From cf0ffa17384e758f1ba71110c990822f4126919c Mon Sep 17 00:00:00 2001
From: Guoyi Qu <guoyi.qu@mediatek.com>
Date: Sat, 18 Jan 2020 10:20:40 +0800
Subject: [PATCH] [ALPS04760297] SEPolicy Optimize

 Revise high risk SEPolicies.

MTK-Commit-Id: 54290cb8aeb0fbb67310ed0cffe826684158effe

CR-Id: ALPS04760297
Feature: Connsys Log Tool
Change-Id: I369c7a917f8ee9cc95e0db14e552ce9195583a14
---
 non_plat/connsyslogger.te | 4 ++--
 non_plat/mdlogger.te      | 5 ++---
 plat_private/mdlogger.te  | 4 ++--
 3 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/non_plat/connsyslogger.te b/non_plat/connsyslogger.te
index 36b700d..614e7c4 100755
--- a/non_plat/connsyslogger.te
+++ b/non_plat/connsyslogger.te
@@ -21,8 +21,8 @@ allow connsyslogger consyslog_data_file:file { create_file_perms };
 allow connsyslogger system_data_file:dir { create_dir_perms relabelfrom};
 
 #consys logger socket access
-allow connsyslogger property_socket:sock_file write;
-allow connsyslogger init:unix_stream_socket connectto;
+#allow connsyslogger property_socket:sock_file write;
+#allow connsyslogger init:unix_stream_socket connectto;
 
 allow connsyslogger tmpfs:lnk_file { create_file_perms };
 
diff --git a/non_plat/mdlogger.te b/non_plat/mdlogger.te
index cfda1d6..3913874 100644
--- a/non_plat/mdlogger.te
+++ b/non_plat/mdlogger.te
@@ -1,7 +1,6 @@
 #allow mdlogger to set property
-allow mdlogger debug_mdlogger_prop:property_service set;
-allow mdlogger debug_prop:property_service set;
-
+set_prop(mdlogger, debug_mdlogger_prop)
+set_prop(mdlogger, debug_prop)
 # ccci device for internal modem
 allow mdlogger ccci_device:chr_file { rw_file_perms };
 
diff --git a/plat_private/mdlogger.te b/plat_private/mdlogger.te
index ad6990a..07de37d 100644
--- a/plat_private/mdlogger.te
+++ b/plat_private/mdlogger.te
@@ -13,8 +13,8 @@ binder_use(mdlogger)
 binder_service(mdlogger)
 
 # modem logger socket access
-allow mdlogger init:unix_stream_socket connectto;
-allow mdlogger property_socket:sock_file write;
+#allow mdlogger init:unix_stream_socket connectto;
+#allow mdlogger property_socket:sock_file write;
 allow mdlogger platform_app:unix_stream_socket connectto;
 allow mdlogger shell_exec:file { rx_file_perms };
 allow mdlogger system_file:file x_file_perms;