[ALPS03825066] Resolve build error

[Detail] 1.Google add new neverallow rule for untrusted apps 2.The file/dir in /proc must associate with proc_type [Solution] 1.Remove rules which violate google neverallow rules about untrusted apps 2.Add proc_type attribute for file/dir on /proc MTK-Commit-Id: b94412725e3a7b18db9573056c2fb43367989ed5 Change-Id: I89de16a65f05d052969c794604b9c372ed1ce7e1 CR-Id: ALPS03825066 Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
2020-01-18 09:38:47 +08:00 · 2020-01-18 09:38:47 +08:00 · c7ac9f171a
commit c7ac9f171a
parent ca7b506c0b
4 changed files with 21 additions and 19 deletions
--- a/non_plat/em_svr.te
+++ b/non_plat/em_svr.te
@ -18,7 +18,7 @@ allow em_svr misc_sd_device:chr_file { read open ioctl };
 # Date: WK1812
 # Purpose: add for battery log
-allow em_svr proc_battery_cmd:dir { write search add_name };
+allow em_svr proc_battery_cmd:dir { search };
 allow em_svr proc_battery_cmd:file { create write open };
 # Date: WK1812
--- a/non_plat/file.te
+++ b/non_plat/file.te
@ -48,19 +48,19 @@ type dbus_bluetooth_socket, file_type;
 type bt_int_adp_socket, file_type;
 type bt_a2dp_stream_socket, file_type;
 type bt_data_file, file_type, data_file_type;
-type proc_thermal, fs_type;
+type proc_thermal, fs_type, proc_type;
-type proc_mtkcooler, fs_type;
+type proc_mtkcooler, fs_type, proc_type;
-type proc_mtktz, fs_type;
+type proc_mtktz, fs_type, proc_type;
-type proc_slogger, fs_type;
+type proc_slogger, fs_type, proc_type;
-type proc_lk_env, fs_type;
+type proc_lk_env, fs_type, proc_type;
-type proc_ged, fs_type;
+type proc_ged, fs_type, proc_type;
-type proc_perfmgr, fs_type;
+type proc_perfmgr, fs_type, proc_type;
-type proc_slabinfo, fs_type;
+type proc_slabinfo, fs_type, proc_type;
-type proc_zraminfo, fs_type;
+type proc_zraminfo, fs_type, proc_type;
-type proc_cpu_alignment, fs_type;
+type proc_cpu_alignment, fs_type, proc_type;
-type proc_gpulog, fs_type;
+type proc_gpulog, fs_type, proc_type;
-type proc_sched_debug, fs_type;
+type proc_sched_debug, fs_type, proc_type;
-type proc_hw_ver, fs_type;
+type proc_hw_ver, fs_type, proc_type;
 type proc_atf_log, fs_type, proc_type;
 type proc_gz_log, fs_type, proc_type;
 type proc_last_kmsg, fs_type, proc_type;
@ -133,7 +133,7 @@ type rild_via_socket, file_type;
 type rpc_socket, file_type;
 type rild_ctclient_socket, file_type;
 #For icusb
-type proc_icusb, fs_type;
+type proc_icusb, fs_type, proc_type;
 # for labeling /mnt/cd-rom as iso9660
 type iso9660, fs_type;
@ -164,10 +164,10 @@ type autokd_data_file, file_type, data_file_type;
 type fuseblk,sdcard_type,fs_type,mlstrustedobject;
 # for mt-ramdump reset
-type proc_mrdump_rst, fs_type;
+type proc_mrdump_rst, fs_type, proc_type;
 # battery_cmd file
-type proc_battery_cmd, fs_type;
+type proc_battery_cmd, fs_type, proc_type;
 # binder debugfs file
 type debugfs_binder, fs_type, debugfs_type;
--- a/non_plat/untrusted_app.te
+++ b/non_plat/untrusted_app.te
@ -22,7 +22,6 @@ allow untrusted_app proc_mtktz:file r_file_perms;
 # properly for thermal tests at OEM/ODM.
 allow untrusted_app_25 proc_mtktz:dir search;
 allow untrusted_app_25 proc_mtktz:file { getattr open read };
 allow untrusted_app_25 proc_stat:file { getattr open read };
 allow untrusted_app_25 proc_thermal:dir search;
 allow untrusted_app_25 proc_thermal:file { getattr open read };
--- a/plat_private/file.te
+++ b/plat_private/file.te
@ -3,4 +3,7 @@
 # ==============================================
 # For drmserver
 # Date: WK1812
 # Operation : Migration
 # Purpose : For drmserver
 type access_sys_file, fs_type, sysfs_type;