[ALPS03948310] vendor/system property split

[Detail] 1. vendor/system property split 2. add selinux rule about aee hidl service MTK-Commit-Id: 4e654c789c95ca8851d8aaae2c643a08a00bb4e0 Change-Id: Ifc8eed74558a3ae83789798e99e21eafead2089b CR-Id: ALPS03948310 Feature: Android Exception Engine(AEE) (cherry picked from commit 8b81da18cfa29378d01ebf5be9b39e641a202c64)
2020-01-18 10:03:12 +08:00 · 2020-01-18 10:03:12 +08:00 · eb025d3be3
commit eb025d3be3
parent 6f6b3997d7
6 changed files with 37 additions and 11 deletions
--- a/non_plat/aee_aed.te
+++ b/non_plat/aee_aed.te
@ -38,7 +38,6 @@ allow aee_aed data_tmpfs_log_file:dir create_dir_perms;
 allow aee_aed data_tmpfs_log_file:file create_file_perms;

 # Purpose: aee_aed set property
-typeattribute aee_aed system_writes_vendor_properties_violators;
 set_prop(aee_aed, persist_mtk_aee_prop);
 set_prop(aee_aed, persist_aee_prop);
 set_prop(aee_aed, debug_mtk_aee_prop);
@ -62,3 +61,5 @@ allow aee_aed proc_kpageflags:file r_file_perms;

 # temp solution
 get_prop(aee_aed, vendor_default_prop)
+
+hal_client_domain(aee_aed, mtk_hal_log)
--- a/non_plat/aee_aedv.te
+++ b/non_plat/aee_aedv.te
@ -64,9 +64,9 @@ allow aee_aedv kernel:process getsched;
 userdebug_or_eng(`allow aee_aedv self:capability sys_admin;')

 # Purpose: aee_aedv set property
-set_prop(aee_aedv, persist_mtk_aee_prop);
-set_prop(aee_aedv, persist_aee_prop);
-set_prop(aee_aedv, debug_mtk_aee_prop);
+set_prop(aee_aedv, persist_mtk_aeev_prop);
+set_prop(aee_aedv, persist_aeev_prop);
+set_prop(aee_aedv, debug_mtk_aeev_prop);

 # Purpose: mnt/user/*
 allow aee_aedv mnt_user_file:dir search;
--- a/non_plat/aee_hidl.te
+++ b/non_plat/aee_hidl.te
@ -0,0 +1,17 @@
+# ==============================================
+# Type Declaration
+# ==============================================
+type aee_hal,domain;
+type aee_hal_exec, exec_type, file_type, vendor_file_type;
+typeattribute aee_hal mlstrustedsubject;
+# Purpose : for create hidl server
+hal_server_domain(aee_hal, mtk_hal_log)
+# ==============================================
+# MTK Policy Rule
+# ==============================================
+init_daemon_domain(aee_hal)
+
+set_prop(aee_hal, persist_mtk_aeev_prop);
+set_prop(aee_hal, persist_aeev_prop);
+set_prop(aee_hal, debug_mtk_aeev_prop);
+
--- a/non_plat/file_contexts
+++ b/non_plat/file_contexts
@ -620,6 +620,7 @@
 /vendor/lib(64)?/libladder\.so   u:object_r:same_process_hal_file:s0

 /vendor/bin/hw/vendor\.mediatek\.hardware\.dumpstate@1\.0-service      u:object_r:hal_dumpstate_impl_exec:s0
+/vendor/bin/hw/vendor\.mediatek\.hardware\.log@1\.0-service u:object_r:aee_hal_exec:s0
 /vendor/bin/aeev  u:object_r:aee_aedv_exec:s0

 /vendor/bin/hw/android\.hardware\.drm@1\.1-service\.clearkey          u:object_r:hal_drm_clearkey_exec:s0
--- a/non_plat/property.te
+++ b/non_plat/property.te
@ -42,13 +42,17 @@ type persist_mdlog_prop, property_type, extended_core_property_type;
 type vendor_mdl_pulllog_prop, property_type, extended_core_property_type;

 #=============allow AEE==============
-type persist_mtk_aee_prop, property_type, mtk_core_property_type;
-type persist_aee_prop, property_type, mtk_core_property_type;
-type debug_mtk_aee_prop, property_type, mtk_core_property_type;
+type persist_mtk_aee_prop, property_type, extended_core_property_type;
+type persist_aee_prop, property_type, extended_core_property_type;
+type debug_mtk_aee_prop, property_type, extended_core_property_type;
+
+type persist_mtk_aeev_prop, property_type, mtk_core_property_type;
+type persist_aeev_prop, property_type, mtk_core_property_type;
+type debug_mtk_aeev_prop, property_type, mtk_core_property_type;
 type ro_mtk_aee_prop, property_type, mtk_core_property_type;

 #=============allow aee_dumpstate==============
-type debug_bq_dump_prop, property_type, mtk_core_property_type;
+type debug_bq_dump_prop, property_type, extended_core_property_type;

 #=============allow ccci_mdinit to stop rild==============
 type ctl_ril-daemon-mtk_prop, property_type;
--- a/non_plat/property_contexts
+++ b/non_plat/property_contexts
@ -24,13 +24,16 @@ vendor.pullmdlog u:object_r:vendor_mdl_pulllog_prop:s0

 #=============allow AEE==============
 # persist.vendor.mtk.aee.mode && persist.vendor.mtk.aee.dal
-persist.vendor.mtk.aee u:object_r:persist_mtk_aee_prop:s0
+persist.vendor.mtk.aee. u:object_r:persist_mtk_aee_prop:s0
+persist.vendor.mtk.aeev. u:object_r:persist_mtk_aeev_prop:s0

 # persist.vendor.aee.core.dump && persist.vendor.aee.core.direct
-persist.vendor.aee u:object_r:persist_aee_prop:s0
+persist.vendor.aee. u:object_r:persist_aee_prop:s0
+persist.vendor.aeev. u:object_r:persist_aeev_prop:s0

 # vendor.debug.mtk.aee.db
-vendor.debug.mtk.aee u:object_r:debug_mtk_aee_prop:s0
+vendor.debug.mtk.aee. u:object_r:debug_mtk_aee_prop:s0
+vendor.debug.mtk.aeev u:object_r:debug_mtk_aeev_prop:s0

 ro.vendor.aee.build.info u:object_r:ro_mtk_aee_prop:s0
 ro.vendor.aee.enforcing u:object_r:ro_mtk_aee_prop:s0