NekoSakura/android_device_mediatek_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[ALPS03957630] Selinux: rules for meta_clr_emmc and mke2fs

Browse Source 
[Detail]
Because Android P impose so many restrictions, it is difficult for
meta mode or factory mode to format partitions. A new design is
adopted as follows:
1. Meta mode or factory mode write all 0 to first 4KB of target
   partition.
2. When entering kernel booting, the partition mount process in the
   original init flow find that XXX partition is wiped and automatically
   format XXX partition.
In step-1 described above, selinux rules shall be added for meta_tst or
  factory.
In step-2 described above, selinux rules shall be added for mke2fs.

MTK-Commit-Id: 7e9bbd418ca6353ba89ecffdc016c78504583bf3

Change-Id: I3dd869c57107b0ebebf3134f69c50744df8f8ff9
CR-Id: ALPS03957630
Feature: SP META Tool
This commit is contained in:
Light Hsieh 2020-01-18 10:00:04 +08:00
parent 1abdec9b46
commit f798441035
4 changed files with 29 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
non_plat/e2fs.te
View File

@ -12,3 +12,9 @@ allow e2fs nvdata_device:blk_file rw_file_perms;
allow e2fs nvcfg_block_device:blk_file rw_file_perms; allow e2fs nvcfg_block_device:blk_file rw_file_perms;
allow e2fs devpts:chr_file {read write}; allow e2fs devpts:chr_file {read write};
# Date : WK18.23
# Operation: P migration
# Purpose : Allow mke2fs to format userdata and cache partition
allow e2fs cache_block_device:blk_file rw_file_perms;
allow e2fs userdata_block_device:blk_file rw_file_perms;

11
non_plat/factory.te
View File

@ -353,3 +353,14 @@ allow factory sysfs:file { read open };
# For touch auto test # For touch auto test
allow factory sysfs_tpd_setting:dir search; allow factory sysfs_tpd_setting:dir search;
allow factory sysfs_tpd_setting:file { read getattr open }; allow factory sysfs_tpd_setting:file { read getattr open };
# Date : WK18.23
# Operation: P migration
# Purpose : Allow factory to unmount partition, stop service, and then erase partition
allow factory vendor_shell_exec:file { read execute open execute_no_trans };
allow factory vendor_toolbox_exec:file { execute_no_trans };
allow factory labeledfs:filesystem { unmount };
allow factory proc_cmdline:file { read open getattr };
allow factory factory:capability { sys_boot sys_admin};
allow factory sysfs_dt_firmware_android:file { read open getattr };
allow factory sysfs_dt_firmware_android:dir { read open search };

11
non_plat/meta_tst.te
View File

@ -382,3 +382,14 @@ allow meta_tst block_device:dir search;
# Purpose : Allow meta_tst to access tpd sysfs nodes for CTP test # Purpose : Allow meta_tst to access tpd sysfs nodes for CTP test
allow meta_tst sysfs_tpd_setting:dir search; allow meta_tst sysfs_tpd_setting:dir search;
allow meta_tst sysfs_tpd_setting:file { read getattr open }; allow meta_tst sysfs_tpd_setting:file { read getattr open };
# Date : WK18.24
# Operation: P migration
# Purpose : Allow meta_tst to unmount partition, stop service, and then erase partition
allow meta_tst vendor_shell_exec:file { read execute open execute_no_trans };
allow meta_tst vendor_toolbox_exec:file { execute_no_trans };
allow meta_tst labeledfs:filesystem { unmount };
allow meta_tst proc_cmdline:file { read open getattr };
allow meta_tst meta_tst:capability { sys_admin };
allow meta_tst sysfs_dt_firmware_android:file { read open getattr };
allow meta_tst sysfs_dt_firmware_android:dir { read open search };

3
plat_private/emdlogger.te
View File

@ -77,6 +77,3 @@ allow emdlogger sysfs_dt_firmware_android:dir search;
allow emdlogger sysfs_dt_firmware_android:file { read open getattr }; allow emdlogger sysfs_dt_firmware_android:file { read open getattr };
allow emdlogger system_file:dir open; allow emdlogger system_file:dir open;
allow emdlogger vendor_default_prop:file { read getattr open }; allow emdlogger vendor_default_prop:file { read getattr open };
allow emdlogger mota_sysfile:dir search;