From b46f5159b85299ae38b35594e4fbb4283f0cce04 Mon Sep 17 00:00:00 2001 From: mtk12101 Date: Sat, 18 Jan 2020 09:33:28 +0800 Subject: [PATCH] [ALPS03825066] Fix build error [Detail] 1.Google neverallow to modify the /proc and /sys folder 2.vendor & system process can not access each file [Solution] 1.Change the type of sysfs_file to common file 2.Mark the rules which violate the neverallow rules MTK-Commit-Id: 326790e7af9c782f3dace5c667b4b07860370933 Change-Id: Ifa61d2561078d3b6cde612806607d35d6cfdc4d6 CR-Id: ALPS03825066 Feature: [Android Default] SELinux, SEAndroid, and SE-MTK --- non_plat/file.te | 2 +- non_plat/merged_hal_service.te | 2 +- non_plat/mtkfusionrild.te | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/non_plat/file.te b/non_plat/file.te index fafabb7..448f702 100644 --- a/non_plat/file.te +++ b/non_plat/file.te @@ -118,7 +118,7 @@ type c2k_file, file_type, data_file_type; #For sensor type sensor_data_file, file_type, data_file_type; type stp_dump_data_file, file_type,data_file_type; -type sysfs_keypad_file, file_type,sysfs_type; +type sysfs_keypad_file, fs_type; type rild_via_socket, file_type; type rpc_socket, file_type; type rild_ctclient_socket, file_type; diff --git a/non_plat/merged_hal_service.te b/non_plat/merged_hal_service.te index 130271f..30c1bac 100644 --- a/non_plat/merged_hal_service.te +++ b/non_plat/merged_hal_service.te @@ -59,7 +59,7 @@ allow merged_hal_service debugfs_ged:dir search; allow merged_hal_service debugfs_ged:file { getattr open read write }; allow merged_hal_service debugfs_fpsgo:dir search; allow merged_hal_service debugfs_fpsgo:file { getattr open write read }; -allow merged_hal_service system_data_file:dir { create write add_name }; +#allow merged_hal_service system_data_file:dir { create write add_name }; allow merged_hal_service proc_thermal:file { write open }; allow merged_hal_service proc_thermal:dir search; allow merged_hal_service sysfs:file {open write read}; diff --git a/non_plat/mtkfusionrild.te b/non_plat/mtkfusionrild.te index 229cc53..1a3c5e2 100644 --- a/non_plat/mtkfusionrild.te +++ b/non_plat/mtkfusionrild.te @@ -120,8 +120,8 @@ allow rild mtk_agpsd:unix_stream_socket connectto; #Date 2017/10/12 #Purpose: allow set MTU size allow rild toolbox_exec:file getattr; -allow rild toolbox_exec:file {execute read open}; -allow rild toolbox_exec:file {execute_no_trans}; +#allow rild toolbox_exec:file {execute read open}; +#allow rild toolbox_exec:file {execute_no_trans}; allow rild mtk_net_ipv6_prop:property_service set; #Dat: 2017/10/17