[Detail]
BASIC and BSP project should have same sepolicies in basic/.
[Solution]
1.Modify SEPolicies in non_plat/ by comparing with r_non_plat/ .
2.Remove r_non_plat/ .
Change-Id: I24d3df00255779bd73f4075c1c4062176d5b6047
CR-Id: ALPS05009976
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
power-hal would be killed and re-start in the manual encryption flow.
To prevenet the second power-hal would be stuck by other service,
clear the vendor.powerhal.init property.
MTK-Commit-Id: 0ec23aea4fa637f6e1e22a45c9afb914c48d20d8
Change-Id: Idaf2ad7b01337ce94afe507395588e299fb9cb8a
CR-Id: ALPS04795693
Feature: Full Disk Encryption (FDE)
[Detail]
EAS cannot control CPU freq
[Solution]
Add proc_cpufreq in vendor_init.te
MTK-Commit-Id: 69955d988abbc3ba90ebefdb734212a9ff1e4e19
Change-Id: Id749e5d60bfa29a4b4c131557981b69eed7d5077
CR-Id: ALPS04802193
Feature: Energy Aware Scheduling Plus (EAS+)
set sepolicy for vendor_init
MTK-Commit-Id: bf149e0f2132f3827f4a159ff56c89d56ff71f64
Change-Id: Id7f4e4883c6bc89f78000256d78bf209e6b61684
Signed-off-by: Johnny Yao <johnny.yao@mediatek.com>
CR-Id: ALPS04363596
Feature: [Module]WMT Driver
(cherry picked from commit 7ee51b414cfbeef888ecabc659994144e92108a6)
Add a rule to allow vendor_init have write permission
to proc_wmtdbg.
MTK-Commit-Id: fcdffbb167f1e860b31027357c5249c99b4b0281
Change-Id: I7b74e284ce9d9de1400c59bbf1f3e11188ec5245
Signed-off-by: Tim Chang <tim.chang@mediatek.com>
CR-Id: ALPS04294481
Feature: [Module]WMT Driver
Give set telephony switching related properties for vendor_init.
MTK-Commit-Id: 7e9671dfc5abda29c5a76608d7746c8b2d6aee95
Change-Id: I371f37082ffd4685a6195185a4946b3390428f36
CR-Id: ALPS04344579
Feature: Telephony feature switch dynamically
Enable BT SAP profile by properties rather than static resource overlay in Andorid Q.
Add the selinux rule for this property.
MTK-Commit-Id: 32eeec317227518f6be67c8bacc1aef03a413568
Change-Id: Ide8429240862eb79b24a352272ceaeae3fd09b2a
CR-Id: ALPS04409296
Feature: BT AOSP
[Detail]
vendor_init will parse meta_init.rc to ifup lo,which needs some
selinux policy. when meta mode has enabled loopback, gps tool can
run normally
[Solution]
add selinux rule to up lo interface
MTK-Commit-Id: b351d14a284871dae0783f4d48278a1fde515f4d
Change-Id: I962bfc0002a76d34e5366869cb5fea46ae1453da
CR-Id: ALPS03974446
Feature: Location Chipset Capability
[Detail]
Android P add new limitation for property access between
system partition and vendor partition:
1. SET and GET only by system
2. System cannot SET the property which SET/GET by vendor.
3. Allow system and vendor GET the property which SET by vendor.
[Solution]
1. Add new property label mtk_cxp_vendor_prop
2. Modify CXP related SELinux setting
MTK-Commit-Id: 4cac600ed76d413b5aee7ee64a1d6af55aa499d1
Change-Id: I9498840dead36a536acd5d18470f57bf7aec0a7c
CR-Id: ALPS03873734
Feature: Regional Carrier Express Pack
Since Android P, all properties under non_plat/property_contexts
should follow naming rule to add "vendor" prefix, otherwise
VTS will fail.
MTK-Commit-Id: 4563796d8ea83f170097b1ad8fdc3bae0cbae5a1
Change-Id: I0315ae6beefc6f4dd97bf79d217c82b4b7c281e5
CR-Id: ALPS03934986
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
1. We have too many config properties set by PRODUCT_PROPERTY_OVERRIDES,
and these properties usually are not sensitive and allow all processes to read.
2. Since Android P, properties should follow naming rule to add "vendor",
and then this will cause properties to be labeled as vendor_default_prop.
By default, coredomain is not granted to read vendor_default_prop.
Actually these properties are read widely from system/vendor processes.
3. So we introduce "mtk_default_prop" type that grant read access to
all processes, including system and vendor.
MTK-Commit-Id: 18077a2cb14b7b1ddadb7000e8abb565f0fd49e3
Change-Id: Ia378db3dbb9d0bf388139be3419e013228c79d6e
CR-Id: ALPS03934986
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
[Detail]
Rename CT VoLTE system property and allow other module to access
persist.vendor.mtk_ct_volte_support.
MTK-Commit-Id: bc5a52b6998d941aa12c7532f095d1a8c67d663f
Change-Id: I33881fd6684dc76e148ac4917e5c146f949e24f7
CR-Id: ALPS03929399
Feature: [China Telecom]VoLTE Customization
[Detail] vendor_init is new introduced in Android P,
and related policies have not been created yet.
[Solution] Add policies for vendor_init
MTK-Commit-Id: 00dc11bf94cbb7909ef58482d7726ebe8b954782
Change-Id: Ic2286e8e3e67b4005c7e2df18d217275f069f208
CR-Id: ALPS03881723
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
