From f98f18c9c88b99a6ec9563fd67edc51803903a11 Mon Sep 17 00:00:00 2001 From: Stanley Chu Date: Sat, 18 Jan 2020 09:58:17 +0800 Subject: [PATCH] [ALPS03866203] pidmap: Add SELinux policy for Android P [Detail] Add SELinux policy for Android P: Allow aee_aedv and dumpstate to read pidmap proc file. MTK-Commit-Id: 16f120df6c33e20cdb0ce7f8c2040356ffecf02a Change-Id: If1aa665003f70a2621687fcf291433d80f0d54d3 CR-Id: ALPS03866203 Feature: Android Exception Engine(AEE) --- non_plat/aee_aedv.te | 3 +++ non_plat/dumpstate.te | 3 +++ non_plat/file.te | 1 + non_plat/genfs_contexts | 1 + 4 files changed, 8 insertions(+) diff --git a/non_plat/aee_aedv.te b/non_plat/aee_aedv.te index bbd8af1..a167673 100644 --- a/non_plat/aee_aedv.te +++ b/non_plat/aee_aedv.te @@ -410,6 +410,9 @@ allow aee_aedv debugfs_rcu:file r_file_perms; # Purpose: Allow aee_aedv to read /proc/msdc_debug allow aee_aedv proc_msdc_debug:file r_file_perms; +# Purpose: Allow aee_aedv to read /proc/pidmap +allow aee_aedv proc_pidmap:file r_file_perms; + # Purpose: Allow aee_aedv to read /sys/power/vcorefs/vcore_debug allow aee_aedv sysfs_vcore_debug:file r_file_perms; diff --git a/non_plat/dumpstate.te b/non_plat/dumpstate.te index b28de63..d6a4d67 100644 --- a/non_plat/dumpstate.te +++ b/non_plat/dumpstate.te @@ -114,6 +114,9 @@ allow dumpstate debugfs_rcu:file r_file_perms; # Purpose: Allow dumpstate to read /proc/msdc_debug allow dumpstate proc_msdc_debug:file r_file_perms; +# Purpose: Allow dumpstate to read /proc/pidmap +allow dumpstate proc_pidmap:file r_file_perms; + # Purpose: Allow dumpstate to read /sys/power/vcorefs/vcore_debug allow dumpstate sysfs_vcore_debug:file r_file_perms; diff --git a/non_plat/file.te b/non_plat/file.te index 5d53c27..0326850 100644 --- a/non_plat/file.te +++ b/non_plat/file.te @@ -66,6 +66,7 @@ type proc_last_kmsg, fs_type, proc_type; type proc_bootprof, fs_type, proc_type; type proc_pl_lk, fs_type, proc_type; type proc_msdc_debug, fs_type, proc_type; +type proc_pidmap, fs_type, proc_type; type proc_kpageflags, fs_type, proc_type; type proc_slabtrace, fs_type, proc_type; type proc_cmqd_debug, fs_type, proc_type; diff --git a/non_plat/genfs_contexts b/non_plat/genfs_contexts index 0995c32..30dfc15 100644 --- a/non_plat/genfs_contexts +++ b/non_plat/genfs_contexts @@ -31,6 +31,7 @@ genfscon proc /last_kmsg u:object_r:proc_last_kmsg:s0 genfscon proc /bootprof u:object_r:proc_bootprof:s0 genfscon proc /pl_lk u:object_r:proc_pl_lk:s0 genfscon proc /msdc_debug u:object_r:proc_msdc_debug:s0 +genfscon proc /pidmap u:object_r:proc_pidmap:s0 genfscon proc /kpageflags u:object_r:proc_kpageflags:s0 genfscon proc /mtk_memcfg/slabtrace u:object_r:proc_slabtrace:s0 genfscon proc /mtk_cmdq_debug/status u:object_r:proc_cmqd_debug:s0