NekoSakura/android_device_mediatek_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,160 Commits 2 Branches 0 Tags
Commit Graph

34 Commits

Author SHA1 Message Date
Aayush Gupta
91547390a8 non_plat: Label /dev/teei_config and allow tee rw permissions to it 
Denials observed without this change:
    7.811050] .(2)[398:logd.auditd]type=1400 audit(1609581532.144:5): avc: denied { read write } for comm="teei_daemon" name="teei_config" dev="tmpfs" ino=3600 scontext=u:r:tee:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1
[    7.813712] .(2)[398:logd.auditd]type=1400 audit(1609581532.144:6): avc: denied { open } for comm="teei_daemon" path="/dev/teei_config" dev="tmpfs" ino=3600 scontext=u:r:tee:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1
[    7.816434] .(2)[398:logd.auditd]type=1400 audit(1609581532.144:6): avc: denied { open } for comm="teei_daemon" path="/dev/teei_config" dev="tmpfs" ino=3600 scontext=u:r:tee:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1
[    7.819089] .(2)[398:logd.auditd]type=1400 audit(1609581532.144:7): avc: denied { ioctl } for comm="teei_daemon" path="/dev/teei_config" dev="tmpfs" ino=3600 ioctlcmd=0x5403 scontext=u:r:tee:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1

Test: Boot and notice that denials no longer appears

Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
Change-Id: Ia779816cbf9312b50a5f5101f7935f1a83b210f2
 2021-01-03 10:56:00 +05:30
Aayush Gupta
a20c39e9f3 non_plat: Label and grant required permissions to VPU devices 
- SELinux rules have been decompiled from stock ROM's sepolicy

Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
Change-Id: Ia5b712f2c2f77aa363499788d1201b29f232311e
 2021-01-03 10:56:00 +05:30
Aayush Gupta
22380a4614 non_plat: Label /dev/tee* and grant required perms to domains 
/dev/tee* are accessed by domains that interact with TEE and thus
require access to them too.

Test: Boot and observe that denials are not visible in logs anymore

Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
Change-Id: I7b0944a1063da8561d2928e4110674ce4845ecea
 2020-12-30 17:00:34 +05:30
Aayush Gupta
174dc137d1 non_plat: Label /dev/tz_vfs and grant required perms to tee 
Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
Change-Id: I6bb5d9e3f8f3047bfe8285f25b53adadb8b1c1ac
 2020-12-30 16:18:38 +05:30
Aayush Gupta
acd62758d9 non_plat: Label /dev/*rpmb* and grant tee permissions to manage it 
/dev/*rpmb* devices are accessed by tee. Label it and allow tee required
permissions to manage it.

Denial observed without this change:
[   46.559953] .(2)[399:logd.auditd]type=1400 audit(1609128921.644:391): avc: denied { ioctl } for comm="teei_daemon" path="/dev/rpmb0" dev="tmpfs" ino=17454 ioctlcmd=0x6 scontext=u:r:init:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1

Test: Boot and observe that denial no longer appears

Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
Change-Id: I3499e2a3ba177b8e69d8cdbb76939daf3f8bbc7b
 2020-12-30 16:18:06 +05:30
Aayush Gupta
5c601a9ada non_plat: Label /dev/ut_keymaster and allow relevant permissions to sources 
/dev/ut_keymaster is used by keymaster. Label it and allow relevant permissions
which domains using it (vold, tee and keymaster) requires.

Denial observed without this change:
[   46.666247] .(2)[399:logd.auditd]type=1400 audit(1609128921.744:392): avc: denied { ioctl } for comm="keymaster@3.0-s" path="/dev/ut_keymaster" dev="tmpfs" ino=17464 ioctlcmd=0x5402 scontext=u:r:hal_keymaster_default:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1

Test: Boot and notice that denial no longer appears

Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
Change-Id: Iee0126d637a139397db8857d8a780277c3ea4576
 2020-12-30 16:14:46 +05:30
Aayush Gupta
a15f249346 non_plat: Label /dev/teei_fp and allow required perms to hal_fingerprint_default 
/dev/teei_fp is used by fingerprint to communicate with Microtrust TEE drivers to
store fingerprint data on the device. Label it and allow relevant source required
permissions.

Denial observed without this change:
[   17.672144] .(4)[397:logd.auditd]type=1400 audit(1608975801.860:326): avc: denied { ioctl } for comm="fingerprint@2.1" path="/dev/teei_fp" dev="tmpfs" ino=15742 ioctlcmd=0x5402 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1

Test: Boot and notice denials have disappeared

Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
Change-Id: I8a7445400be241e81f8bf21347967b85381ed3ec
 2020-12-30 16:14:31 +05:30
Cheng-H Chen
3ae2121560 Merge "[ALPS04709027] ST SE HAL for ST54H (SPI) support" into alps-trunk-q0.basic 
Change-Id: Ied52d15185f1d63bfc940b1f9464e1b5322a2b3c
MTK-Commit-Id: 3a71afeb9fac13a84110a03ecb2ece426ce6d237
 2020-01-18 10:18:06 +08:00
Megad Lu
3be9ba0bce [ALPS04709027] ST SE HAL for ST54H (SPI) support 
[Detail]
New ST NFC stack for Android compatible with native SecureElement service.
Added also SE HAL for ST54H (SPI) support.
SE HAL files are for internal reference only.

MTK-Commit-Id: 1ad8ab131a2acbdf66133db290e4206627a5f50b

Change-Id: Ief43e503b7147ab96185100ae3c02ecb2ce82640
CR-Id: ALPS04709027
Feature: NFC Chipset Capability
 2020-01-18 10:18:02 +08:00
Jia-Hua Yang
c0ac513d46 [ALPS04668607] NLO: Add define for nlop device 
Add define for nlop device.

MTK-Commit-Id: 1312261b0c1b3c20ea8f2d6259e4b46257dc947f

Change-Id: Iee00cf9779af3455ff0235fe5482d41b0d7cb8da
CR-Id: ALPS04668607
Feature: Network Latency Optimization
 2020-01-18 10:17:49 +08:00
Yifei Qiao
9708912e27 [ALPS04700799] Align keymanager sepolicy with p0.mp6 
Align keymanager sepolicy with p0.mp6

MTK-Commit-Id: 24a187bc32e2be7663abb880c07659834d71f4b0

Change-Id: Ia98525be2155dcf3261633d1e6c25a775426068d
CR-Id: ALPS04700799
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 10:17:31 +08:00
Hua Fu
899c01d964 [ALPS04088869] GPS: Add selinux allow for mnld to access gpsdl devices 
Allow mnld to access MT6885 new GPS device drivers, which are:
/dev/gpsdl0 and /dev/gpsdl1.

MTK-Commit-Id: 11b8302cd93d085be0e56f7e7645a1e6fd7b5980

Change-Id: I49f18a7ff01c6c4c700f9069920994dd5e62a624
Signed-off-by: Hua Fu <hua.fu@mediatek.com>
CR-Id: ALPS04088869
Feature: Location Chipset Capability
 2020-01-18 10:16:44 +08:00
Jianping Jiang
109462e1f2 [ALPS04674290] Correct mnld_device type 
1. Remove mnld_device from lbs_dbg.te;
2. move mnld_device type to non_plat folder

MTK-Commit-Id: f575807c7ac6d6a30595479ae03339b5765ff884

Change-Id: I8ba23283a103f52c045ae6c69ec7fc4eca06df84
CR-Id: ALPS04674290
Feature: Location Chipset Capability
 2020-01-18 10:16:26 +08:00
Jianping Jiang
11f88203b8 [ALPS04255502] lbs_dbg: move lbs_dbg sepolicy to system 
Move lbs_dbg sepolicy to system for System/vendor Layer decouple

MTK-Commit-Id: a4638ef15ca2020d8f7eba6ab2d053d7716d0ad4

Change-Id: I4ecfb1276b47ec75bab4c72ff04ebeb035d757b3
CR-Id: ALPS04255502
Feature: Location Aiding
 2020-01-18 10:14:12 +08:00
James Hsu
61b25561f6 [ALPS04515390] mrdump: add sepolicy for mrdump partition 
[Detail]
Add sepolicy for aee access mrdump partition

error log:
mrdump partition /dev/block/platform/bootdevice/by-name/mrdump
 open failed (13), Permission denied

MTK-Commit-Id: f837dec83ec395bddca7806ef5ff2d35ed2f8f7a

Change-Id: Iad2414cdebb66cc3b7046fbe2570ea972101854a
Signed-off-by: James Hsu <james.hsu@mediatek.com>
CR-Id: ALPS04515390
Feature: Memory RAM Dump (MRDUMP)
 2020-01-18 10:13:21 +08:00
Code Lin
1cdd0f7bd4 Merge "[ALPS04431920] NP: Add MDLA device SEPolicy" into alps-trunk-q0.basic 
Change-Id: Idc43193e6f45c35ef3f4799a1500a9b17c3a503f
MTK-Commit-Id: 7e30f1dccea206f80e4a6ac957e1752565777ac1
 2020-01-18 10:12:44 +08:00
Code Lin
da52ff0805 [ALPS04431920] NP: Add MDLA device SEPolicy 
Add MDLA device SEPolicy.

MTK-Commit-Id: 097bfbf9de8c3c8760f436ca8f1964037c4ab7f6

Change-Id: Ie4aaab4fc28eb1daf0d6c88cbe4e86f0f59444af
CR-Id: ALPS04431920
Feature: NeuroPilot
 2020-01-18 10:12:37 +08:00
Zhongchao Xia
379de5a9b0 [ALPS04382560] MDP: open mdp device fail 
[Detail]
1. Change /proc/mdp/device to /dev/mdp_device
2. Modify kernel driver change device node
3. Modify init.rc change device owner
4. Add selinux policy

MTK-Commit-Id: 08cf6d6ee97647a5f1262f475b79b420b616e527

Change-Id: I2bd7ee983116294dd62f247a9d30a67655316bd8
CR-Id: ALPS04382560
Feature: [Module]MDP Driver
 2020-01-18 10:12:32 +08:00
andrew.yang
b8f0e2db69 [ALPS04385961] RTC: add permission for power-off alarm 
Allow alarm manager to access /dev/alarm for power-off
alarm function.

MTK-Commit-Id: 01de6e5669b8e97c12818256915885dc32c45b9f

Change-Id: I5e3759e9d11357c3f302aa2557dc71de80476262
CR-Id: ALPS04385961
Feature: Power-Off Alarm
 2020-01-18 10:10:03 +08:00
Shanshan Guo
427c135bd6 [ALPS04340791] SEPOLICY: workaround fix BASIC build error 
[Detail]
Only BASIC Sepolicy need to be applyed for BASIC,
we separate basic/bsp sepolicy for BASIC.
This workaround is for fixing the build errors that
cause by the declarations were defined in bsp/ dir
and neverallow rules.

MTK-Commit-Id: f1ed54e84b85f73e20dcc8c2ac5f0c42fddedc77

Change-Id: I568873fcc272d04b018efc4be00924b751bb3775
CR-Id: ALPS04340791
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 10:09:28 +08:00
Shane Chien
25fb796fea [ALPS04237702] Audio: Add permission for audio scp device 
Add permission for audio scp device, instead of only
SCP SmartPA.

MTK-Commit-Id: 479293f8195469648aba65860920128fe85fa3f0

Change-Id: Ic33320ae0c8f36217da2aae0afba763609608af3
CR-Id: ALPS04237702
Feature: DSP SmartPA
(cherry picked from commit 1dfd94a4058c3d960539066bfe61d5032ca95c9d)
 2020-01-18 10:08:26 +08:00
Mark Hu
50e4268f54 [ALPS04079884] FRHandler P0 migration 
[Detail]
1) device/mediatek/sepolicy/[basic|bsp]
 --> /dev/gz_kree SELinux rule enabling
2) device/mediatek/mt6771
 --> gz_kree file-mode, FRHandler package add-on,
     FRHandler manifest.xml
3) vendor/../hardware/interfaces
 --> add IFRHandler hal

4) [mtkcam]
 --> FRHandler CA

5) device/mediatekprojects
 --> enlarge k71v1_64_bsp_as GZ-img to 24MB

6) [geniezone]/prebuilts/libs
 --> put empty-model FRlib to avoid GZ-img >16MB,
   need to manually update FRlib for testing

7) [geniezone]/trusty/app/fralgo
 --> FRHandler TA part

8) [geniezone]/trusty/device/arm/mediatek
 --> use project-name to include fralgo or not

[Solution]
as detail

MTK-Commit-Id: b451be02f7f719bc8490d2343d9dc67cc9c8f122

Change-Id: I34a380691b8a2b10b1b5c26581cc4a38e96f1251
CR-Id: ALPS04079884
Feature: [Android Default] Camera Application Basic Functions
 2020-01-18 10:07:02 +08:00
Stephen Chen
246e5b5057 [ALPS03738758] Audio: Add Hifi3 adsp device info 
[Detail]
Add sepolicy access right for Hifi3 adsp device.
Mobilelog and AED will need these access right.

MTK-Commit-Id: 06ac39d7cebbab2bcb3468fcf14f19b7e1489819

Change-Id: Ic834ac687b4423500ef6036824a6d6f75e57ccb3
CR-Id: ALPS03738758
Feature: [Module]Audio OpenDSP
 2020-01-18 10:05:34 +08:00
haohsiang.hsu
b69f0cbf9c [ALPS03783870] Add policy for update boot partition 
[Detail]
Add poilcy for update_engine and vbmeta so that A/B
system update can work well.

MTK-Commit-Id: de7ad7a48111b4e02f042600c6e65484d03ac87f

Change-Id: I79346615ad1be4c5ea33343c1fce73c22be1f82f
CR-Id: ALPS03783870
Feature: Secure Boot
 2020-01-18 10:04:29 +08:00
Hongxu Zhao
ad28808c22 Merge "[ALPS03909938] sensor: merge sensor code" into alps-trunk-p0.basic 
Change-Id: I8f52bbf569e23406d8b8555328dffbf258aeef9c
MTK-Commit-Id: be820753fd3017ef14aa260b12100e31c49b5396
 2020-01-18 09:46:41 +08:00
Qiangming Xia
11b0934173 [ALPS03909938] sensor: merge sensor code 
[Detail] Merge sensor code to P

MTK-Commit-Id: 62fa3d9f1b1a2004298003749f883ba3f693aac2

Change-Id: I72dc1f819fee5076b7524235810361aa0f01b6ba
Signed-off-by: Qiangming Xia <qiangming.xia@mediatek.com>
CR-Id: ALPS03909938
Feature: Sensor Hub
 2020-01-18 09:46:33 +08:00
ZH Chen
ce3a0f44e7 [ALPS03614388] Sepolicy: Add ttyS to sepolicy 
[Detail]
Add ttyS to sepolicy

MTK-Commit-Id: f51e0700ff76c53befa5c15f1bfa6d1726905fed

Change-Id: I88aaa49b470ff98fcbd0d3720c641b74ca42bdeb
CR-Id: ALPS03614388
Feature: Headset Cable/Button Detection and Reaction
(cherry picked from commit 7e314d2dbea64a05f626115e5beccce53bb2a07f)
 2020-01-18 09:46:05 +08:00
mtk12968
02f57d1f7c [ALPS03598446] add selinux policy for mdp 
[Detail]add a mtk_mdp_device lable and a allow rule for VP

[Solution]add a mtk_mdp_device lable and a allow rule for VP

MTK-Commit-Id: d015c8eba69f036e0f4770e045b1c99bd4d6c8c5

Change-Id: I9b72360ae4a31d849d8e6ada94d4ee8c49f36b1b
CR-Id: ALPS03598446
Feature: [Module]MDP Driver
(cherry picked from commit e10343315224b4b166767bc7e19fa0b14cc06892)
 2020-01-18 09:45:24 +08:00
Siyuan Jiang (江思源)
e7d66802f0 Merge "[ALPS03866092] Add sepolicy for /dev/fw_log_bt" into alps-trunk-p0.basic 
Change-Id: I9e26ba1f321d7a2b85dc38a39687e50794795277
MTK-Commit-Id: 259641ddbb2bc15920d2f2bb0a8830b25dda52da
 2020-01-18 09:36:44 +08:00
Siyuan Jiang
e90468349d [ALPS03866092] Add sepolicy for /dev/fw_log_bt 
[Detail]
Create sepolicy definition for /dev/fw_log_bt

MTK-Commit-Id: 4ef13c078eb67716e42948ec72d1bc26a5e207eb

Change-Id: Iad81acd8ceb6f3e3a21e719209e6c91e9e28c517
CR-Id: ALPS03866092
Feature: BT Chipset Capability
 2020-01-18 09:36:31 +08:00
Chaoran Zhang
7fdca91eee [ALPS03866092] add dev policy for fw_log_gps 
[Detail]
add dev policy for fw_log_gps
[Solution]
add dev policy for fw_log_gps

MTK-Commit-Id: 4435dfa949ec7886ca9015a93bcf175568ab1621

Change-Id: I88a56ee23d456e5d43036fba79acd34ce024d35d
CR-Id: ALPS03866092
Feature: MTKLogger
(cherry picked from commit aa7953e06029de4ad0bcc0e615aef842eedc6460)
(cherry picked from commit ffa21f0c868c50daeff539f7be970d5398d8c3e6)
 2020-01-18 09:36:07 +08:00
Black Chen
975daae102 [ALPS03866092] wlan: add sepolicy for /dev/fw_log_wifi 
[Detail]
Create sepolicy definition for /dev/fw_log_wifi

[Solution]
N/A

MTK-Commit-Id: 28b450dc71b48735fef6b58ade1f97bc8d81da8f

Change-Id: If932821d83e6999a3068a7520ea987b7a2ce09f8
Signed-off-by: Black Chen <black-ch.chen@mediatek.com>
CR-Id: ALPS03866092
Feature: Connsys Log Tool
(cherry picked from commit 39d8afbc1344efe75a4c591fec4e8eab78db1c61)
 2020-01-18 09:33:04 +08:00
Danny Shih
633ed5a00e [ALPS03866092] Debug Utility: add sepolicy for /dev/fw_log_wmt 
[Detail]
Create sepolicy definition for /dev/fw_log_wmt

MTK-Commit-Id: ffee8a32646445eec5ddb80e4ca4f22b6a74f54e

Change-Id: I68560eaf5f7d8e03317aae494d1861141077a31e
Feature: Connsys Log Tool
Signed-off-by: Danny Shih <danny.shih@mediatek.com>
CR-Id: ALPS03866092
(cherry picked from commit 85aad3cfc9bd3809ea78fcb72d23cb70e8dba462)
 2020-01-18 09:32:41 +08:00
Chunyan Zhang
37e0caa36e import from mediatek/master to mediatek/alps-mp-o1.mp1 
Change-Id: Ic78db8195c5c51f85c9c6fd3ef8333489afd6e79
MTK-Commit-Id: 848bf57127be9d01fd1df4aab95737855456afee
 2020-01-18 09:29:32 +08:00