NekoSakura/android_device_mediatek_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,080 Commits 2 Branches 0 Tags
Commit Graph

1022 Commits

Author SHA1 Message Date
Jenny Hsu
5985a06909 [ALPS04653648] Factory Mode: fix SElinux policy 
[Detail] Add whitelist for SELinux avc denied problem

MTK-Commit-Id: 69c17be2893ecc73c0b486728899d56c11587a08

Change-Id: I2fbf51c12e68b134d6ee7a95421dba0706894147
CR-Id: ALPS04653648
Feature: Factory Mode
 2020-01-18 10:15:04 +08:00
Wilson Fan
5d35b26aba [ALPS04641674] Flashlight: add flashlight sepolicy in basic 
[Detail]
Add flashlight device sepolicy in basic

MTK-Commit-Id: ad0aff2ace102a539e4c43b1b0d72257596ab45d

Change-Id: I5676a830af246c3856bd8ed26d5e79973abc33d1
CR-Id: ALPS04641674
Feature: [Android Default] Flashlight
 2020-01-18 10:15:00 +08:00
Denis Hsu
346ca0c012 [ALPS04631260] skip selinux violation log for fstrim vendor folder 
vold cannot do fstrim on vendor folders (ex: nvdata, protect_f)
because of never allow rule.
Thus, skip selinux violation log for fstrim vendor folder.

MTK-Commit-Id: cf15f3ec6ae93e65c1f13b22f044e766a63eaece

Change-Id: I9c26ee000b8554df7abb03141ecf73a78d727f87
CR-Id: ALPS04631260
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 10:15:00 +08:00
Jianping Jiang
2a609d6b82 [ALPS04641743] GPS: factory execute mnld fail 
Move mnld execute permission for factory from bsp to basic.

MTK-Commit-Id: 5f8449ec00c670d7b0901b9b4c167ee502cab88d

Change-Id: Ifdb13b700f63572b9df2ff0bb64315a42375df71
CR-Id: ALPS04641743
Feature: Factory Mode
 2020-01-18 10:14:59 +08:00
Shanshan Guo
2bd9ab2104 [ALPS04654001] SEPolicy: add ioctlcmd for app 
[Detail]
For Andorid Q, there is a more stringent restriction
for ioctl, app need to access pipe by ioctlcmd=0x5402.
avc: denied { ioctl } for comm="kd" path="pipe:[7173861]"
dev="pipefs" ino=7173861 ioctlcmd=0x5402
scontext=u:r:untrusted_app_25:s0:c512,c768
tcontext=u:r:untrusted_app_25:s0:c512,c768
tclass=fifo_file permissive=0 app=com.tencent.qqpimsecure

[Solution]
Add sepolicy for app to access pipe by ioctlcmd=0x5402

MTK-Commit-Id: d38b9f7f97aab7b23d80d0f3aac8e25a790c8c91

Change-Id: I5ac20bf2dffa0c297b32aaebd75db9e04c35cc79
CR-Id: ALPS04654001
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 10:14:59 +08:00
Shanshan Guo
38ae1361bf [ALPS04653992] SEPolicy: mmap permission for app 
[Detail]
In kernel 4.14, selinux security need to check if the process has the
map permission of mmap inode. App need the map permission to
read radio_data_file.

[Solution]
Add map permission for app to read radio_data_file.

MTK-Commit-Id: 698e603818ff37a59212a37a41ecbec8e8e30233

Change-Id: I8982ddbff40cfd7280c0a3dc5e8d2f6b6394e747
CR-Id: ALPS04653992
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 10:14:58 +08:00
lokesh
96c9971cfd [ALPS04654005] Selinux error bootanimation 
Allow SELinux permissions for all GED proc

MTK-Commit-Id: d371e1d19a81c711fa97dc73c51709c8f9eee142

Change-Id: I64155523baef9b75b8947626de7e4d5bd6b47795
CR-Id: ALPS04654005
Feature:[Module]Settings
 2020-01-18 10:14:58 +08:00
mtk81325
0605921b96 [ALPS04304578] [V3]UDC: SElinux permission grant 
Feature - Userdata Checkpoint

We will format the metadata partition(md_udc) in first boot-up,
because it is a RAW data part, so giving the permission grant
to e2fs.

MTK-Commit-Id: de837a8e097cad8067f5d653370545b51f8d457e

Change-Id: Iaebc665979ab36422b6df846a2f05450c222d1f5
CR-Id: ALPS04304578
Feature: [Android Default] F2FS File System
 2020-01-18 10:14:58 +08:00
Hua Tian (田华)
2053ec451b Merge "[ALPS04649268] Save mobile log in data partition in meta mode" into alps-trunk-q0.basic 
Change-Id: I5efc68f3ae699362104c5db0659b91fe65f37ce7
MTK-Commit-Id: 3294cc8af25cc2e6b4358acd0d6b2a589574b403
 2020-01-18 10:14:57 +08:00
hua.tian
270eab4eb8 [ALPS04649268] Save mobile log in data partition in meta mode 
Add SELINUX policy for mobile_log_d to save log in /data/debuglogger
and for getting log from adb.

MTK-Commit-Id: 8775f10bd89be7ac112cbc56daf422814f0f385f

Change-Id: I39e5e1d0ccb2381ef302c187ff83a9e9cb0fa959
CR-Id: ALPS04649268
Feature: Mobile Log Tool
 2020-01-18 10:14:56 +08:00
Cheng-Wei Lee
dc1d2e3aba Merge "[ALPS04331556] Gralloc: Enable mapper 2.1 implement" into alps-trunk-q0.basic 
Change-Id: If74e6a095cfb8b853358e446df7b6b5cbbda2b63
MTK-Commit-Id: 4add8c8425fe25734ce37b2a26860296f241247e
 2020-01-18 10:14:54 +08:00
WEi Lee
0afde209c0 [ALPS04331556] Gralloc: Enable mapper 2.1 implement 
[Detail]
Enable mapper 2.1 impl. on file contexts

MTK-Commit-Id: f70b1b9b0eb38ce6ec9a93f7667afb4c9e3bdd74

Change-Id: If5c793d8d7e0cbc3a94afa27274b828531e97c61
CR-Id: ALPS04331556
Feature: OpenGL|ES
 2020-01-18 10:14:49 +08:00
Facer Pei
aeefff0ff1 Merge "[ALPS04331131] Wlan: wlan_assistant selinux" into alps-trunk-q0.basic 
Change-Id: I8c0759fbaadc5a70e54a45d2696289bdfdc5a4b0
MTK-Commit-Id: 59fe152577a10dfb8887f36af0f010142e28b319
 2020-01-18 10:14:48 +08:00
chun-yi lin
8700268780 [ALPS04331131] Wlan: wlan_assistant selinux 
For Meta mode, we use the property to notify meta tool that NVRAM
has read. Set the selinux rule for this property.

MTK-Commit-Id: 0cafb33d13392e6a676930814e3df3ba27fb146b

Change-Id: I62ca6e004861720eb43b90ace6f5fff85da49298
Signed-off-by: Facer Pei <facer.pei@mediatek.com>
CR-Id: ALPS04331131
Feature: [Module]Wi-Fi Driver
(cherry picked from commit bf9cdf5f2598cecdc0b5f4fd1b1016b9fd77dfd6)
(cherry picked from commit a846ce17a1eedc26d31b6c82b2583f58cd8e53f5)
(cherry picked from commit 8f6643f055c69d5b45e17048ce9a76311d6fdd92)
 2020-01-18 10:14:46 +08:00
Qiuyue Zhong (钟秋月)
4f69960fd1 Merge "[ALPS04608727] improve sepolicy for d2 plus" into alps-trunk-q0.basic 
Change-Id: I76dc84c36793e15c855cf55ddd6d4711b1092b2b
MTK-Commit-Id: f42e007c213c1681904d72026af41a20d5e09d1d
 2020-01-18 10:14:45 +08:00
kai.zhao
c882363e4d [ALPS04608727] improve sepolicy for d2 plus 
[Detail] improve sepolicy for d2 plus

MTK-Commit-Id: 2340a49104f5457dbd4c02fdd0027d3a6487e203

Change-Id: Idf1d27da771e438b9e8a12ab54591775cdeefeb3
CR-Id: ALPS04608727
Feature: OpenGL|ES
 2020-01-18 10:14:41 +08:00
YC Shen
f9c68f4cad Merge "[ALPS04292313] Add sepolicy for MTK Wi-Fi lazy hal" into alps-trunk-q0.basic 
Change-Id: I8a72afdeff48a6372df0391c63fc6d03671ba8d9
MTK-Commit-Id: 6de0c92ba0fcd139dfe7065d067a2ba002f13c27
 2020-01-18 10:14:40 +08:00
TF Huang
bdf828cf29 [ALPS04292313] Add sepolicy for MTK Wi-Fi lazy hal 
Add sepolicy for new added Wi-Fi lazy hal

MTK-Commit-Id: 16ae21d83bc037845e2c6f5c17af86940998a90e

Change-Id: I7863c666aeb9ea782f8007b81124eb00cff430d0
CR-Id: ALPS04292313
Feature: [Module]Wi-Fi HAL
 2020-01-18 10:14:31 +08:00
Marx Chiu (邱弘志)
dde8ac8308 Merge "[ALPS04643911] Fix cameraserver permission GED_IO" into alps-trunk-q0.basic 
Change-Id: I9d3ccd9bb7dcd303ad54bcff4ed0fa0c211f4872
MTK-Commit-Id: 0a9d484fce7aee55b05e8fda923f2210e2b82b79
 2020-01-18 10:14:30 +08:00
Lovefool Tai
5deaf73ab0 [ALPS04643911] Fix cameraserver permission GED_IO 
[Detail]
To solve the kernel dump message when switch to stereo mode.
Enable the capability of mtk_hal_camera about GED_IO.

MTK-Commit-Id: 88e25a18c125c57a1bbf5c40102ef604f556be95

Change-Id: Ia5a462a2264e2b2ed68090c5ce2e24d5f21d9423
CR-Id: ALPS04643911
Feature: [Android Default] Camera Application Basic Functions
 2020-01-18 10:14:29 +08:00
Yogesh Tundele
470060d569 Merge "[ALPS04640555] Recovery: Add SELinux Permission" into alps-trunk-q0.basic 
Change-Id: Ie4ae365d24b95d6a45d9475d63dcdad5b941d71e
MTK-Commit-Id: fa1f39c95d5896492a4bf529f6f461d3b7bec096
 2020-01-18 10:14:27 +08:00
Yogesh Tundele
69a1acead8 [ALPS04640555] Recovery: Add SELinux Permission 
[Detail]
Uncrypt service need permission to write Setup bcb thus adding permission
[Solution]
uncrypt.te required for SELinux permission so added project wise.

MTK-Commit-Id: 449e4268822584641f10ce798271d33344d7fa5c

Change-Id: I8c2109029e4d5b58a1ca7aa8bc62954e1d939606
CR-Id: ALPS04640555
Feature: [Module]Settings
Signed-off-by: Yogesh Tundele <yogesh.tundele@mediatek.com>
 2020-01-18 10:14:26 +08:00
Shanshan Guo
c50b176f22 Merge "[ALPS04475279] Revert Sepolicy:move type sysfs_mmcblk" into alps-trunk-q0.basic 
Change-Id: Ib3f39b3e808c27ebc9e42a8fadaa708205d0db33
MTK-Commit-Id: ca7e92c24ecd2b6b5998af00ac090cc9bb00f45d
 2020-01-18 10:14:25 +08:00
Shanshan Guo
6b7634890e [ALPS04475279] Revert Sepolicy:move type sysfs_mmcblk 
Revert "[ALPS04475279] Sepolicy:move type sysfs_mmcblk"

MTK-Commit-Id: 29c0cafecc272113f799b08271f1ad71fd5abb30

Change-Id: I7b9988640f621e1dfb7129d9bf21ca446e447d04
CR-Id: ALPS04475279
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 10:14:23 +08:00
Marx Chiu (邱弘志)
e73950065c Merge "[ALPS04566986] Fix cameraserver permission" into alps-trunk-q0.basic 
Change-Id: I524976ce8b9c63d1e2a62ae3ce8c475053d41d79
MTK-Commit-Id: b0fbfb81e7ee33becde7236dcd4887e472ce70c2
 2020-01-18 10:14:21 +08:00
Cheng Li
be2c30ed8e [ALPS04566986] Fix cameraserver permission 
[Detail]
allow permission of ioctl for cameraserver

[Solution]

MTK-Commit-Id: 01b85f4aed18628c9053fde9f4a2fd96509d49ec

Change-Id: Icddcd0e5eb51583d65aca6763d4b2f31683ffd7f
CR-Id: ALPS04566986
Feature: [Android Default] Camera Application Basic Functions
 2020-01-18 10:14:19 +08:00
Vincent Sung
d82b26fb4d Merge "[ALPS04578241] GPU: Enable selinux of apphint shared lib" into alps-trunk-q0.basic 
Change-Id: Ic766960e09bf93730eae6018a4e9fc71cef80bc1
MTK-Commit-Id: ce7fe4da2e609a39c1f6b36b436ca9a439629d84
 2020-01-18 10:14:18 +08:00
Eric Chung
96acf6341d [ALPS04578241] GPU: Enable selinux of apphint shared lib 
[Detail]
Enable selinux for dlopen new GPU shared lib in GPU driver

MTK-Commit-Id: 2085a1ed91111ea79d8a99d8aa8707deb9fdf4d3

Change-Id: Ia7b3b633da12027328fe978adf652fedd18ccb3b
CR-Id: ALPS04578241
Feature: OpenGL|ES
 2020-01-18 10:14:13 +08:00
Jianping Jiang
11f88203b8 [ALPS04255502] lbs_dbg: move lbs_dbg sepolicy to system 
Move lbs_dbg sepolicy to system for System/vendor Layer decouple

MTK-Commit-Id: a4638ef15ca2020d8f7eba6ab2d053d7716d0ad4

Change-Id: I4ecfb1276b47ec75bab4c72ff04ebeb035d757b3
CR-Id: ALPS04255502
Feature: Location Aiding
 2020-01-18 10:14:12 +08:00
Coboy Chen
e4381125dc Merge "[ALPS04327011] sepolicy: add ioctl defines" into alps-trunk-q0.basic 
Change-Id: I9356ac43defb39a173f59d56cca537ebd0746b58
MTK-Commit-Id: faf136f811e8fc992beb60254bc5c34ab423a2cd
 2020-01-18 10:14:11 +08:00
Coboy Chen
045348b627 [ALPS04327011] sepolicy: add ioctl defines 
Add ioctl defines of MMC and UFS for storageproxyd.

MTK-Commit-Id: b274b0af303546e3dedb47510ca2f43460ee3f33

Change-Id: I9af1c8904c44d1d773c1f7248ac945fe8a991888
Signed-off-by: Coboy Chen <coboy.chen@mediatek.com>
CR-Id: ALPS04327011
Feature: GenieZone
 2020-01-18 10:14:10 +08:00
Shanshan Guo
57056d7216 Merge "[ALPS04475279] Sepolicy:move type sysfs_mmcblk" into alps-trunk-q0.basic 
Change-Id: Ic0e05fe2193f56681534c162c5bda2099f642b43
MTK-Commit-Id: 7163ce9a190023ad740e736f212512815b23f8c3
 2020-01-18 10:14:09 +08:00
Shanshan Guo
54b1880fd1 [ALPS04475279] Sepolicy:move type sysfs_mmcblk 
[Detail]
sysfs_mmcblk is used by vendor & system process,
its type need to be moved to plat_public.

[Solution]
move type sysfs_mmcblk form non_plat to plat_public.

MTK-Commit-Id: 9221eb0ec44290e461e5602f7bfaf08b72994b4d

Change-Id: Ibe9a39e70e2071bfa9c88518fd34e232fc4844d6
CR-Id: ALPS04475279
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 10:14:07 +08:00
Seiya Wang
cfa7fc2798 Merge "[ALPS04361666] hal_bootctl_default: add permission" into alps-trunk-q0.basic 
Change-Id: Ib1679b854be96342c041b267d961bff687fdf058
MTK-Commit-Id: 43f805c7e7377791900f451efb0e1683d1ef8f80
 2020-01-18 10:14:06 +08:00
ryan-c.hsu
5bb4c4434f [ALPS04361666] hal_bootctl_default: add permission 
[Detail]
add permission to get boot_type

MTK-Commit-Id: fc9f66eee3c02575c4ef55812136ceee31dcf080

Change-Id: Ia783a03546f7c63d0190fb59a0bd815217b0af38
CR-Id: ALPS04361666
Feature: A/B System Updates
(cherry picked from commit 0feea4c29acf9f596373c0c1dc2e3afb11cdd2b7)
 2020-01-18 10:14:01 +08:00
Seiya Wang
ad89badb13 Merge "[ALPS04361666] add sys_rawio permission for user load" into alps-trunk-q0.basic 
Change-Id: I8f7a2001e3732748a922efb3d7cbc734f2dff7f4
MTK-Commit-Id: 521e2266317875a87e18db61209a5919d286dc58
 2020-01-18 10:14:00 +08:00
ryan-c.hsu
0235a29737 [ALPS04361666] add sys_rawio permission for user load 
[Detail]
user load is also need this permission to update boot slot

MTK-Commit-Id: 1d36ab48bb02c462f86732182cd15c2803efc524

Change-Id: If3ea6ef5e89c6beed827752b4ee777004b386647
CR-Id: ALPS04361666
Feature: A/B System Updates
(cherry picked from commit 91b20c70ead67f39b68a61648ed41c417d39adf2)
 2020-01-18 10:13:58 +08:00
Neng Kou
ba7500624e Merge "[ALPS04533784] Move sepolicy of cam cooler to bsp" into alps-trunk-q0.basic 
Change-Id: I77e3a7ad16f7160bdaae2376ccf67f7262f7d043
MTK-Commit-Id: 99c86f6f19543e4edfb81f3e7b1e73fec1a32b07
 2020-01-18 10:13:57 +08:00
Ian-Y Chen
817a9684d5 [ALPS04328846] power: add wifi permission 
[Detail]
Add wifi permission for PowerHAL

MTK-Commit-Id: 5b5ccb13e75e84bc72212f45996be381cd905136

Change-Id: I5f7672e8fdfd99f5c1c11cf448a7477b3a3d4b31
CR-Id: ALPS04328846
Feature: [Module]PowerHAL
 2020-01-18 10:13:57 +08:00
jhua.zhang
0986f7cfba [ALPS04533784] Move sepolicy of cam cooler to bsp 
[Detail]
Move camera coolers sepolicy to bsp/plat_private.
This reverts commit 869396b2725b78c55382a9f34b016b5236505965.

MTK-Commit-Id: 31387ebc1f29a342b39a8bd809cdc3f2f56c85fd

Change-Id: I64c36cefdefe72846971ec323cae0c6e89c675a1
Signed-off-by: jhua.zhang <jhua.zhang@mediatek.com>
CR-Id: ALPS04533784
Feature: Thermal Management
 2020-01-18 10:13:55 +08:00
dengwei.xu
c6ed642277 [ALPS04285435] EM hidl server sepolicy 
Fix the EM hidl server sepllicy build errro

MTK-Commit-Id: 8b95a2baf6f04fd1c8ec5fa6548f78203a581e3d

Change-Id: Iac820d493352c5d37991c23cb10c01f9615ed888
CR-Id: ALPS04285435
Feature: Engineering Mode
 2020-01-18 10:13:51 +08:00
GW Chen
c04d8c0283 Merge "[ALPS04421300] HIDL refining" into alps-trunk-q0.basic 
Change-Id: I8ecab5601ac1a7d6e94406cbd1868b5f6555dd15
MTK-Commit-Id: bcea8f14cfb619d4c4082bd3b4d27c1f32a72321
 2020-01-18 10:13:50 +08:00
mtk16965
314a88d69a [ALPS04421300] HIDL refining 
[Detail]
fix some error of HIDL

MTK-Commit-Id: c4b3c65a31fa7e181cd67064123a338e958ad066

Change-Id: Ic512b22308d788267c2e0049cc119b8ec506ed91
CR-Id: ALPS04421300
Feature: OpenGL|ES
 2020-01-18 10:13:49 +08:00
guanglai guo
6a377f89f8 [ALPS04579367] selinux: change bootprof target context 
change bootprof target context from proc to proc_bootprof,
for fixing bootprof caused permission issue.

MTK-Commit-Id: ea15ac71efba2703e15022ac79344c5cc2c93520

Change-Id: I1031f33200306ecb2edcf8c8c8fe7d1afa79b5ad
Signed-off-by: guanglai guo <guanglai.guo@mediatek.com>
CR-Id: ALPS04579367
Feature: Modem Interface Driver
(cherry picked from commit f6f909a3ecfa41b1633769f83282ffd9e2487937)
 2020-01-18 10:13:48 +08:00
Qian Dong
cb1094e975 Merge "[ALPS04577521] remove ro.vendor.mtk_wmv_playback_support property" into alps-trunk-q0.basic 
Change-Id: I8954fa076a07fda6e6c60d8af769142e4f2e5092
MTK-Commit-Id: 3f108f6389ae686aeea3af05a452aef5dc398386
 2020-01-18 10:13:47 +08:00
Yuxiu Zhang
db6b8b4297 [ALPS04577521] remove ro.vendor.mtk_wmv_playback_support property 
AP(MediaFile.java) do not need it from Android Q

MTK-Commit-Id: 796885860cf7c950e2ac5ebc4e0b3ee6996171c0

Change-Id: I7ca0d4827a88118e84b7c33687b1e7ca6897a185
CR-Id: ALPS04577521
Feature: ASF Playback
 2020-01-18 10:13:45 +08:00
zhiyong.wang
0f9a4e559f [ALPS04474673] allow vendor init write expdb 
[   34.641681] <0>.(7)[346:logd.auditd]type=1400
audit(1558666535.652:116): avc: denied { read write } for comm="init"
name="mmcblk0p4" dev="tmpfs" ino=14428 scontext=u:r:vendor_init:s0
tcontext=u:object_r:expdb_block_device:s0 tclass=blk_file permissive=0

allow vendor init write into expdb partition.

MTK-Commit-Id: f46025981c46c95f7cc42a3c1380cf71b686d1e6

Change-Id: I573ed127c93cd84d49042ae5671b19ca967dd2e1
CR-Id: ALPS04474673
Feature: Android Exception Engine(AEE)
 2020-01-18 10:13:41 +08:00
jhua.zhang
c95ef58ba5 [ALPS04533784] Thermal: add sepolicy for cam cooler 
[Detail]
Add sepolicy to allow camera app to access /proc/driver/cl_cam_status
for camera shutdown cooler.

MTK-Commit-Id: 869396b2725b78c55382a9f34b016b5236505965

Change-Id: Iadfcfb95923c15384c7a6508525b7167e1a6e16f
Signed-off-by: jhua.zhang <jhua.zhang@mediatek.com>
CR-Id: ALPS04533784
Feature: Thermal Management
 2020-01-18 10:13:40 +08:00
Yuhui Zhang
e11759c46c Merge "[ALPS04325771] [EM] power: search subpmic register" into alps-trunk-q0.basic 
Change-Id: I2457dcce47210ae66566ab1b551bcc2086d71f1a
MTK-Commit-Id: 9b8f930c6c741de7eb59cf0ce606817917721193
 2020-01-18 10:13:40 +08:00
Juan Rong
50e9eaca5b [ALPS04325771] [EM] power: search subpmic register 
EM need search subpmic register file

MTK-Commit-Id: bdbeb20b46586062dbeaa4337487b0780ded4429

Change-Id: I210c153ea810908d9aaa148fc231d4e2635c2665
CR-Id: ALPS04325771
Feature: Engineering Mode
 2020-01-18 10:13:38 +08:00