NekoSakura/android_device_mediatek_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,161 Commits 2 Branches 0 Tags
Commit Graph

102 Commits

Author SHA1 Message Date
Aayush Gupta
3525f7a751 non_plat: Label /dev/socket/volte_imsvt1 and allow mtkimsapdomain write to it 
Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
Change-Id: Ice16c7115b1b8ffce3ebfe76074706e0fda3c50f
 2021-01-03 10:58:52 +05:30
Aayush Gupta
a7d6f83b00 non_plat: Label wfca binary and grant required permissions 
Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
Change-Id: I22832543e458ad1e3cc597911b8af347c92ccda5
 2021-01-03 10:56:00 +05:30
Aayush Gupta
c4bd4e850c non_plat: Label volte_stack binary and grant required permissions 
Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
Change-Id: I1ff3478844f876405a378f19ecd095daf7629708
 2021-01-03 10:56:00 +05:30
Aayush Gupta
23c3e00542 non_plat: Label volte_ua binary and grant required permissions 
Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
Change-Id: I3681ff0ed7a1de2499b8d53fd5d355cacff3a33a
 2021-01-03 10:55:55 +05:30
Aayush Gupta
2e08559c2b non_plat: Label /data/vendor/thh and allow tee to manage it 
TEE stores its file in /data/vendor/thh/. Allow it required permissions
to do so.

Denials observed without this change:
12-28 16:42:11.556   416   416 I teei_daemon: type=1400 audit(0.0:394): avc: denied { open } for path="/data/vendor/thh/7778c03fc30c4dd0a319ea29643d4d4b." dev="sdc46" ino=2490455 scontext=u:r:tee:s0 tcontext=u:object_r:vendor_data_file:s0 tclass=dir permissive=1

Test: Boot and notice that denials have resolved

Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
Change-Id: I1a608ebac628c8ce9c35ece1566e049236321a4b
 2020-12-30 16:19:22 +05:30
Aayush Gupta
7a0a7ea6a5 non_plat: Label /data/vendor/camera/ and allow mtk_hal_camera create perms 
Camera data files are store in /data/vendor/camera/ by camera hal on
treble devices. Label and allow mtk_hal_camera to manage it.

Denial observed without this change:
[   17.686535] .(4)[399:logd.auditd]type=1400 audit(1609114842.280:303): avc: denied { getattr } for comm="camerahalserver" path="/data/vendor/camera/back_dual_camera_caldata_wt.bin" dev="sdc46" ino=2490446 scontext=u:r:mtk_hal_camera:s0 tcontext=u:object_r:vendor_data_file:s0 tclass=file permissive=1

Test: Boot and notice denial has disappeared

Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
Change-Id: I98d0ddcce95cccdb9e86c4d36cb692e1f1ff41cb
 2020-12-30 10:10:31 +05:30
Aayush Gupta
4fbc9434e9 non_plat: Remove duplicate sepolicy rules 
These types are already defined in system/sepolicy and gives compile-time
errors. Remove them to resolve the issues.

Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
 2020-12-21 22:01:08 +05:30
Anthony Huang
4769fb0d97 [ALPS04925594] EMI: add permission to concurrency_scenario node 
Add permission to concurrency_scenario node for mediacodec

MTK-Commit-Id: df9f4afc7ecdf7a62b3bd7b79de24d2cde4ebd6a

Change-Id: I3b98ddd5d5b28c9f8f46df1a5089088edc5e4991
CR-Id: ALPS04925594
Feature: DRAM
 2020-01-18 10:22:18 +08:00
Shane Chien
1c8313c394 [ALPS04824504] Audio: Add permission for rt5509 SmartPA 
Add permission for rt5509 SmartPA to access device node.

MTK-Commit-Id: 2dcda2ed6418dc8c60f0e696e31fde0642b53554

Change-Id: I1c08f0aff93f8984a685b70374f434972d5b7c8c
CR-Id: ALPS04824504
Feature: Phone Sound
 2020-01-18 10:21:55 +08:00
Shanshan Guo
9eeda9d646 [ALPS04833608] SEPolicy: Add specail SELabel for atag,chipid 
[Detail]
It has risk for allow process to get permission of atag,chipid
by using u:object_rsysfs:s0
To avoid that, need to add specail SELabel for atag,chipid

[Solution]
Add specail SELabel for atag,chipid

MTK-Commit-Id: b727ba4e2b59c1dbe59f5e1d9f6b9c5d94c5ffad

Change-Id: Ibaf69f387015790c657783bb1234e584e56f67aa
CR-Id: ALPS04833608
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 10:21:42 +08:00
Huaiming Li
cd6459c6ee [ALPS04758557] fix aee high risk rules 
1. fix some aee high risk rules

MTK-Commit-Id: 4031a4610757debf0aa0de48408c72517fd61bcb

Change-Id: I637d723cba54ba7119d15617bd2935a4b00dd6c5
CR-Id: ALPS04758557
Feature: Android Exception Engine(AEE)
 2020-01-18 10:21:37 +08:00
Wei Fu
31121b1e5d [ALPS04843717] Revise SE Linux policy 
Revise SE Linux policy, avoid using socket_device.

MTK-Commit-Id: 93924c0432a94d66682827dd9e5ee9020f10decb

Change-Id: Iad72e8ff6144be73d32c3d27bd31b830900d07a3
CR-Id: ALPS04843717
Feature: [Module]ATCI (AT Command Interface)
 2020-01-18 10:21:33 +08:00
mtk07742
42a61b8bae [ALPS04821191] Add rules in system_server 
Add rules for proc_wlan_status and sysfs_pages_shared and
sysfs_pages_sharing and sysfs_pages_unshared and sysfs_pages_volatile.

MTK-Commit-Id: 7c7249f4597a69f068100da07e2773962c0bdba7

Change-Id: I6a3d7823295fd19b934ac0a28bef1f14ca8de2fa
CR-Id: ALPS04821191
Feature: [Module]SystemServer
 2020-01-18 10:21:24 +08:00
Ian-Y Chen
8695ad239f [ALPS04328846] power: add fliperfs policy 
[Detail]
1. Add proc_fliperfs policy
2. Add fliperfs permission to powerhal

MTK-Commit-Id: 519ec87e9f32de2f987acad288224be03b1fdde8

Change-Id: Ie3d58e1e48e0862864a70a281e2c2e3040206f09
CR-Id: ALPS04328846
Feature: [Module]PowerHAL
 2020-01-18 10:20:54 +08:00
Ian-Y Chen
19ad399e64 [ALPS04328846] power: enable cache audit 
[Detail]
1. Add label for cache audit
2. Add permission to PowerHal

MTK-Commit-Id: b0f9581a8cb23b9dcb655b33b7255aedb597574e

Change-Id: Iea67821d04cb287c3492bf2eb6f3c4adc07aef84
CR-Id: ALPS04328846
Feature: [Module]PowerHAL
 2020-01-18 10:20:33 +08:00
Jimmy Lai
b1dfbc5f60 [ALPS04763260] Fix Permission 
add sysfs_device_tree_model sepolicy
/firmware/devicetree/base/model

MTK-Commit-Id: 1b81ac4c2d260969ee02b1ffa81cf0bdfb99d019

Change-Id: I9c9bc011ec7f35a264af3bee6340991e9c2a2bec
CR-Id: ALPS04763260
Feature: [Module]Video Driver
 2020-01-18 10:20:28 +08:00
Ian-Y Chen
c947a234d9 [ALPS04760762] power: remove high risk policy 
[Detail]
Remove procfs and sysfs root permission

MTK-Commit-Id: 1af6e86e9f71ef919ec46a7eda2f2901a5c63a80

Change-Id: I3ddea266511017eba1b51d7879be3a5a81b497e6
CR-Id: ALPS04760762
Feature: [Module]PowerHAL
 2020-01-18 10:20:20 +08:00
Youxiu Wang
6f8abd5708 [ALPS04763237] Modify permission forRIL 
Reduce the scope of permission for RIL to access proc node.

MTK-Commit-Id: 4f0402b23acbbcf90e195f4c0bfc3bd249c1489e

Change-Id: I442119bd6696a40aa1a49bec781cfb947869b995
CR-Id: ALPS04763237
Feature: DSDS (Dual SIM Dual Standby) Framework-Common Framework(RIL)
 2020-01-18 10:19:51 +08:00
mtk14723
dc117a90e7 [ALPS04761108] Backlight: remove the unused sepolicy 
[Detail]
Remove the unused sepolicy, which has high risk

MTK-Commit-Id: 93b6fa2d6408dc551867fb24b260b053a9b746a7

Change-Id: Id8ddccde37e766c59b1d258d17db2759da6a3ef9
CR-Id: ALPS04761108
Feature: [Android Default] Backlight
 2020-01-18 10:19:50 +08:00
Cosmo Sung
979dff06fc [ALPS04761137] SeLinux permission 
Add rild socket type.

MTK-Commit-Id: d6850afb4aa38dbb3ec7e439b40a3379edf131a0

Change-Id: I3593adadabeffbe98bacdc27579f392073a40300
CR-Id: ALPS04761137
Feature: DSDS (Dual SIM Dual Standby) Framework-Common Framework(RIL)
 2020-01-18 10:19:48 +08:00
Nixy Hsu
2f89f8a47a [ALPS04754649] gz: add mtee trusty selinux perms 
fix sysfs permission for dumpstate under selinux.

MTK-Commit-Id: bca4ec3babf362b7f9d21b7c1ea8290f55d8d74c

Change-Id: I26cfbb4e959f0dbd89d46d6088284f36e6450c42
CR-Id: ALPS04754649
Feature: GenieZone
Signed-off-by: Nixy Hsu <nixy.hsu@mediatek.com>
 2020-01-18 10:19:30 +08:00
Yanjie Jiang
725c0b46e1 [ALPS04760260] ccci: delete rule not used 
Change sepolicy rule for security.

MTK-Commit-Id: 0fe0072748de8b9077117a9d4d67bebea46cf9ec

Change-Id: I85a2991ffa2928330989a53ad0597d403274ccce
CR-Id: ALPS04760260
Feature: Modem Interface Driver
Signed-off-by: Yanjie Jiang <yanjie.jiang@mediatek.com>
 2020-01-18 10:19:29 +08:00
hongxu.zhao
f57f7914f3 [ALPS04761129] sensor: high risk sepolicy of mtk_hal_sensors 
give /sys/class/sensor folder perms for mtk_hal_sensors

MTK-Commit-Id: 7d2c08aad389eb68e423d9fa75d5c4f0d514577c

Change-Id: I63c5300a31b523de5d4c22ac53e5e03ba8cdd048
CR-Id: ALPS04761129
Feature: Sensor Hub
 2020-01-18 10:19:22 +08:00
Jimmy Lai
bf88392bfa [ALPS04740488] SVP IT 
1. Add tag for vcodec internal log file

MTK-Commit-Id: 2b4abdfbddc7095bf9a0a721c650917bc8bbddd6

Change-Id: I72d45bed4a61f5234ae0b82b7c4958bfe1da5ad2
CR-Id: ALPS04740488
Feature: Secure Video Path (SVP)
 2020-01-18 10:19:15 +08:00
mtk11285
b913b95845 [ALPS04754945] aee: phase out unused selinux rules 
NE DB is created by /system/bin/aee_aed* on Q,
so remove selinux rules about /data/vendor/tombstones.

MTK-Commit-Id: f3b5da9438aa0fe4cc6e96bcafe0b253da475fee

Change-Id: I875ed2f4c62413e4b438b36945cda9ec7933f9b3
CR-Id: ALPS04754945
Feature: Android Exception Engine(AEE)
 2020-01-18 10:19:11 +08:00
Xiangsheng Hou
dc891f1bc7 [ALPS04747012] SEPolicy: label mtd in procfs 
[Solution]
label mtd in procfs

MTK-Commit-Id: f8ed85a97de48e92e6585070ce7ae467b62275ff

Change-Id: I928aad7c422194c5e1a59345dfbd888379550cb1
Signed-off-by: Xiangsheng Hou <xiangsheng.hou@mediatek.com>
CR-Id: ALPS04747012
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 10:19:03 +08:00
Huaiming Li
6272c879bf [ALPS04719663] fix some avc denied issue 
update some sepolicy rules

MTK-Commit-Id: c1294d5ae7714677077e8d38c6c1624955816cdb

Change-Id: Id30499203b004677bf95b221195ef33749ec6a36
CR-Id: ALPS04719663
Feature: Android Exception Engine(AEE)
 2020-01-18 10:18:55 +08:00
Larry Liang
30cede8986 Merge "[ALPS04642542] update sepolicy rules for dumping kmemleak file" into alps-trunk-q0.basic 
Change-Id: I8d39195bf5e8f73101d1fa350c4124fba4ff1165
MTK-Commit-Id: 3331b590249be0d60f51d699767152445d7cd3ce
 2020-01-18 10:17:38 +08:00
Huaiming Li
fc904e056e [ALPS04642542] update sepolicy rules for dumping kmemleak file 
add new sepolicy rules for dumping kmemleak file into manual DB

MTK-Commit-Id: bbc72864526fe28df5f9278c4250a152fbe94515

Change-Id: Ie59c50451d3e7b00500a11eab43b99004d0b543c
CR-Id: ALPS04642542
Feature: Android Exception Engine(AEE)
 2020-01-18 10:17:36 +08:00
Yifei Qiao
ed15da7571 Merge "[ALPS04700799] Align keymanager sepolicy with p0.mp6" into alps-trunk-q0.basic 
Change-Id: I525d8f1f9893ac348145cd8f1e063a721091f288
MTK-Commit-Id: 90ca8ed634df094a119de00fe68120697b59c085
 2020-01-18 10:17:35 +08:00
Yifei Qiao
9708912e27 [ALPS04700799] Align keymanager sepolicy with p0.mp6 
Align keymanager sepolicy with p0.mp6

MTK-Commit-Id: 24a187bc32e2be7663abb880c07659834d71f4b0

Change-Id: Ia98525be2155dcf3261633d1e6c25a775426068d
CR-Id: ALPS04700799
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 10:17:31 +08:00
Peng Zhou
2994db624c Merge "[ALPS04697232] msdc: label mmc1 in sysfs" into alps-trunk-q0.basic 
Change-Id: Ib12bc9c84519575922c5432a2e1e0487c4a10048
MTK-Commit-Id: d856b1ab48d980b6060ab451985418645fffb9b0
 2020-01-18 10:17:23 +08:00
Huaiming Li
ae04d1f49c [ALPS04697232] msdc: label mmc1 in sysfs 
label mmc1 in sysfs

MTK-Commit-Id: f779eb09ee01d25d6f6691ec14ab4fe7bc9d5d7a

Change-Id: I721f146682b32437dd6065824c87bb0d1182729f
CR-Id: ALPS04697232
Feature: [Android Default] SDCard
 2020-01-18 10:17:22 +08:00
Ian-Y Chen
8ae5f3bd2c [ALPS04328846] power: mt6779 migration 
[Detail]
1. Add VPU, MDLA debugfs permission
2. Add EARA dsbugfs permission
3. Add netdagent HIDL permission

MTK-Commit-Id: b815b51044d2be0e70d2e987d792f273b4bd19a2

Change-Id: I104264b1ab146ac7e71e337184f3407ccc58a79b
CR-Id: ALPS04328846
Feature: [Module]PowerHAL
 2020-01-18 10:17:11 +08:00
Hua Tian (田华)
642e127203 Merge "[ALPS04649268] Move SELINUX policies to plat_private" into alps-trunk-q0.basic 
Change-Id: I896822f69d6a7a9877b39468141822eba21cd2e8
MTK-Commit-Id: 7158df56b1ae9d92622d91dad092628e1741d256
 2020-01-18 10:16:49 +08:00
hua.tian
7574cf2c9c [ALPS04649268] Move SELINUX policies to plat_private 
These policies are for system process, as a result,
move it to plat_private folder.

MTK-Commit-Id: 46e87002024d5675d566dd59f77cbde9c69bdd37

Change-Id: I9c2b72136d1f1c3062f0ac6b174c8334b1965e80
CR-Id: ALPS04649268
Feature: Mobile Log Tool
 2020-01-18 10:16:47 +08:00
Stanley Chu
328d60ea9c [ALPS04682157] aee: ufs: Add proc_ufs_debug 
Add proc_ufs_debug SEPolicy definition.

MTK-Commit-Id: cbcfb406d1dfdb0d25205da21a1e99cb166659e8

Change-Id: Iee4bfba2116a7f005f8b9b8d831d0e10523b61d1
CR-Id: ALPS04682157
Feature: Android Exception Engine(AEE)
 2020-01-18 10:16:37 +08:00
sharon.feng
8a77128e9d [ALPS04428522] Add selinux policy for svp 
[Detail] For android Q, we need to add more policy for secure video playback

MTK-Commit-Id: 49b4ab8e0047f4a5002c82af075c77e8bc4e790f

Change-Id: Ib81885e40b14416b57e0776c56cb85591509501a
CR-Id: ALPS04428522
Feature: Trustonic TEE (Trusted Execution Environment)
 2020-01-18 10:16:31 +08:00
hua.tian
270eab4eb8 [ALPS04649268] Save mobile log in data partition in meta mode 
Add SELINUX policy for mobile_log_d to save log in /data/debuglogger
and for getting log from adb.

MTK-Commit-Id: 8775f10bd89be7ac112cbc56daf422814f0f385f

Change-Id: I39e5e1d0ccb2381ef302c187ff83a9e9cb0fa959
CR-Id: ALPS04649268
Feature: Mobile Log Tool
 2020-01-18 10:14:56 +08:00
Shanshan Guo
6b7634890e [ALPS04475279] Revert Sepolicy:move type sysfs_mmcblk 
Revert "[ALPS04475279] Sepolicy:move type sysfs_mmcblk"

MTK-Commit-Id: 29c0cafecc272113f799b08271f1ad71fd5abb30

Change-Id: I7b9988640f621e1dfb7129d9bf21ca446e447d04
CR-Id: ALPS04475279
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 10:14:23 +08:00
Jianping Jiang
11f88203b8 [ALPS04255502] lbs_dbg: move lbs_dbg sepolicy to system 
Move lbs_dbg sepolicy to system for System/vendor Layer decouple

MTK-Commit-Id: a4638ef15ca2020d8f7eba6ab2d053d7716d0ad4

Change-Id: I4ecfb1276b47ec75bab4c72ff04ebeb035d757b3
CR-Id: ALPS04255502
Feature: Location Aiding
 2020-01-18 10:14:12 +08:00
Shanshan Guo
54b1880fd1 [ALPS04475279] Sepolicy:move type sysfs_mmcblk 
[Detail]
sysfs_mmcblk is used by vendor & system process,
its type need to be moved to plat_public.

[Solution]
move type sysfs_mmcblk form non_plat to plat_public.

MTK-Commit-Id: 9221eb0ec44290e461e5602f7bfaf08b72994b4d

Change-Id: Ibe9a39e70e2071bfa9c88518fd34e232fc4844d6
CR-Id: ALPS04475279
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 10:14:07 +08:00
jhua.zhang
0986f7cfba [ALPS04533784] Move sepolicy of cam cooler to bsp 
[Detail]
Move camera coolers sepolicy to bsp/plat_private.
This reverts commit 869396b2725b78c55382a9f34b016b5236505965.

MTK-Commit-Id: 31387ebc1f29a342b39a8bd809cdc3f2f56c85fd

Change-Id: I64c36cefdefe72846971ec323cae0c6e89c675a1
Signed-off-by: jhua.zhang <jhua.zhang@mediatek.com>
CR-Id: ALPS04533784
Feature: Thermal Management
 2020-01-18 10:13:55 +08:00
jhua.zhang
c95ef58ba5 [ALPS04533784] Thermal: add sepolicy for cam cooler 
[Detail]
Add sepolicy to allow camera app to access /proc/driver/cl_cam_status
for camera shutdown cooler.

MTK-Commit-Id: 869396b2725b78c55382a9f34b016b5236505965

Change-Id: Iadfcfb95923c15384c7a6508525b7167e1a6e16f
Signed-off-by: jhua.zhang <jhua.zhang@mediatek.com>
CR-Id: ALPS04533784
Feature: Thermal Management
 2020-01-18 10:13:40 +08:00
Juju Sung
f680189e6c [ALPS04284125] Sepolicy: add lost label 
[Detail]
netd_socket is deprecated in a/26f84c6.
The netd_socket used in mulitple modem generation,
for cross modem compatibility we add a dummy label to
prevent splitting new branch.

MTK-Commit-Id: b949378b387f9eb942de90b7475aea4ec711f68c

Change-Id: I5179175d9df973a0da01d4520269468b70f742ce
CR-Id: ALPS04284125
Feature: Modem Interface Driver
 2020-01-18 10:13:13 +08:00
Wy Chuang
509a95b365 Merge "[ALPS04431500] battery: add selinux policy in em_svr" into alps-trunk-q0.basic 
Change-Id: I1dd23be2b709812426a1d85e673d4b751fe9af82
MTK-Commit-Id: 3c6fefaadbbd74b2374e6ceb52253e59e1d1164d
 2020-01-18 10:13:07 +08:00
Timo Liao
7bb01a1e2e [ALPS04431500] battery: add selinux policy in em_svr 
add new labels for em_svr mode

MTK-Commit-Id: a0e12cdf7848d47c065cc10eeb144a929dcccace

Change-Id: Ic198120736d63e4b8d1615092b39ba26269c0518
Signed-off-by: Timo Liao <timo.liao@mediatek.com>
CR-Id: ALPS04431500
Feature: Fuel Gauge
 2020-01-18 10:13:04 +08:00
Robbin Chiu
7238f50dd0 [ALPS04419955] WMT: stp_dump moving to vendor 
[Solution]
Set SEPolicy for stp_dump

MTK-Commit-Id: 5caf8dd3780faaf3c8933406756ef7298560590c

Change-Id: I3f2ac66941eb5f54f4b2079fbeef15e1ebe1e2b6
Signed-off-by: Robbin Chiu <robbin.chiu@mediatek.com>
CR-Id: ALPS04419955
Feature: [Module]WMT Driver
 2020-01-18 10:12:09 +08:00
jamy.tseng
142bfb6b36 [ALPS04421353] MtkCam: modify sepolicy for jpeg 
[Detail]
add ioctl for camerahalserver jpegnode
jpegnode need to control jpeg io

MTK-Commit-Id: c1adc06defb2aab6e9402f45c0f2b92bcfa83a5e

Change-Id: Ie8f65b38133fc46b3a46e3ed04b42d6f09ad13cc
CR-Id: ALPS04421353
Feature: Cshot (Continuous Shot)
 2020-01-18 10:11:44 +08:00
HungWen Hsieh
2278c51caa [ALPS04419954] sync code from android p 
[Detail]
sync code from android p

MTK-Commit-Id: d0b19b83da618bab91caff90dbe9525f3f6a22a3

Change-Id: Ib664dbb0b8a1b69012fc81a2ad1bde770ccf478b
CR-Id:ALPS04419954
Feature:[Android Default] Camera Application Basic Functions
 2020-01-18 10:11:22 +08:00