From 457f1855f1d66a7fcd599a904290c41dc63e5358 Mon Sep 17 00:00:00 2001
From: mtk11285 <weiwei.zhang@mediatek.com>
Date: Sat, 18 Jan 2020 09:35:48 +0800
Subject: [PATCH] [ALPS03841705] AEE porting on Android P

[Detail]
1. modify property according to P rule
2. add some selinux rules
3. relable /proc/slabinfo /proc/zraminfo

MTK-Commit-Id: aa654138c8b48d223b614c81d2f39d7cd6eedd1f

Change-Id: Ib47383553b0d320d3766780f35c397be60dc1339
CR-Id: ALPS03841705
Feature: Android Exception Engine(AEE)
---
 non_plat/aee_aed.te        |  3 +++
 non_plat/aee_aedv.te       | 36 ++++++++++++++++++++++++++++++++++++
 non_plat/dumpstate.te      | 18 ++++++++++++++++++
 non_plat/file.te           |  6 ++++++
 non_plat/genfs_contexts    |  6 ++++++
 non_plat/property_contexts |  8 ++++----
 plat_private/aee_aed.te    |  6 ++++++
 7 files changed, 79 insertions(+), 4 deletions(-)

diff --git a/non_plat/aee_aed.te b/non_plat/aee_aed.te
index c94a13d..f52f00a 100644
--- a/non_plat/aee_aed.te
+++ b/non_plat/aee_aed.te
@@ -47,3 +47,6 @@ allow aee_aed proc_lk_env:file rw_file_perms;
 
 # Purpose: Allow aee_aedv to read /proc/pid/exe
 allow aee_aed exec_type:file r_file_perms;
+
+# Purpose: Allow aee_aedv to read /proc/cpu/alignment
+allow aee_aed proc_cpu_alignment:file { write open };
diff --git a/non_plat/aee_aedv.te b/non_plat/aee_aedv.te
index 26a12af..27bc45f 100644
--- a/non_plat/aee_aedv.te
+++ b/non_plat/aee_aedv.te
@@ -356,3 +356,39 @@ allow aee_aedv sysfs_lowmemorykiller:file r_file_perms;
 # Purpose: Allow aee read /sys/class/misc/scp/scp_dump
 allow aee_aedv sysfs_scp:dir r_dir_perms;
 allow aee_aedv sysfs_scp:file r_file_perms;
+
+# Purpose: allow aee_aedv self to fsetid/sys_nice/chown/fowner
+allow aee_aedv self:capability { fsetid sys_nice chown fowner };
+
+# Purpose: allow aee_aedv to read /proc/buddyinfo
+allow aee_aedv proc_buddyinfo:file { read open };
+
+# Purpose: allow aee_aedv to read /proc/cmdline
+allow aee_aedv proc_cmdline:file { read open };
+
+# Purpose: allow aee_aedv to read /proc/slabinfo
+allow aee_aedv proc_slabinfo:file { read open };
+
+# Purpose: allow aee_aedv to read /proc/stat
+allow aee_aedv proc_stat:file { read open };
+
+# Purpose: allow aee_aedv to read /proc/version
+allow aee_aedv proc_version:file { read open };
+
+# Purpose: allow aee_aedv to read /proc/vmallocinfo
+allow aee_aedv proc_vmallocinfo:file { read open };
+
+# Purpose: allow aee_aedv to read /proc/vmstat
+allow aee_aedv proc_vmstat:file { read open };
+
+# Purpose: Allow aee_aedv to read /proc/cpu/alignment
+allow aee_aedv proc_cpu_alignment:file { write open };
+
+# Purpose: Allow aee_aedv to read /proc/gpulog
+allow aee_aedv proc_gpulog:file { read open };
+
+# Purpose: Allow aee_aedv to read /proc/chip/hw_ver
+allow aee_aedv proc_hw_ver:file { read open };
+
+# Purpose: Allow aee_aedv to read /proc/sched_debug
+allow aee_aedv proc_sched_debug:file { read open };
diff --git a/non_plat/dumpstate.te b/non_plat/dumpstate.te
index 6a7861c..f600c50 100644
--- a/non_plat/dumpstate.te
+++ b/non_plat/dumpstate.te
@@ -89,3 +89,21 @@ allow dumpstate gpu_device:dir search;
 
 # Purpose: Allow aee_dumpstate to invoke "lshal debug <interface>", where <interface> is "ICameraProvider".
 allow dumpstate mtk_hal_camera:binder { call };
+
+# Purpose: Allow aee_dumpstate to read /proc/slabinfo
+allow dumpstate proc_slabinfo:file { read open };
+
+# Purpose: Allow aee_dumpstate to read /proc/zraminfo
+allow dumpstate proc_zraminfo:file { read open };
+
+# Purpose: Allow aee_dumpstate to write /sys/devices/virtual/timed_output/vibrator/enable
+allow dumpstate sysfs_vibrator:file write;
+
+# Purpose: Allow aee_dumpstate to read /proc/gpulog
+allow dumpstate proc_gpulog:file { read open };
+
+# Purpose: Allow aee_dumpstate to read /proc/sched_debug
+allow dumpstate proc_sched_debug:file { read open };
+
+# Purpose: Allow aee_dumpstate to read /proc/chip/hw_ver
+allow dumpstate proc_hw_ver:file { read open };
diff --git a/non_plat/file.te b/non_plat/file.te
index fafabb7..173d704 100644
--- a/non_plat/file.te
+++ b/non_plat/file.te
@@ -55,6 +55,12 @@ type proc_slogger, fs_type;
 type proc_lk_env, fs_type;
 type proc_ged, fs_type;
 type proc_perfmgr, fs_type;
+type proc_slabinfo, fs_type;
+type proc_zraminfo, fs_type;
+type proc_cpu_alignment, fs_type;
+type proc_gpulog, fs_type;
+type proc_sched_debug, fs_type;
+type proc_hw_ver, fs_type;
 type sysfs_therm, fs_type, sysfs_type;
 type sysfs_power_supply, fs_type, sysfs_type;
 type sysfs_fps, fs_type, sysfs_type;
diff --git a/non_plat/genfs_contexts b/non_plat/genfs_contexts
index 9c595e6..3af08d3 100644
--- a/non_plat/genfs_contexts
+++ b/non_plat/genfs_contexts
@@ -19,6 +19,12 @@ genfscon proc /mrdump_rst u:object_r:proc_mrdump_rst:s0
 genfscon proc /mtk_battery_cmd u:object_r:proc_battery_cmd:s0
 genfscon proc /ged u:object_r:proc_ged:s0
 genfscon proc /perfmgr u:object_r:proc_perfmgr:s0
+genfscon proc /slabinfo u:object_r:proc_slabinfo:s0
+genfscon proc /zraminfo u:object_r:proc_zraminfo:s0
+genfscon proc /gpulog u:object_r:proc_gpulog:s0
+genfscon proc /cpu/alignment u:object_r:proc_cpu_alignment:s0
+genfscon proc /sched_debug u:object_r:proc_sched_debug:s0
+genfscon proc /chip/hw_ver u:object_r:proc_hw_ver:s0
 
 genfscon iso9660 / u:object_r:iso9660:s0
 genfscon rawfs / u:object_r:rawfs:s0
diff --git a/non_plat/property_contexts b/non_plat/property_contexts
index a823999..726440d 100644
--- a/non_plat/property_contexts
+++ b/non_plat/property_contexts
@@ -33,16 +33,16 @@ debug.mdlogger u:object_r:debug_mdlogger_prop:s0
 
 #=============allow AEE==============
 # persist.mtk.aee.mode && persist.mtk.aee.dal
-persist.mtk.aee u:object_r:persist_mtk_aee_prop:s0
+persist.vendor.mtk.aee u:object_r:persist_mtk_aee_prop:s0
 
 # persist.aee.core.dump && persist.aee.core.direct
-persist.aee u:object_r:persist_aee_prop:s0
+persist.vendor.aee u:object_r:persist_aee_prop:s0
 
 # debug.mtk.aee.db
-debug.mtk.aee u:object_r:debug_mtk_aee_prop:s0
+vendor.debug.mtk.aee u:object_r:debug_mtk_aee_prop:s0
 
 #=============allow AEE_Dumpstate==============
-debug.bq.dump u:object_r:debug_bq_dump_prop:s0
+vendor.debug.bq.dump u:object_r:debug_bq_dump_prop:s0
 
 #=============allow mux==============
 vendor.ril.mux.      u:object_r:gsm0710muxd_prop:s0
diff --git a/plat_private/aee_aed.te b/plat_private/aee_aed.te
index 3a3af42..7c84f65 100644
--- a/plat_private/aee_aed.te
+++ b/plat_private/aee_aed.te
@@ -134,3 +134,9 @@ allow aee_aed crash_dump:file r_file_perms;
 # for pid=1486 comm="aee_aed" name="atag,devinfo" dev="sysfs" ino=2349 scontext=u:r:aee_aed:s0
 # tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
 #allow aee_aed sysfs:file r_file_perms;
+
+# Purpose : allow aee_aed to read /proc/version
+allow aee_aed proc_version:file { read open };
+
+# Purpose : allow aee_aed self to sys_nice/chown
+allow aee_aed self:capability { sys_nice chown };