NekoSakura/android_device_mediatek_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,060 Commits 2 Branches 0 Tags
Commit Graph

1060 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
bo.shang
34e4338c7e [ALPS04760404] Remove SElinux code 
1. Dont create folder in data by process self

MTK-Commit-Id: 137bc58be1b0069794c7b52db91f8532e406bf31

Change-Id: I20c0ca16c66490b81a03192eb642131b50933933
CR-Id: ALPS04760404
Feature: Modem Log Tool
 2020-01-18 10:20:51 +08:00
Freddy Hsin
b069f1aff7 [ALPS04794271] bootctl: add misc access permission for bootctrl 
add misc access permission for bootctrl

MTK-Commit-Id: 5c7ec0779ccca3fd9f9cc516cdae1b003fed2112

Change-Id: Ia8327de54f3e8e429506f2d58309cf46a1a0513a
CR-Id: ALPS04794271
Feature: [Android Default] SIU (SD Image Update)
 2020-01-18 10:20:50 +08:00
Juju Sung
212d0f50ad [ALPS04793867] selinux: policy sync 
Android Q and R have different policy in basic.
We sync it from Q policy and fix R neverallow rule

MTK-Commit-Id: 67144e1e0efe28d30381b1f3a98728c1a87e396e

Change-Id: Id7c92fa79976951c86d1286262f684e8f747427b
CR-Id: ALPS04793867
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 10:20:50 +08:00
Ian-Y Chen
c3f01bd285 [ALPS04760857] power: remove redundant policy 
[Detail]
Remove SE policy which is used by powerhal

MTK-Commit-Id: 08a121d90319599509142fb1b76a8bae7d287b6b

Change-Id: Idfca0859f22e880ff9ec6d55db315911438f9e53
CR-Id: ALPS04760857
Feature: [Module]PowerHAL
 2020-01-18 10:20:45 +08:00
Vineet Goyal
b5f7f8fef6 [ALPS04793667] MSDC: Change block device path 
Change block device path so that access from user space
need not take care platform-dependent device address.

MTK-Commit-Id: 0c06dba2f545b1ecbf614f6fab0f8f9faef7199a

Change-Id: I68746d22e61259a9bcdbf4124446b9c81077edbe
Signed-off-by: Vineet Goyal <vineet.goyal@mediatek.com>
CR-Id: ALPS04793667
Feature: eMMC Boot Up
 2020-01-18 10:20:45 +08:00
Ian-Y Chen
bf78be7a61 [ALPS04328846] power: add sys_fs_f2fs permission 
[Detail]
Add sys_fs_f2fs permission to PowerHal

MTK-Commit-Id: 4bd3689745cf60eaf6e1f43705b45edba8c71b9d

Change-Id: Ibe9f83936f9b8c60bd94582849d1f9a4672b992a
CR-Id: ALPS04328846
Feature: [Module]PowerHAL
 2020-01-18 10:20:44 +08:00
Huaiming Li
b14829ba29 [ALPS04719663] add some sepolicy rules 
1. set prop to allow vendor init rc set property
2. allow aee_aedv to read reboot reason file

MTK-Commit-Id: c12035a6290abbc0144f8840b2081e8b3e31b0d9

Change-Id: Id1521fab2999bff15ca4f2e2399e16f672636284
CR-Id: ALPS04719663
Feature: Android Exception Engine(AEE)
 2020-01-18 10:20:41 +08:00
Guoyi Qu
cf0ffa1738 [ALPS04760297] SEPolicy Optimize 
Revise high risk SEPolicies.

MTK-Commit-Id: 54290cb8aeb0fbb67310ed0cffe826684158effe

CR-Id: ALPS04760297
Feature: Connsys Log Tool
Change-Id: I369c7a917f8ee9cc95e0db14e552ce9195583a14
 2020-01-18 10:20:40 +08:00
Cui Zhang
ba7ce778ea [ALPS04791203] m4u: add ioctl define for permissioin control 
[Detail]
Add ioctl define for permissioin control
if user need to add m4u permission,
need to add it in its process .te file

MTK-Commit-Id: 450b6a3cf6177d0befee4dbe3e41104c8e957191

Change-Id: If708b999fd398a2388cdf7fc764d91814a9bbf86
Signed-off-by: Cui Zhang <cui.zhang@mediatek.com>
CR-Id: ALPS04791203
Feature: [Module]ION/M4U
 2020-01-18 10:20:36 +08:00
Ian-Y Chen
19ad399e64 [ALPS04328846] power: enable cache audit 
[Detail]
1. Add label for cache audit
2. Add permission to PowerHal

MTK-Commit-Id: b0f9581a8cb23b9dcb655b33b7255aedb597574e

Change-Id: Iea67821d04cb287c3492bf2eb6f3c4adc07aef84
CR-Id: ALPS04328846
Feature: [Module]PowerHAL
 2020-01-18 10:20:33 +08:00
Peter Wang
e32b6f7663 [ALPS04786311] eMMC : patch clear eMMC fail in factory 
When clear eMMC, need umount bootfs, add permission to stop
mdlogger process which access bootfs.

MTK-Commit-Id: 9ebab1fae0665a8c08af9b2d59b52a40f570054b

Change-Id: If4a9667906698b812a45b17d1162df3db3ed61f3
CR-Id: ALPS04786311
Feature: Factory Mode
 2020-01-18 10:20:33 +08:00
Peter Wang
af17e4d54a [ALPS04786311] eMMC : patch clear eMMC fail in factory 
When clear eMMC, need umount bootfs, add permission to stop
mdlogger process which access bootfs.

MTK-Commit-Id: 2d39dc0341e703f5ae92797146c0d2cec8defe77

Change-Id: I32bb7e94db970361a9f3a345f0cf7541fc9fd634
CR-Id: ALPS04786311
Feature: Factory Mode
 2020-01-18 10:20:32 +08:00
mtk81216
f2c63662c0 [ALPS04763235] remove pppoe related 
in ppp.te, some property is set for pppoe, since pppoe feature
is phased out, just remove related sepolicy rules

MTK-Commit-Id: 0c0b761b1dc65ddf5375d62ff5ed13d9df6a0e4c

Change-Id: I063224db045b9e57e2b2ad8e8f36ff1ff2b46f18
CR-Id: ALPS04763235
Feature: [Module]IP Networking
 2020-01-18 10:20:29 +08:00
Gang Xu
667f0f00df [ALPS04785930] Add ICCID to sensitive property 
ICCID belongs to sensitive information and is not allowed to print.
Add IMSI property to sensitive group and it is not printed in
mtklogger property files.

MTK-Commit-Id: 9a8e54973852a5afc01083ffe6ef2b7ac91d9347

Change-Id: I6e8a799bc5299deca730add0d0dfee77550b2a63
CR-Id: ALPS04785930
Feature: Mobile Data Service
 2020-01-18 10:20:28 +08:00
Jimmy Lai
b1dfbc5f60 [ALPS04763260] Fix Permission 
add sysfs_device_tree_model sepolicy
/firmware/devicetree/base/model

MTK-Commit-Id: 1b81ac4c2d260969ee02b1ffa81cf0bdfb99d019

Change-Id: I9c9bc011ec7f35a264af3bee6340991e9c2a2bec
CR-Id: ALPS04763260
Feature: [Module]Video Driver
 2020-01-18 10:20:28 +08:00
bo.shang
53a2892e48 [ALPS04788229] Add selinux permssion 
could read persist.sys. property

MTK-Commit-Id: 266f05feffaee309566f7d7410f7a00463457ff6

Change-Id: I380ef42f2549eca315fb9c69bf03bee097a18f08
CR-Id: ALPS04788229
Feature: Modem Log Tool
 2020-01-18 10:20:25 +08:00
Cosmo Sung
d5f4f31ade [ALPS04773384] SeLinux permission 
Remove general socket permission.

MTK-Commit-Id: 82b1e7c7fdc88ecec8fe72e2dc97023feda7f932

Change-Id: I48cb912ae8aa3480476dd451d7ebb0657a1c3793
CR-Id: ALPS04773384
Feature: DSDS (Dual SIM Dual Standby) Framework-Common Framework(RIL)
 2020-01-18 10:20:24 +08:00
jerry-sc.wu
31f4d86bf1 [ALPS04763250] Thermal: SEPolicy de-risk 
[Detail]
1. using set_prop for SEPolicy optimize.
2. modify high risk sysfs write operation for security.

MTK-Commit-Id: 48b34c3013d5402a3d6253945d3b41a148f0d167

Change-Id: I9657ab3f5eee2616f452a442fb6201779edd831c
Signed-off-by: jerry-sc.wu <jerry-sc.wu@mediatek.com>
CR-Id: ALPS04763250
Feature: Thermal Management
 2020-01-18 10:20:24 +08:00
Ian-Y Chen
c947a234d9 [ALPS04760762] power: remove high risk policy 
[Detail]
Remove procfs and sysfs root permission

MTK-Commit-Id: 1af6e86e9f71ef919ec46a7eda2f2901a5c63a80

Change-Id: I3ddea266511017eba1b51d7879be3a5a81b497e6
CR-Id: ALPS04760762
Feature: [Module]PowerHAL
 2020-01-18 10:20:20 +08:00
Wilma wu
854a8b9f99 [ALPS04387262] RTC: label sysfs_rtc files 
fix hctosys permission.

MTK-Commit-Id: 58c00437a1e1bd2c06f4745ce38c505f36ea32e4

Change-Id: I878a9bbe0f3d42d2dd3e205c3bcc2108c8976889
Signed-off-by: Wilma wu <wilma.wu@mediatek.com>
CR-Id: ALPS04387262
Feature: RTC-Power Drop Auto Reboot
 2020-01-18 10:20:20 +08:00
Guoyi Qu
dab7fbe9a1 [ALPS04727197] Add permission 
Add permission to save logs to special folder

MTK-Commit-Id: 51c58a7b5b66247b1ab454f71e6cc721ff83f61f

Change-Id: I00b58af1ae46842c84f183c2154583e59e98199b
CR-Id: ALPS04727197
Feature: Modem Log Tool
 2020-01-18 10:20:16 +08:00
Huaiming Li
ebb30438c8 [ALPS04776332] fix google dumpstate avc issue 
[Detail]
09-05 15:58:31.552000  9693  9693 W df      : type=1400 audit(0.0:990):
avc: denied { search } for name="expand" dev="tmpfs" ino=10779
scontext=u:r:dumpstate:s0 tcontext=u:object_r:mnt_expand_file:s0 tclass=dir permissive=0

[Solution]
add sepolicy rule:
allow dumpstate mnt_expand_file:dir search;

MTK-Commit-Id: 2117b8897e13ad2e52f8f7b9b16532e20cc8f477

Change-Id: I428cc52d30c3396d9d355af286bcdaa94d170eec
CR-Id: ALPS04776332
Feature: Android Exception Engine(AEE)
 2020-01-18 10:20:13 +08:00
yuhui.zhang
92bb4e88bb [ALPS04316338] Fix wcn coredump JE problem 
[Detail]
Wcn coredump move to vendor on Android Q. EM need to set property by
vendor hidl

MTK-Commit-Id: 7b93a89746c7d9f5c2672418babb22c9a23513b0

Change-Id: I9ff4d54918c9becab9dcaaae9f5cbb3d04d17ac6
CR-Id: ALPS04316338
Feature: Engineering Mode
 2020-01-18 10:20:13 +08:00
Jun Zhao
655451ea9e [ALPS04768250] occur fatal SWT when have some proccess in background 
Add policy for wfd & HDMI

MTK-Commit-Id: d45ac4bdc336432a8d59d9bf2ec09d2954a39988

Change-Id: I7e36f4c93131b98d9e6273e7b410c0b59866ec0a
CR-Id: ALPS04768250
Feature: Wi-Fi Display
 2020-01-18 10:20:12 +08:00
Yifei Qiao
dd08af703d [ALPS04775042] Fix install drm key sepolicy error 
Fix install drm key sepolicy error

MTK-Commit-Id: e3c03327cba36fb5fc352203f0bbe8337316e5ae

Change-Id: I8e418d69dcdf5838cd94f242055526c7f897f9ab
CR-Id: ALPS04775042
Feature: [Module]keymaster
 2020-01-18 10:20:09 +08:00
Juju Sung
1dbf2b6dff [ALPS04387792] BGService: add sepolicy permission 
[Detail]
1. add BGService sepolicy permission

MTK-Commit-Id: 136f9e6df88b8e10652a3393405737b20e986f51

Change-Id: I62a077fbadd17a865c21e8c1551b2202d10bc6ce
CR-Id: ALPS04387792
Feature: [Android Default] Camera Application Basic Functions
 2020-01-18 10:20:09 +08:00
swintegrator
8d9e4a522f [ALPS04784782] Add SELinux sepolicy for TEEI OS communication 
Add hal_graphics_allocator_default SELinux sepolicy to
enable normal/secure world communication.

This is used for secure memory allocation from graphics allocator HAL
to TEEI OS.

MTK-Commit-Id: a47f2e49b8c563fdc457443e46af591a2691a441

Change-Id: I2bdc87303310f5acdd85f0491e58644b26963838
CR-Id: ALPS04784782
Feature: Microtrust TEEI
 2020-01-18 10:20:08 +08:00
yizheng.yang
51885451fa [ALPS04781447] Add selinux permission 
Add permission for atcid

MTK-Commit-Id: e4ab92c694185c03bbcc792fed84fdeaf0013409

Change-Id: Ib7f76d8c5f03da070559f8f73de6f611367b96a6
CR-Id: ALPS04781447
Feature: [Module]ATCI (AT Command Interface)
 2020-01-18 10:20:05 +08:00
Nancy Huang
9e238bfba9 [ALPS04760196] audioserver: fix high risk sepolicy 
[Detail]
1. Remove system_data_file access rule
2. Remove socket access in audioserver

MTK-Commit-Id: 53231b8b52745a21cc302833524911c55bab4960

Change-Id: I661f78bfbe0377bf88445494af0f33edb5f4fef7
CR-Id: ALPS04760196
Feature: [Module]Proprietary Audio Utility
 2020-01-18 10:20:04 +08:00
otis.huang
ae6fbad5e9 [ALPS04387792] BGService: add sepolicy permission 
[Detail]
1. add BGService sepolicy permission

MTK-Commit-Id: f5832af535feb84ff9f94ae25eb02fc6f5959762

Change-Id: I22a1e8d6e17a2f455771adf677d2ce8cb32e6550
CR-Id: ALPS04387792
Feature: [Android Default] Camera Application Basic Functions
 2020-01-18 10:20:04 +08:00
yizheng.yang
1a9ed28058 [ALPS04760107] Fix high risk selinux 
Fix high risk selinux in atci

MTK-Commit-Id: 920482c8d6406a57b2b653e98b8b28c30c2e6d1b

Change-Id: I6cbd85f3699f055312a5f6b2ea577bd9161ef29e
CR-Id: ALPS04760107
Feature: [Module]ATCI (AT Command Interface)
 2020-01-18 10:20:00 +08:00
Chun-Hung Wu
ef2d9a611a [ALPS04776340] dumpstate: add selinux policy 
[Detail]
Add sd card mmcblk0/mmcblk1 sysfs_mmcblk for dumpstate

MTK-Commit-Id: 6b8fde0993498cd8659b028f978ee118a082f81b

Change-Id: I4212764d39ee8752d6a5347d2a5e629f53205d0e
CR-Id: ALPS04776340
Feature: UFS Booting
 2020-01-18 10:20:00 +08:00
Eric Chung
606cbd7ddc [ALPS04761007] GPU: Fix high risk sepolicy 
[Detail]
Remove "allow property set" in mtk_hal_gpu

MTK-Commit-Id: 846c697e7b7766010b31a37371fbbe0babaa8203

Change-Id: I87f87982ea5c0147a60c6120548d4a44dd8c7f29
CR-Id: ALPS04761007
Feature: OpenGL|ES
 2020-01-18 10:19:59 +08:00
bo.shang
6eceb7c147 [ALPS04761154] Remove risk selinux permission 
Remove create folder in data selinux permission

MTK-Commit-Id: d6a218ddee9f5bcde67381631e400a8c3d5a4497

Change-Id: I031aa0ba9463796a11e6ba68774595ad2ff40ce4
CR-Id: ALPS04761154
Feature: Network Log Tool
 2020-01-18 10:19:53 +08:00
chien-wei hsu
6bc8ac8bdb [ALPS04760982] audiohal: fix High risk SEPolicies of mtk_hal_audio 
[detail]
remove sysfs file permission,
only request the sysfs_ccci file

MTK-Commit-Id: 0649e6c55c648d65fa9c599d73bfa98e02e918fe

Change-Id: Idab0ac8e4aff9234887f70dc60fe51339d78cd2b
CR-Id: ALPS04760982
Feature: [Module]Audio HAL
 2020-01-18 10:19:52 +08:00
Huaiming Li
9f9773fc1f [ALPS04772922] fix dumpstate SF_RTT dir avc error 
[Detail]
dumpstate SF_RTT dir getattr avc error in xTS

[Solution]
add getattr rule into dumpstate.te

MTK-Commit-Id: 20c47c82db9b6dfc5091f1fa03f8505c619343ee

Change-Id: Ic6de198bfd4736ba2fa3f3aea6024eeda0f57a16
CR-Id: ALPS04772922
Feature: Android Exception Engine(AEE)
 2020-01-18 10:19:52 +08:00
Guobao Wang
0b9d1a7568 [ALPS04763239] Remove the high risk sepolicy sysfs_vcorefs_pwrctrl 
Remove the high risk sepolicy sysfs_vcorefs_pwrctrl because its no
longer in use.

MTK-Commit-Id: 7aec1b3e31558366c3d3f098eb7c9eac02398a2a

Change-Id: I2e0dcd99be464f01435f8e96ea6dd5fa6ca12716
CR-Id: ALPS04763239
Feature: SIM
 2020-01-18 10:19:51 +08:00
Youxiu Wang
6f8abd5708 [ALPS04763237] Modify permission forRIL 
Reduce the scope of permission for RIL to access proc node.

MTK-Commit-Id: 4f0402b23acbbcf90e195f4c0bfc3bd249c1489e

Change-Id: I442119bd6696a40aa1a49bec781cfb947869b995
CR-Id: ALPS04763237
Feature: DSDS (Dual SIM Dual Standby) Framework-Common Framework(RIL)
 2020-01-18 10:19:51 +08:00
Jen-Chih Chang
f4b78200ab [ALPS04761137] Remove mtkrild emulator SEPolicies 
Remove ununsed mtkrild emulator SEPolicies

MTK-Commit-Id: c6a07a483b3ff3c64b356d44808009aff7bb95b8

Change-Id: Ifbc17574943048f2f855ceb3282a89b892d7dc8c
CR-Id: ALPS04761137
Feature: DSDS (Dual SIM Dual Standby) Framework-Common Framework(RIL)
 2020-01-18 10:19:50 +08:00
mtk14723
dc117a90e7 [ALPS04761108] Backlight: remove the unused sepolicy 
[Detail]
Remove the unused sepolicy, which has high risk

MTK-Commit-Id: 93b6fa2d6408dc551867fb24b260b053a9b746a7

Change-Id: Id8ddccde37e766c59b1d258d17db2759da6a3ef9
CR-Id: ALPS04761108
Feature: [Android Default] Backlight
 2020-01-18 10:19:50 +08:00
mtk10871
6d71aabb69 [ALPS04690934] BT feature: log in data area 
[Detail]
Log is available to store in data area.
Change api for setting corresponding permission.

MTK-Commit-Id: 00be41e217b22f187a664d5d51cb18d52bc63635

Change-Id: I69c0869067e8f815c0f41930248b1c0e2c7f6358
CR-Id: ALPS04690934
Feature: BT AOSP
(cherry picked from commit e7396905545c154bc2ff6e76b4fa117ddbca0bb9)
 2020-01-18 10:19:50 +08:00
hao.wang
36fcc17d60 [ALPS04760753] add hal mms sepolicy 
Add merged_hal_service plolicy

MTK-Commit-Id: b098be0f7ff7c5f3755b9f7dfbf07dd17cf5eb65

Change-Id: I064377cb7628c703563fe2b3acc5e8718c0bd458
CR-Id: ALPS04760753
Feature: [Android Default] Camera Application Basic Functions
 2020-01-18 10:19:49 +08:00
Denis Hsu
4aa82d78c9 [ALPS04761184] Remove high risk policy for nvram 
Remove high risk policy for nvram.

MTK-Commit-Id: 6b89d790d606c06b3c48ef2711ad4e1f3b3132de

Change-Id: Iae4a7b021816f771d77b3f58f150de03863dfb9f
CR-Id: ALPS04761184
Feature: NVRAM Partition
 2020-01-18 10:19:49 +08:00
Cosmo Sung
979dff06fc [ALPS04761137] SeLinux permission 
Add rild socket type.

MTK-Commit-Id: d6850afb4aa38dbb3ec7e439b40a3379edf131a0

Change-Id: I3593adadabeffbe98bacdc27579f392073a40300
CR-Id: ALPS04761137
Feature: DSDS (Dual SIM Dual Standby) Framework-Common Framework(RIL)
 2020-01-18 10:19:48 +08:00
Huaiming Li
b42ff07e97 [ALPS04719663] fix avc denied issue 
add aee_aedv allow to read proc_pl_lk file

MTK-Commit-Id: ffc098c939b46f9df94d41e901d3c0f9ab7a9169

Change-Id: Ib3dbfce32dd63afe83998d2c5dea977ab9dcc6c4
CR-Id: ALPS04719663
Feature: Android Exception Engine(AEE)
 2020-01-18 10:19:48 +08:00
Juju Sung
61d7044c46 [ALPS04767749] Selinux: Add new TE path 
[Detail]
New sepolicy path declared and also support
legacy android.

MTK-Commit-Id: 8982268bbef8f852c153428f1a5f83849953c7c2

Change-Id: Ic10f297a312ff2e89e44a0aa323ffa11bc78ff6e
CR-Id: ALPS04767749
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 10:19:48 +08:00
Nixy Hsu
2f89f8a47a [ALPS04754649] gz: add mtee trusty selinux perms 
fix sysfs permission for dumpstate under selinux.

MTK-Commit-Id: bca4ec3babf362b7f9d21b7c1ea8290f55d8d74c

Change-Id: I26cfbb4e959f0dbd89d46d6088284f36e6450c42
CR-Id: ALPS04754649
Feature: GenieZone
Signed-off-by: Nixy Hsu <nixy.hsu@mediatek.com>
 2020-01-18 10:19:30 +08:00
Yanjie Jiang
725c0b46e1 [ALPS04760260] ccci: delete rule not used 
Change sepolicy rule for security.

MTK-Commit-Id: 0fe0072748de8b9077117a9d4d67bebea46cf9ec

Change-Id: I85a2991ffa2928330989a53ad0597d403274ccce
CR-Id: ALPS04760260
Feature: Modem Interface Driver
Signed-off-by: Yanjie Jiang <yanjie.jiang@mediatek.com>
 2020-01-18 10:19:29 +08:00
Cosmo Sung
a49221caf7 [ALPS04763240] SeLinux permission 
Remove unused policies.

MTK-Commit-Id: fb08d7258914676e713d5a4522b8ecb3b35d56d9

Change-Id: I1be805ef301abfefc1723be2ebd97153ddba1d23
CR-Id: ALPS04763240
Feature: DSDS (Dual SIM Dual Standby) Framework-Common Framework(RIL)
 2020-01-18 10:19:29 +08:00
Hao Dong
0ae7f56165 [ALPS04765260] BT open fail 
[Description]
Sepolicy modification for BT Driver setprop

MTK-Commit-Id: fa7f679e819436f0a49387411103ce866734dc2f

Change-Id: I4b4edf6d45333d1ed4cb5a4fee17697dbae87acc
Signed-off-by: Hao Dong <hao.dong@mediatek.com>
CR-Id: ALPS04765260
Feature: BT AOSP
 2020-01-18 10:19:25 +08:00