NekoSakura/android_device_mediatek_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[ALPS03825066] Fix build error

Browse Source 
[Detail]
1.Google neverallow to modify the /proc and /sys folder
2.vendor & system process can not access each file

[Solution]
1.Change the type of sysfs_file to common file
2.Mark the rules which violate the neverallow rules

MTK-Commit-Id: 326790e7af9c782f3dace5c667b4b07860370933

Change-Id: Ifa61d2561078d3b6cde612806607d35d6cfdc4d6
CR-Id: ALPS03825066
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
This commit is contained in:
mtk12101 2020-01-18 09:33:28 +08:00
parent a428ebd38c
commit b46f5159b8
3 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
non_plat/file.te
View File

@ -118,7 +118,7 @@ type c2k_file, file_type, data_file_type;
#For sensor
type sensor_data_file, file_type, data_file_type;
type stp_dump_data_file, file_type,data_file_type;
type sysfs_keypad_file, file_type,sysfs_type;
type sysfs_keypad_file, fs_type;
type rild_via_socket, file_type;
type rpc_socket, file_type;
type rild_ctclient_socket, file_type;

2
non_plat/merged_hal_service.te
View File

@ -59,7 +59,7 @@ allow merged_hal_service debugfs_ged:dir search;
allow merged_hal_service debugfs_ged:file { getattr open read write };
allow merged_hal_service debugfs_fpsgo:dir search;
allow merged_hal_service debugfs_fpsgo:file { getattr open write read };
allow merged_hal_service system_data_file:dir { create write add_name };
#allow merged_hal_service system_data_file:dir { create write add_name };
allow merged_hal_service proc_thermal:file { write open };
allow merged_hal_service proc_thermal:dir search;
allow merged_hal_service sysfs:file {open write read};

4
non_plat/mtkfusionrild.te
View File

@ -120,8 +120,8 @@ allow rild mtk_agpsd:unix_stream_socket connectto;
#Date 2017/10/12
#Purpose: allow set MTU size
allow rild toolbox_exec:file getattr;
allow rild toolbox_exec:file {execute read open};
allow rild toolbox_exec:file {execute_no_trans};
#allow rild toolbox_exec:file {execute read open};
#allow rild toolbox_exec:file {execute_no_trans};
allow rild mtk_net_ipv6_prop:property_service set;
#Dat: 2017/10/17