[ALPS03932298] Factory Mode: move to vendor partition

[Solution] Factory mode should build in vendor partiton, so move factory from system partition to vendor partition MTK-Commit-Id: c55354593a97aed3af9d0b2584037d03d3d2669c Change-Id: I5a607b60f9ac974380c5e440a6fa0c51797d6b1b CR-Id: ALPS03932298 Feature: Factory Mode
2020-01-18 09:58:07 +08:00 · 2020-01-18 09:58:07 +08:00 · c93290f067
commit c93290f067
parent 2e09db7248
7 changed files with 52 additions and 112 deletions
--- a/non_plat/factory.te
+++ b/non_plat/factory.te
@ -8,7 +8,10 @@
 # ==============================================
 # MTK Policy Rule
 # ==============================================
-file_type_auto_trans(factory, system_data_file, factory_data_file)
+#file_type_auto_trans(factory, system_data_file, factory_data_file)
+type factory, domain;
+type factory_exec, exec_type, file_type, vendor_file_type;
+init_daemon_domain(factory)

 #============= factory ==============
 allow factory MTK_SMI_device:chr_file r_file_perms;
@ -65,8 +68,8 @@ allow factory proc_mrdump_rst:file w_file_perms;
 #allow factory self:capability2 block_suspend;
 wakelock_use(factory);
 allow factory storage_file:dir { write create add_name search mounton };
-allow factory factory_data_file:file create_file_perms;
-allow factory shell_exec:file r_file_perms;
+#allow factory factory_data_file:file create_file_perms;
+#allow factory shell_exec:file r_file_perms;

 # Date: WK15.44
 # Purpose: factory idle current status
@ -75,16 +78,16 @@ allow factory vendor_factory_idle_state_prop:property_service set;

 # Date: WK15.46
 # Purpose: gps factory mode
-###allow factory agpsd_data_file:dir search;
-allow factory apk_data_file:dir write;
+allow factory agpsd_data_file:dir search;
+#allow factory apk_data_file:dir write;
 #allow factory gps_data_file:dir r_dir_perms;
 #allow factory gps_data_file:dir { write open };
 #allow factory gps_data_file:file { read write };
-###allow factory gps_data_file:dir { write add_name search remove_name unlink};
-###allow factory gps_data_file:file { read write open create getattr append setattr unlink lock};
-###allow factory gps_data_file:lnk_file read;
+allow factory gps_data_file:dir { write add_name search remove_name unlink};
+allow factory gps_data_file:file { read write open create getattr append setattr unlink lock};
+allow factory gps_data_file:lnk_file read;
 # allow factory gps_emi_device:chr_file { read write };
-allow factory shell_exec:file x_file_perms;
+#allow factory shell_exec:file x_file_perms;
 allow factory storage_file:lnk_file r_file_perms;

 #Date: WK15.48
@ -99,15 +102,15 @@ allow factory storage_file:lnk_file read;
 #Date: WK16.05
 #Purpose: For access NVRAM
 allow factory factory:capability chown;
-###allow factory nvram_data_file:dir create_dir_perms;
-###allow factory nvram_data_file:file create_file_perms;
-###allow factory nvram_data_file:lnk_file r_file_perms;
-###allow factory nvdata_file:lnk_file r_file_perms;
+allow factory nvram_data_file:dir create_dir_perms;
+allow factory nvram_data_file:file create_file_perms;
+allow factory nvram_data_file:lnk_file r_file_perms;
+allow factory nvdata_file:lnk_file r_file_perms;
 allow factory nvram_device:chr_file rw_file_perms;
 allow factory nvram_device:blk_file rw_file_perms;
 allow factory nvdata_device:blk_file rw_file_perms;
 # Purpose : Allow factory read /data/nvram link
-allow factory system_data_file:lnk_file read;
+#allow factory system_data_file:lnk_file read;

 #Date: WK16.12
 #Purpose: For sensor test
@ -134,8 +137,8 @@ allow factory mmcblk1p1_block_device:blk_file rw_file_perms;
 allow factory block_device:dir w_dir_perms;

 #Purpose: For EMMC test
-###allow factory nvdata_file:dir create_dir_perms;
-###allow factory nvdata_file:file create_file_perms;
+allow factory nvdata_file:dir create_dir_perms;
+allow factory nvdata_file:file create_file_perms;

 #Purpose: For HRM test
 allow factory hrm_device:chr_file r_file_perms;
@ -190,8 +193,8 @@ allow factory LC898212AF_device:chr_file rw_file_perms;
 allow factory BU6429AF_device:chr_file rw_file_perms;
 allow factory DW9718AF_device:chr_file rw_file_perms;
 allow factory BU64745GWZAF_device:chr_file rw_file_perms;
-###allow factory cct_data_file:dir create_dir_perms;
-###allow factory cct_data_file:file create_file_perms;
+allow factory cct_data_file:dir create_dir_perms;
+allow factory cct_data_file:file create_file_perms;
 allow factory camera_tsf_device:chr_file rw_file_perms;
 allow factory camera_rsc_device:chr_file rw_file_perms;
 allow factory camera_gepf_device:chr_file rw_file_perms;
@ -233,7 +236,7 @@ allow factory sysfs_boot_type:file { read open };

 # Date: WK16.30
 #Purpose: For gps test
-allow factory media_rw_data_file:dir search;
+#allow factory media_rw_data_file:dir search;
 #allow factory gps_data_file:dir add_name;
 #TODO:: MTK need to remove later
 not_full_treble(`
@ -243,13 +246,13 @@ not_full_treble(`
 # Date: WK16.31
 #Purpose: For gps test
 allow factory mnld_prop:property_service set;
-allow factory media_rw_data_file:dir { read open };
+#allow factory media_rw_data_file:dir { read open };
 #allow factory gps_data_file:file create_file_perms;

 # Date: WK16.33
 #Purpose: for unmount sdcardfs and stop services which are using data partition
 allow factory sdcard_type:filesystem unmount;
-allow factory toolbox_exec:file { read open getattr execute execute_no_trans };
+#allow factory toolbox_exec:file { read open getattr execute execute_no_trans };
 allow factory ctl_default_prop:property_service set;

 # Date : WK16.35
@ -274,7 +277,7 @@ allow factory debugfs_ion:dir search;
 # Date: WK17.27
 # Purpose: STMicro NFC solution integration
 allow factory st21nfc_device:chr_file { open read getattr write ioctl };
-allow factory nfc_socket:dir search;
+#allow factory nfc_socket:dir search;
 #allow factory vendor_file:file { getattr execute execute_no_trans read open };
 set_prop(factory,hwservicemanager_prop);
 hwbinder_use(factory);
@ -303,3 +306,29 @@ allow factory sysfs_therm:file {open read write};
 #"sysfs" ino=11073 scontext=u:r:factory:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
 allow factory sysfs_comport_type:file rw_file_perms;
 allow factory sysfs_uart_info:file rw_file_perms;
+
+
+# from private
+allow factory property_socket:sock_file write;
+allow factory init:unix_stream_socket connectto;
+allow factory kernel:system module_request;
+allow factory node:tcp_socket node_bind;
+allow factory userdata_block_device:blk_file rw_file_perms;
+allow factory port:tcp_socket { name_bind name_connect };
+#allow factory self:capability { sys_module ipc_lock sys_nice dac_override net_raw fsetid net_admin sys_time sys_boot sys_admin };
+allow factory sdcard_type:dir r_dir_perms;
+### TBD, neverallowxperm on line 177 of system/sepolicy/public/domain.te
+#allow factory self:netlink_route_socket create_socket_perms;
+allow factory self:netlink_route_socket { bind create getattr write nlmsg_read read nlmsg_write };
+allow factory proc_net:file { read getattr open };
+allowxperm factory self:udp_socket ioctl priv_sock_ioctls;
+allowxperm factory self:udp_socket ioctl {SIOCGIFFLAGS SIOCGIWNWID};
+
+allow factory self:process execmem;
+allow factory self:tcp_socket create_stream_socket_perms;
+allow factory self:udp_socket create_socket_perms;
+
+allow factory sysfs_wake_lock:file rw_file_perms;
+##allow factory system_data_file:dir w_dir_perms;
+##allow factory system_data_file:sock_file create_file_perms;
+allow factory system_file:file x_file_perms;
--- a/non_plat/file_contexts
+++ b/non_plat/file_contexts
@ -548,6 +548,7 @@
 /(system\/vendor|vendor)/bin/wmt_loader u:object_r:wmt_loader_exec:s0
 /(system\/vendor|vendor)/bin/spm_loader u:object_r:spm_loader_exec:s0
 /(system\/vendor|vendor)/bin/ccci_mdinit u:object_r:ccci_mdinit_exec:s0
+/(system\/vendor|vendor)/bin/factory u:object_r:factory_exec:s0

 /(system\/vendor|vendor)/bin/mnld u:object_r:mnld_exec:s0
 /(system\/vendor|vendor)/bin/connsyslogger u:object_r:connsyslogger_exec:s0
--- a/plat_private/factory.te
+++ b/plat_private/factory.te
@ -1,37 +0,0 @@
-# ==============================================
-# Policy File of /system/bin/factory Executable File
-
-# ==============================================
-# Type Declaration
-# ==============================================
-type factory_exec , exec_type, file_type;
-typeattribute factory coredomain;
-
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-init_daemon_domain(factory)
-
-allow factory property_socket:sock_file write;
-allow factory init:unix_stream_socket connectto;
-allow factory kernel:system module_request;
-allow factory node:tcp_socket node_bind;
-allow factory userdata_block_device:blk_file rw_file_perms;
-allow factory port:tcp_socket { name_bind name_connect };
-#allow factory self:capability { sys_module ipc_lock sys_nice dac_override net_raw fsetid net_admin sys_time sys_boot sys_admin };
-allow factory sdcard_type:dir r_dir_perms;
-### TBD, neverallowxperm on line 177 of system/sepolicy/public/domain.te
-#allow factory self:netlink_route_socket create_socket_perms;
-allow factory self:netlink_route_socket { bind create getattr write nlmsg_read read nlmsg_write };
-allow factory proc_net:file { read getattr open };
-allowxperm factory self:udp_socket ioctl priv_sock_ioctls;
-allowxperm factory self:udp_socket ioctl {SIOCGIFFLAGS SIOCGIWNWID};
-
-allow factory self:process execmem;
-allow factory self:tcp_socket create_stream_socket_perms;
-allow factory self:udp_socket create_socket_perms;
-
-allow factory sysfs_wake_lock:file rw_file_perms;
-allow factory system_data_file:dir w_dir_perms;
-allow factory system_data_file:sock_file create_file_perms;
-allow factory system_file:file x_file_perms;
--- a/plat_private/file_contexts
+++ b/plat_private/file_contexts
@ -23,7 +23,6 @@
 /system/bin/aee_dumpstate u:object_r:dumpstate_exec:s0
 /system/bin/audiocmdservice_atci u:object_r:audiocmdservice_atci_exec:s0
 /(system\/vendor|vendor)/bin/kisd u:object_r:kisd_exec:s0
-/system/bin/factory u:object_r:factory_exec:s0

 # google suggest that move aee_aedv_exec to platform @google_issue_id:64130120
 /(system\/vendor|vendor)/bin/aee_aedv u:object_r:aee_aedv_exec:s0
--- a/plat_public/factory.te
+++ b/plat_public/factory.te
@ -1,7 +0,0 @@
-# ==============================================
-# Policy File of /system/bin/factory Executable File
-
-# ==============================================
-# Type Declaration
-# ==============================================
-type factory ,domain;
--- a/prebuilts/api/26.0/plat_private/factory.te
+++ b/prebuilts/api/26.0/plat_private/factory.te
@ -1,38 +0,0 @@
-# ==============================================
-# Policy File of /system/bin/factory Executable File
-
-# ==============================================
-# Type Declaration
-# ==============================================
-type factory_exec , exec_type, file_type;
-typeattribute factory coredomain;
-
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-init_daemon_domain(factory)
-
-
-allow factory property_socket:sock_file write;
-allow factory init:unix_stream_socket connectto;
-allow factory kernel:system module_request;
-allow factory node:tcp_socket node_bind;
-allow factory userdata_block_device:blk_file rw_file_perms;
-#allow factory port:tcp_socket { name_bind name_connect };
-allow factory self:capability { sys_module ipc_lock sys_nice dac_override net_raw fsetid net_admin sys_time sys_boot sys_admin };
-allow factory sdcard_type:dir r_dir_perms;
-### TBD, neverallowxperm on line 177 of system/sepolicy/public/domain.te
-#allow factory self:netlink_route_socket create_socket_perms;
-allow factory self:netlink_route_socket { bind create getattr write nlmsg_read read nlmsg_write };
-allow factory proc_net:file { read getattr open };
-allowxperm factory self:udp_socket ioctl priv_sock_ioctls;
-allowxperm factory self:udp_socket ioctl {SIOCGIFFLAGS SIOCGIWNWID};
-
-allow factory self:process execmem;
-allow factory self:tcp_socket create_stream_socket_perms;
-allow factory self:udp_socket create_socket_perms;
-
-allow factory sysfs_wake_lock:file rw_file_perms;
-allow factory system_data_file:dir w_dir_perms;
-allow factory system_data_file:sock_file create_file_perms;
-allow factory system_file:file x_file_perms;
--- a/prebuilts/api/26.0/plat_public/factory.te
+++ b/prebuilts/api/26.0/plat_public/factory.te
@ -1,7 +0,0 @@
-# ==============================================
-# Policy File of /system/bin/factory Executable File
-
-# ==============================================
-# Type Declaration
-# ==============================================
-type factory ,domain;