[ALPS03932298] Factory Mode: move to vendor partition
[Solution] Factory mode should build in vendor partiton, so move factory from system partition to vendor partition MTK-Commit-Id: c55354593a97aed3af9d0b2584037d03d3d2669c Change-Id: I5a607b60f9ac974380c5e440a6fa0c51797d6b1b CR-Id: ALPS03932298 Feature: Factory Mode
This commit is contained in:
parent
2e09db7248
commit
c93290f067
@ -8,7 +8,10 @@
|
||||
# ==============================================
|
||||
# MTK Policy Rule
|
||||
# ==============================================
|
||||
file_type_auto_trans(factory, system_data_file, factory_data_file)
|
||||
#file_type_auto_trans(factory, system_data_file, factory_data_file)
|
||||
type factory, domain;
|
||||
type factory_exec, exec_type, file_type, vendor_file_type;
|
||||
init_daemon_domain(factory)
|
||||
|
||||
#============= factory ==============
|
||||
allow factory MTK_SMI_device:chr_file r_file_perms;
|
||||
@ -65,8 +68,8 @@ allow factory proc_mrdump_rst:file w_file_perms;
|
||||
#allow factory self:capability2 block_suspend;
|
||||
wakelock_use(factory);
|
||||
allow factory storage_file:dir { write create add_name search mounton };
|
||||
allow factory factory_data_file:file create_file_perms;
|
||||
allow factory shell_exec:file r_file_perms;
|
||||
#allow factory factory_data_file:file create_file_perms;
|
||||
#allow factory shell_exec:file r_file_perms;
|
||||
|
||||
# Date: WK15.44
|
||||
# Purpose: factory idle current status
|
||||
@ -75,16 +78,16 @@ allow factory vendor_factory_idle_state_prop:property_service set;
|
||||
|
||||
# Date: WK15.46
|
||||
# Purpose: gps factory mode
|
||||
###allow factory agpsd_data_file:dir search;
|
||||
allow factory apk_data_file:dir write;
|
||||
allow factory agpsd_data_file:dir search;
|
||||
#allow factory apk_data_file:dir write;
|
||||
#allow factory gps_data_file:dir r_dir_perms;
|
||||
#allow factory gps_data_file:dir { write open };
|
||||
#allow factory gps_data_file:file { read write };
|
||||
###allow factory gps_data_file:dir { write add_name search remove_name unlink};
|
||||
###allow factory gps_data_file:file { read write open create getattr append setattr unlink lock};
|
||||
###allow factory gps_data_file:lnk_file read;
|
||||
allow factory gps_data_file:dir { write add_name search remove_name unlink};
|
||||
allow factory gps_data_file:file { read write open create getattr append setattr unlink lock};
|
||||
allow factory gps_data_file:lnk_file read;
|
||||
# allow factory gps_emi_device:chr_file { read write };
|
||||
allow factory shell_exec:file x_file_perms;
|
||||
#allow factory shell_exec:file x_file_perms;
|
||||
allow factory storage_file:lnk_file r_file_perms;
|
||||
|
||||
#Date: WK15.48
|
||||
@ -99,15 +102,15 @@ allow factory storage_file:lnk_file read;
|
||||
#Date: WK16.05
|
||||
#Purpose: For access NVRAM
|
||||
allow factory factory:capability chown;
|
||||
###allow factory nvram_data_file:dir create_dir_perms;
|
||||
###allow factory nvram_data_file:file create_file_perms;
|
||||
###allow factory nvram_data_file:lnk_file r_file_perms;
|
||||
###allow factory nvdata_file:lnk_file r_file_perms;
|
||||
allow factory nvram_data_file:dir create_dir_perms;
|
||||
allow factory nvram_data_file:file create_file_perms;
|
||||
allow factory nvram_data_file:lnk_file r_file_perms;
|
||||
allow factory nvdata_file:lnk_file r_file_perms;
|
||||
allow factory nvram_device:chr_file rw_file_perms;
|
||||
allow factory nvram_device:blk_file rw_file_perms;
|
||||
allow factory nvdata_device:blk_file rw_file_perms;
|
||||
# Purpose : Allow factory read /data/nvram link
|
||||
allow factory system_data_file:lnk_file read;
|
||||
#allow factory system_data_file:lnk_file read;
|
||||
|
||||
#Date: WK16.12
|
||||
#Purpose: For sensor test
|
||||
@ -134,8 +137,8 @@ allow factory mmcblk1p1_block_device:blk_file rw_file_perms;
|
||||
allow factory block_device:dir w_dir_perms;
|
||||
|
||||
#Purpose: For EMMC test
|
||||
###allow factory nvdata_file:dir create_dir_perms;
|
||||
###allow factory nvdata_file:file create_file_perms;
|
||||
allow factory nvdata_file:dir create_dir_perms;
|
||||
allow factory nvdata_file:file create_file_perms;
|
||||
|
||||
#Purpose: For HRM test
|
||||
allow factory hrm_device:chr_file r_file_perms;
|
||||
@ -190,8 +193,8 @@ allow factory LC898212AF_device:chr_file rw_file_perms;
|
||||
allow factory BU6429AF_device:chr_file rw_file_perms;
|
||||
allow factory DW9718AF_device:chr_file rw_file_perms;
|
||||
allow factory BU64745GWZAF_device:chr_file rw_file_perms;
|
||||
###allow factory cct_data_file:dir create_dir_perms;
|
||||
###allow factory cct_data_file:file create_file_perms;
|
||||
allow factory cct_data_file:dir create_dir_perms;
|
||||
allow factory cct_data_file:file create_file_perms;
|
||||
allow factory camera_tsf_device:chr_file rw_file_perms;
|
||||
allow factory camera_rsc_device:chr_file rw_file_perms;
|
||||
allow factory camera_gepf_device:chr_file rw_file_perms;
|
||||
@ -233,7 +236,7 @@ allow factory sysfs_boot_type:file { read open };
|
||||
|
||||
# Date: WK16.30
|
||||
#Purpose: For gps test
|
||||
allow factory media_rw_data_file:dir search;
|
||||
#allow factory media_rw_data_file:dir search;
|
||||
#allow factory gps_data_file:dir add_name;
|
||||
#TODO:: MTK need to remove later
|
||||
not_full_treble(`
|
||||
@ -243,13 +246,13 @@ not_full_treble(`
|
||||
# Date: WK16.31
|
||||
#Purpose: For gps test
|
||||
allow factory mnld_prop:property_service set;
|
||||
allow factory media_rw_data_file:dir { read open };
|
||||
#allow factory media_rw_data_file:dir { read open };
|
||||
#allow factory gps_data_file:file create_file_perms;
|
||||
|
||||
# Date: WK16.33
|
||||
#Purpose: for unmount sdcardfs and stop services which are using data partition
|
||||
allow factory sdcard_type:filesystem unmount;
|
||||
allow factory toolbox_exec:file { read open getattr execute execute_no_trans };
|
||||
#allow factory toolbox_exec:file { read open getattr execute execute_no_trans };
|
||||
allow factory ctl_default_prop:property_service set;
|
||||
|
||||
# Date : WK16.35
|
||||
@ -274,7 +277,7 @@ allow factory debugfs_ion:dir search;
|
||||
# Date: WK17.27
|
||||
# Purpose: STMicro NFC solution integration
|
||||
allow factory st21nfc_device:chr_file { open read getattr write ioctl };
|
||||
allow factory nfc_socket:dir search;
|
||||
#allow factory nfc_socket:dir search;
|
||||
#allow factory vendor_file:file { getattr execute execute_no_trans read open };
|
||||
set_prop(factory,hwservicemanager_prop);
|
||||
hwbinder_use(factory);
|
||||
@ -303,3 +306,29 @@ allow factory sysfs_therm:file {open read write};
|
||||
#"sysfs" ino=11073 scontext=u:r:factory:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0
|
||||
allow factory sysfs_comport_type:file rw_file_perms;
|
||||
allow factory sysfs_uart_info:file rw_file_perms;
|
||||
|
||||
|
||||
# from private
|
||||
allow factory property_socket:sock_file write;
|
||||
allow factory init:unix_stream_socket connectto;
|
||||
allow factory kernel:system module_request;
|
||||
allow factory node:tcp_socket node_bind;
|
||||
allow factory userdata_block_device:blk_file rw_file_perms;
|
||||
allow factory port:tcp_socket { name_bind name_connect };
|
||||
#allow factory self:capability { sys_module ipc_lock sys_nice dac_override net_raw fsetid net_admin sys_time sys_boot sys_admin };
|
||||
allow factory sdcard_type:dir r_dir_perms;
|
||||
### TBD, neverallowxperm on line 177 of system/sepolicy/public/domain.te
|
||||
#allow factory self:netlink_route_socket create_socket_perms;
|
||||
allow factory self:netlink_route_socket { bind create getattr write nlmsg_read read nlmsg_write };
|
||||
allow factory proc_net:file { read getattr open };
|
||||
allowxperm factory self:udp_socket ioctl priv_sock_ioctls;
|
||||
allowxperm factory self:udp_socket ioctl {SIOCGIFFLAGS SIOCGIWNWID};
|
||||
|
||||
allow factory self:process execmem;
|
||||
allow factory self:tcp_socket create_stream_socket_perms;
|
||||
allow factory self:udp_socket create_socket_perms;
|
||||
|
||||
allow factory sysfs_wake_lock:file rw_file_perms;
|
||||
##allow factory system_data_file:dir w_dir_perms;
|
||||
##allow factory system_data_file:sock_file create_file_perms;
|
||||
allow factory system_file:file x_file_perms;
|
||||
|
@ -548,6 +548,7 @@
|
||||
/(system\/vendor|vendor)/bin/wmt_loader u:object_r:wmt_loader_exec:s0
|
||||
/(system\/vendor|vendor)/bin/spm_loader u:object_r:spm_loader_exec:s0
|
||||
/(system\/vendor|vendor)/bin/ccci_mdinit u:object_r:ccci_mdinit_exec:s0
|
||||
/(system\/vendor|vendor)/bin/factory u:object_r:factory_exec:s0
|
||||
|
||||
/(system\/vendor|vendor)/bin/mnld u:object_r:mnld_exec:s0
|
||||
/(system\/vendor|vendor)/bin/connsyslogger u:object_r:connsyslogger_exec:s0
|
||||
|
@ -1,37 +0,0 @@
|
||||
# ==============================================
|
||||
# Policy File of /system/bin/factory Executable File
|
||||
|
||||
# ==============================================
|
||||
# Type Declaration
|
||||
# ==============================================
|
||||
type factory_exec , exec_type, file_type;
|
||||
typeattribute factory coredomain;
|
||||
|
||||
# ==============================================
|
||||
# MTK Policy Rule
|
||||
# ==============================================
|
||||
init_daemon_domain(factory)
|
||||
|
||||
allow factory property_socket:sock_file write;
|
||||
allow factory init:unix_stream_socket connectto;
|
||||
allow factory kernel:system module_request;
|
||||
allow factory node:tcp_socket node_bind;
|
||||
allow factory userdata_block_device:blk_file rw_file_perms;
|
||||
allow factory port:tcp_socket { name_bind name_connect };
|
||||
#allow factory self:capability { sys_module ipc_lock sys_nice dac_override net_raw fsetid net_admin sys_time sys_boot sys_admin };
|
||||
allow factory sdcard_type:dir r_dir_perms;
|
||||
### TBD, neverallowxperm on line 177 of system/sepolicy/public/domain.te
|
||||
#allow factory self:netlink_route_socket create_socket_perms;
|
||||
allow factory self:netlink_route_socket { bind create getattr write nlmsg_read read nlmsg_write };
|
||||
allow factory proc_net:file { read getattr open };
|
||||
allowxperm factory self:udp_socket ioctl priv_sock_ioctls;
|
||||
allowxperm factory self:udp_socket ioctl {SIOCGIFFLAGS SIOCGIWNWID};
|
||||
|
||||
allow factory self:process execmem;
|
||||
allow factory self:tcp_socket create_stream_socket_perms;
|
||||
allow factory self:udp_socket create_socket_perms;
|
||||
|
||||
allow factory sysfs_wake_lock:file rw_file_perms;
|
||||
allow factory system_data_file:dir w_dir_perms;
|
||||
allow factory system_data_file:sock_file create_file_perms;
|
||||
allow factory system_file:file x_file_perms;
|
@ -23,7 +23,6 @@
|
||||
/system/bin/aee_dumpstate u:object_r:dumpstate_exec:s0
|
||||
/system/bin/audiocmdservice_atci u:object_r:audiocmdservice_atci_exec:s0
|
||||
/(system\/vendor|vendor)/bin/kisd u:object_r:kisd_exec:s0
|
||||
/system/bin/factory u:object_r:factory_exec:s0
|
||||
|
||||
# google suggest that move aee_aedv_exec to platform @google_issue_id:64130120
|
||||
/(system\/vendor|vendor)/bin/aee_aedv u:object_r:aee_aedv_exec:s0
|
||||
|
@ -1,7 +0,0 @@
|
||||
# ==============================================
|
||||
# Policy File of /system/bin/factory Executable File
|
||||
|
||||
# ==============================================
|
||||
# Type Declaration
|
||||
# ==============================================
|
||||
type factory ,domain;
|
@ -1,38 +0,0 @@
|
||||
# ==============================================
|
||||
# Policy File of /system/bin/factory Executable File
|
||||
|
||||
# ==============================================
|
||||
# Type Declaration
|
||||
# ==============================================
|
||||
type factory_exec , exec_type, file_type;
|
||||
typeattribute factory coredomain;
|
||||
|
||||
# ==============================================
|
||||
# MTK Policy Rule
|
||||
# ==============================================
|
||||
init_daemon_domain(factory)
|
||||
|
||||
|
||||
allow factory property_socket:sock_file write;
|
||||
allow factory init:unix_stream_socket connectto;
|
||||
allow factory kernel:system module_request;
|
||||
allow factory node:tcp_socket node_bind;
|
||||
allow factory userdata_block_device:blk_file rw_file_perms;
|
||||
#allow factory port:tcp_socket { name_bind name_connect };
|
||||
allow factory self:capability { sys_module ipc_lock sys_nice dac_override net_raw fsetid net_admin sys_time sys_boot sys_admin };
|
||||
allow factory sdcard_type:dir r_dir_perms;
|
||||
### TBD, neverallowxperm on line 177 of system/sepolicy/public/domain.te
|
||||
#allow factory self:netlink_route_socket create_socket_perms;
|
||||
allow factory self:netlink_route_socket { bind create getattr write nlmsg_read read nlmsg_write };
|
||||
allow factory proc_net:file { read getattr open };
|
||||
allowxperm factory self:udp_socket ioctl priv_sock_ioctls;
|
||||
allowxperm factory self:udp_socket ioctl {SIOCGIFFLAGS SIOCGIWNWID};
|
||||
|
||||
allow factory self:process execmem;
|
||||
allow factory self:tcp_socket create_stream_socket_perms;
|
||||
allow factory self:udp_socket create_socket_perms;
|
||||
|
||||
allow factory sysfs_wake_lock:file rw_file_perms;
|
||||
allow factory system_data_file:dir w_dir_perms;
|
||||
allow factory system_data_file:sock_file create_file_perms;
|
||||
allow factory system_file:file x_file_perms;
|
@ -1,7 +0,0 @@
|
||||
# ==============================================
|
||||
# Policy File of /system/bin/factory Executable File
|
||||
|
||||
# ==============================================
|
||||
# Type Declaration
|
||||
# ==============================================
|
||||
type factory ,domain;
|
Loading…
x
Reference in New Issue
Block a user