||||
|
||||
genfscon iso9660 / u:object_r:iso9660:s0
|
||||
genfscon rawfs / u:object_r:rawfs:s0
|
||||
@ -37,3 +42,5 @@ genfscon fuseblk / u:object_r:fuseblk:s0
|
||||
|
||||
genfscon sysfs /devices/platform/battery u:object_r:sysfs_batteryinfo:s0
|
||||
genfscon sysfs /devices/platform/mt_charger/power_supply u:object_r:sysfs_batteryinfo:s0
|
||||
genfscon sysfs /power/vcorefs/vcore_debug u:object_r:sysfs_vcore_debug:s0
|
||||
genfscon sysfs /power/vcorefs/opp_table u:object_r:sysfs_vcore_debug:s0
|
||||
|
||||
@ -32,15 +32,19 @@ mtk_wifi. u:object_r:mtk_wifi_prop:s0
|
||||
debug.mdlogger u:object_r:debug_mdlogger_prop:s0
|
||||
|
||||
#=============allow AEE==============
|
||||
# persist.mtk.aee.mode && persist.mtk.aee.dal
|
||||
# persist.vendor.mtk.aee.mode && persist.vendor.mtk.aee.dal
|
||||
persist.vendor.mtk.aee u:object_r:persist_mtk_aee_prop:s0
|
||||
|
||||
# persist.aee.core.dump && persist.aee.core.direct
|
||||
# persist.vendor.aee.core.dump && persist.vendor.aee.core.direct
|
||||
persist.vendor.aee u:object_r:persist_aee_prop:s0
|
||||
|
||||
# debug.mtk.aee.db
|
||||
# vendor.debug.mtk.aee.db
|
||||
vendor.debug.mtk.aee u:object_r:debug_mtk_aee_prop:s0
|
||||
|
||||
ro.vendor.aee.build.info u:object_r:persist_mtk_aee_prop:s0
|
||||
|
||||
ro.vendor.hava_aee_feature u:object_r:persist_mtk_aee_prop:s0
|
||||
|
||||
#=============allow AEE_Dumpstate==============
|
||||
vendor.debug.bq.dump u:object_r:debug_bq_dump_prop:s0
|
||||
|
||||
|
||||
@ -140,3 +140,6 @@ allow aee_aed proc_version:file { read open };
|
||||
|
||||
# Purpose : allow aee_aed self to sys_nice/chown
|
||||
allow aee_aed self:capability { sys_nice chown };
|
||||
|
||||
# Purpose: Allow aee_aed to write /sys/kernel/debug/tracing/snapshot
|
||||
userdebug_or_eng(`allow aee_aed debugfs_tracing_debug:file { write open };')
|
||||
|
||||
@ -41,3 +41,9 @@ allow dumpstate gpu_device:dir search;
|
||||
# android.hardware.camera.provider::ICameraProvider pid=3133 scontext=u:r:dumpstate:s0 tcontext=
|
||||
# u:object_r:hal_camera_hwservice:s0 tclass=hwservice_manager
|
||||
allow dumpstate hal_camera_hwservice:hwservice_manager find;
|
||||
|
||||
#Purpose: Allow dumpstate to read/write /sys/kernel/debug/tracing/buffer_total_size_kb
|
||||
userdebug_or_eng(`allow dumpstate debugfs_tracing_debug:file { r_file_perms write };')
|
||||
|
||||
# Purpose: Allow aee_dumpstate to write /sys/devices/virtual/timed_output/vibrator/enable
|
||||
allow dumpstate sysfs_vibrator:file write;
|
||||
|
||||
6
plat_private/kernel.te
Normal file
6
plat_private/kernel.te
Normal file
@ -0,0 +1,6 @@
|
||||
# ==============================================
|
||||
# MTK Policy Rule
|
||||
# ==============================================
|
||||
|
||||
domain_auto_trans(kernel, aee_core_forwarder_exec, aee_core_forwarder)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user