From eb025d3be39e01ca3b3ff79af96ed0429a7de241 Mon Sep 17 00:00:00 2001 From: mtk11285 Date: Sat, 18 Jan 2020 10:03:12 +0800 Subject: [PATCH] [ALPS03948310] vendor/system property split [Detail] 1. vendor/system property split 2. add selinux rule about aee hidl service MTK-Commit-Id: 4e654c789c95ca8851d8aaae2c643a08a00bb4e0 Change-Id: Ifc8eed74558a3ae83789798e99e21eafead2089b CR-Id: ALPS03948310 Feature: Android Exception Engine(AEE) (cherry picked from commit 8b81da18cfa29378d01ebf5be9b39e641a202c64) --- non_plat/aee_aed.te | 3 ++- non_plat/aee_aedv.te | 6 +++--- non_plat/aee_hidl.te | 17 +++++++++++++++++ non_plat/file_contexts | 1 + non_plat/property.te | 12 ++++++++---- non_plat/property_contexts | 9 ++++++--- 6 files changed, 37 insertions(+), 11 deletions(-) create mode 100644 non_plat/aee_hidl.te diff --git a/non_plat/aee_aed.te b/non_plat/aee_aed.te index 53ce16b..799ef41 100644 --- a/non_plat/aee_aed.te +++ b/non_plat/aee_aed.te @@ -38,7 +38,6 @@ allow aee_aed data_tmpfs_log_file:dir create_dir_perms; allow aee_aed data_tmpfs_log_file:file create_file_perms; # Purpose: aee_aed set property -typeattribute aee_aed system_writes_vendor_properties_violators; set_prop(aee_aed, persist_mtk_aee_prop); set_prop(aee_aed, persist_aee_prop); set_prop(aee_aed, debug_mtk_aee_prop); @@ -62,3 +61,5 @@ allow aee_aed proc_kpageflags:file r_file_perms; # temp solution get_prop(aee_aed, vendor_default_prop) + +hal_client_domain(aee_aed, mtk_hal_log) diff --git a/non_plat/aee_aedv.te b/non_plat/aee_aedv.te index 8feaed8..b01941c 100644 --- a/non_plat/aee_aedv.te +++ b/non_plat/aee_aedv.te @@ -64,9 +64,9 @@ allow aee_aedv kernel:process getsched; userdebug_or_eng(`allow aee_aedv self:capability sys_admin;') # Purpose: aee_aedv set property -set_prop(aee_aedv, persist_mtk_aee_prop); -set_prop(aee_aedv, persist_aee_prop); -set_prop(aee_aedv, debug_mtk_aee_prop); +set_prop(aee_aedv, persist_mtk_aeev_prop); +set_prop(aee_aedv, persist_aeev_prop); +set_prop(aee_aedv, debug_mtk_aeev_prop); # Purpose: mnt/user/* allow aee_aedv mnt_user_file:dir search; diff --git a/non_plat/aee_hidl.te b/non_plat/aee_hidl.te new file mode 100644 index 0000000..347cbdc --- /dev/null +++ b/non_plat/aee_hidl.te @@ -0,0 +1,17 @@ +# ============================================== +# Type Declaration +# ============================================== +type aee_hal,domain; +type aee_hal_exec, exec_type, file_type, vendor_file_type; +typeattribute aee_hal mlstrustedsubject; +# Purpose : for create hidl server +hal_server_domain(aee_hal, mtk_hal_log) +# ============================================== +# MTK Policy Rule +# ============================================== +init_daemon_domain(aee_hal) + +set_prop(aee_hal, persist_mtk_aeev_prop); +set_prop(aee_hal, persist_aeev_prop); +set_prop(aee_hal, debug_mtk_aeev_prop); + diff --git a/non_plat/file_contexts b/non_plat/file_contexts index 0dc6e59..c6b489e 100644 --- a/non_plat/file_contexts +++ b/non_plat/file_contexts @@ -620,6 +620,7 @@ /vendor/lib(64)?/libladder\.so u:object_r:same_process_hal_file:s0 /vendor/bin/hw/vendor\.mediatek\.hardware\.dumpstate@1\.0-service u:object_r:hal_dumpstate_impl_exec:s0 +/vendor/bin/hw/vendor\.mediatek\.hardware\.log@1\.0-service u:object_r:aee_hal_exec:s0 /vendor/bin/aeev u:object_r:aee_aedv_exec:s0 /vendor/bin/hw/android\.hardware\.drm@1\.1-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0 diff --git a/non_plat/property.te b/non_plat/property.te index 95067c5..31f3aa8 100644 --- a/non_plat/property.te +++ b/non_plat/property.te @@ -42,13 +42,17 @@ type persist_mdlog_prop, property_type, extended_core_property_type; type vendor_mdl_pulllog_prop, property_type, extended_core_property_type; #=============allow AEE============== -type persist_mtk_aee_prop, property_type, mtk_core_property_type; -type persist_aee_prop, property_type, mtk_core_property_type; -type debug_mtk_aee_prop, property_type, mtk_core_property_type; +type persist_mtk_aee_prop, property_type, extended_core_property_type; +type persist_aee_prop, property_type, extended_core_property_type; +type debug_mtk_aee_prop, property_type, extended_core_property_type; + +type persist_mtk_aeev_prop, property_type, mtk_core_property_type; +type persist_aeev_prop, property_type, mtk_core_property_type; +type debug_mtk_aeev_prop, property_type, mtk_core_property_type; type ro_mtk_aee_prop, property_type, mtk_core_property_type; #=============allow aee_dumpstate============== -type debug_bq_dump_prop, property_type, mtk_core_property_type; +type debug_bq_dump_prop, property_type, extended_core_property_type; #=============allow ccci_mdinit to stop rild============== type ctl_ril-daemon-mtk_prop, property_type; diff --git a/non_plat/property_contexts b/non_plat/property_contexts index 4f36552..4903392 100644 --- a/non_plat/property_contexts +++ b/non_plat/property_contexts @@ -24,13 +24,16 @@ vendor.pullmdlog u:object_r:vendor_mdl_pulllog_prop:s0 #=============allow AEE============== # persist.vendor.mtk.aee.mode && persist.vendor.mtk.aee.dal -persist.vendor.mtk.aee u:object_r:persist_mtk_aee_prop:s0 +persist.vendor.mtk.aee. u:object_r:persist_mtk_aee_prop:s0 +persist.vendor.mtk.aeev. u:object_r:persist_mtk_aeev_prop:s0 # persist.vendor.aee.core.dump && persist.vendor.aee.core.direct -persist.vendor.aee u:object_r:persist_aee_prop:s0 +persist.vendor.aee. u:object_r:persist_aee_prop:s0 +persist.vendor.aeev. u:object_r:persist_aeev_prop:s0 # vendor.debug.mtk.aee.db -vendor.debug.mtk.aee u:object_r:debug_mtk_aee_prop:s0 +vendor.debug.mtk.aee. u:object_r:debug_mtk_aee_prop:s0 +vendor.debug.mtk.aeev u:object_r:debug_mtk_aeev_prop:s0 ro.vendor.aee.build.info u:object_r:ro_mtk_aee_prop:s0 ro.vendor.aee.enforcing u:object_r:ro_mtk_aee_prop:s0