NekoSakura/android_device_mediatek_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
999 Commits 2 Branches 0 Tags
Commit Graph

39 Commits

Author SHA1 Message Date
Huaiming Li
6272c879bf [ALPS04719663] fix some avc denied issue 
update some sepolicy rules

MTK-Commit-Id: c1294d5ae7714677077e8d38c6c1624955816cdb

Change-Id: Id30499203b004677bf95b221195ef33749ec6a36
CR-Id: ALPS04719663
Feature: Android Exception Engine(AEE)
 2020-01-18 10:18:55 +08:00
Huaiming Li
8ed6a9057c [ALPS04719663] add sepolicy rules 
1.dump file: add adsp sepolicy rule for dumping log
2.allow vendor process ro read tracing_on file

MTK-Commit-Id: 954cb9410ded3baa31927881abbff963b5bba56d

Change-Id: Iab86bf588585b7d1b34d1c1fbc6fb5acce833267
CR-Id: ALPS04719663
Feature: Android Exception Engine(AEE)
(cherry picked from commit b0f133c03c3bf22d4794c16f1a2d98d95ad1b70d)
 2020-01-18 10:18:41 +08:00
MY Chuang
57a8f660be [ALPS04701006] mrdump: fix avc denied condition 
1. fix some avc denied condition caused by mrdump_tool.
2. merge the rule about mrdump in one area.

MTK-Commit-Id: c0d93f9196903a772ff1b318f153701714d28d80

Change-Id: I23082aac2d7b522a9f78426796b94de145374ed5
Signed-off-by: MY Chuang <my.chuang@mediatek.com>
CR-Id: ALPS04701006
Feature: Memory RAM Dump (MRDUMP)
 2020-01-18 10:18:16 +08:00
Jonas Lai
8d8e513025 [ALPS04314391] sepolicy: aee_aedv/dumpstate access to camerahalserver 
Allow aee_aedv/dumpstate to dump debug info from camerahalserver.

- SELinux : avc:  denied  { find } for
  interface=android.hardware.camera.provider::ICameraProvider
  sid=u:r:aee_aedv:s0 pid=23819 scontext=u:r:aee_aedv:s0
  tcontext=u:object_r:hal_camera_hwservice:s0
  tclass=hwservice_manager permissive=0

MTK-Commit-Id: 18210cf3984bd62caa334f28e45bb0f99500bac8

Change-Id: I291450101bd0ea94fca47b592cb1ef7ffb7f1ae4
CR-Id: ALPS04314391
Feature: [Android Default] Camera Application Basic Functions
 2020-01-18 10:18:07 +08:00
Stanley Chu
1a276c5460 [ALPS04682157] aee: ufs: Enable write permission for ufs_debug 
Enable write permission for /proc/ufs_debug to try to catch
precise UFS command history in erroneous scenes by:

- Stopping UFS command history immediately just after error
  (e.g., NE, JE ...etc.) happens.
- Re-starting UFS command history after UFS command history
  is dumped.

MTK-Commit-Id: 59f4a6c71850d7131cf6312e802124fe68a830c6

Change-Id: I738eff0040210b4a833f15af526c68282f697d5b
CR-Id: ALPS04682157
Feature: Android Exception Engine(AEE)
 2020-01-18 10:16:36 +08:00
mtk11285
a250fc423c [ALPS03806577] catch manual coredump fail 
add some rules for aee_aedv/aee_aed to read /proc/*/exe

MTK-Commit-Id: a1ee357e85a32beded54046bb1b638eb8fe4b3c9

Change-Id: Ideeb8002a9d1b9b166709442195124cce8e4e427
CR-Id: ALPS03806577
Feature: Android Exception Engine(AEE)
 2020-01-18 10:13:24 +08:00
James Hsu
61b25561f6 [ALPS04515390] mrdump: add sepolicy for mrdump partition 
[Detail]
Add sepolicy for aee access mrdump partition

error log:
mrdump partition /dev/block/platform/bootdevice/by-name/mrdump
 open failed (13), Permission denied

MTK-Commit-Id: f837dec83ec395bddca7806ef5ff2d35ed2f8f7a

Change-Id: Iad2414cdebb66cc3b7046fbe2570ea972101854a
Signed-off-by: James Hsu <james.hsu@mediatek.com>
CR-Id: ALPS04515390
Feature: Memory RAM Dump (MRDUMP)
 2020-01-18 10:13:21 +08:00
Robbin Chiu
7238f50dd0 [ALPS04419955] WMT: stp_dump moving to vendor 
[Solution]
Set SEPolicy for stp_dump

MTK-Commit-Id: 5caf8dd3780faaf3c8933406756ef7298560590c

Change-Id: I3f2ac66941eb5f54f4b2079fbeef15e1ebe1e2b6
Signed-off-by: Robbin Chiu <robbin.chiu@mediatek.com>
CR-Id: ALPS04419955
Feature: [Module]WMT Driver
 2020-01-18 10:12:09 +08:00
Huaiming Li
1bc79d92c7 [ALPS04424749] add aee_aedv allow rule 
add aee_aedv allow rule to map hwservicemanager_prop file in MTBF

MTK-Commit-Id: cedf4801cb6014d22b030b4b56740e2f04a20302

Change-Id: I8b701883eba743bfc6bc311526ab974a91a9803b
CR-Id: ALPS04424749
Feature: Android Exception Engine(AEE)
 2020-01-18 10:11:48 +08:00
HungWen Hsieh
2278c51caa [ALPS04419954] sync code from android p 
[Detail]
sync code from android p

MTK-Commit-Id: d0b19b83da618bab91caff90dbe9525f3f6a22a3

Change-Id: Ib664dbb0b8a1b69012fc81a2ad1bde770ccf478b
CR-Id:ALPS04419954
Feature:[Android Default] Camera Application Basic Functions
 2020-01-18 10:11:22 +08:00
Larry Liang
6247cd3587 Merge changes I4981c061,Ifc1ca446 into alps-trunk-q0.basic 
* changes:
  [ALPS04383536] debugfs_tracing_debug allow rule
  [ALPS04383536] AEE: add some new rules

Change-Id: I2fc6397bbdecfa58abec7702838f461560082fb7
MTK-Commit-Id: 1c3d1f9a790848826c31aef5ccfc23c410d90686
 2020-01-18 10:11:17 +08:00
Huaiming Li
2cd4f92785 [ALPS04383536] debugfs_tracing_debug allow rule 
add debugfs_tracing_debug allow rule for aee_aedv

MTK-Commit-Id: b41cff1758cf4f62b8e177cb51f885056b476f17

Change-Id: I4981c061795d745628eae68f56b8697990f8005f
CR-Id: ALPS04383536
Feature: Android Exception Engine(AEE)
 2020-01-18 10:11:12 +08:00
James Hsu
b2cea54f9d [ALPS04296234] mrdump_tool: apply new selinux policy 
[Detail]
Add new selinux policy to fix preallocate file failed

avc denied log
1. ioctl permission denied
mrdump_tool: type=1400 audit(0.0:517): avc: denied { ioctl }
for path="/data/vendor/dumpsys/mrdump_preallocated" dev="dm-0"
ino=1966 ioctlcmd=0x660b scontext=u:r:aee_aedv:s0
tcontext=u:object_r:aee_dumpsys_vendor_file:s0 tclass=file permissive=0

2. open /dev/block/platform/bootdevice/by-name/para fail
[SYSENV]sysenv_get_with_area():317 , get env name=mrdump_output
[SYSENV]get_env_info():217 , initialize
/vendor/bin/mrdump_tool: [libfs_mgr]Warning: unknown flag: resize
[SYSENV]get_partition_path():78 ,
partition path = /dev/block/platform/bootdevice/by-name/para
[SYSENV]read_env_area():136 ,
open /dev/block/platform/bootdevice/by-name/para fail: Permission denied
[SYSENV]get_env_info():238 , read_env_area fail

MTK-Commit-Id: 25a78a9e7e593ba2e376b2e243774d5b4dfc6205

Change-Id: I79c62a0f65e1781ca6d0c2eefe77078d168d146a
Signed-off-by: James Hsu <james.hsu@mediatek.com>
CR-Id: ALPS04296234
Feature: Memory RAM Dump (MRDUMP)
 2020-01-18 10:10:02 +08:00
mtk11285
85b3620577 [ALPS04325589] AEE: remove unuse rules 
1. remove unuse rules
2. allow dumpstate to r/w /proc/msdc_debug
3. allow aee_core_forwarder to access hwservicemanager_prop
4. allow aee_core_forwarder to connect aee_aed socket

MTK-Commit-Id: a43676c734f74636df65e59cdcace017eca79706

Change-Id: I3c45ed83499c0079b38af34cf462dcd80fec501d
CR-Id: ALPS04325589
Feature: Android Exception Engine(AEE)
 2020-01-18 10:09:44 +08:00
Juju Sung
9ca13651c2 [ALPS04239425] Sepolicy: remove neverallow rule 
[Detail]
app_zygote.te violated by allow app_zygote aee_aed:unix_stream_socket { connectto };
domain.te violated by allow aee_aedv debugfs:lnk_file { read };
We remove two policy to prevent build break.

MTK-Commit-Id: 7035ebb6f8308dc756848a173bb2a412d421f9b3

Test: Build only
Change-Id: I6b228a38d5953e2ceaa41c4193d2bf6c14bee581
CR-Id: ALPS04239425
Feature:Android Exception Engine(AEE)
 2020-01-18 10:08:09 +08:00
Juju Sung
12bc2025e2 [ALPS04239425] Sepolicy: fix undefined type declration 
[Detail]
Unknown type:untrusted_v2_app,alarm_device,qtaguid_proc,mtd_device
Duplicated type:proc_slabinfo

MTK-Commit-Id: 11ccfcffb994452eb58a697e94a8da748ac73933

Change-Id: I2e847041d14d6b6613044cfaa98f242b7fd9381a
CR-Id: ALPS04239425
Feature: Build System
 2020-01-18 10:08:05 +08:00
mtk11285
c54cc72936 [ALPS04036690] add selinxu rules 
[Detail]
1. relable /proc/chip/info and replace /proc/chip/hw_ver lable
2. add "allow aee_aed sysfs_leds:dir search" for red screen

MTK-Commit-Id: 9a2bac1e41aad51276011d48a65fc58fa16d2fc9

Change-Id: Ifdfb536a9fb763301960b4e771e50c0c49636e7e
CR-Id: ALPS04036690
Feature: Android Exception Engine(AEE)
 2020-01-18 10:06:25 +08:00
Dennis YC Hsieh
28cf5af63a [ALPS04023420] cmdq: CMDQ_STATUS not gen in db 
Miss rule in aee_aedv.te and cause cmdq status blocking by rule.
Add rule and fix name typo.

MTK-Commit-Id: 589feaa73ff62b1893f30d5e4b1ce02d34c94edf

Change-Id: I046f73e29f404cb51908f8191599cb46a7c1399d
Signed-off-by: Dennis YC Hsieh <dennis-yc.hsieh@mediatek.com>
CR-Id: ALPS04023420
Feature: Android Exception Engine(AEE)
 2020-01-18 10:06:20 +08:00
mtk11285
898cb3b8d6 [ALPS04036690] add rules for aee_aedv 
[Detail] allow aee_aedv self to dac_read_search/dac_override

MTK-Commit-Id: cf646ab67380ac79a9a7e9894499ee92ee652ee8

Change-Id: Iaab78f32e762efc7ac522976cfe7e96643f642f8
CR-Id: ALPS04036690
Feature: Android Exception Engine(AEE)
 2020-01-18 10:05:51 +08:00
Stephen Chen
246e5b5057 [ALPS03738758] Audio: Add Hifi3 adsp device info 
[Detail]
Add sepolicy access right for Hifi3 adsp device.
Mobilelog and AED will need these access right.

MTK-Commit-Id: 06ac39d7cebbab2bcb3468fcf14f19b7e1489819

Change-Id: Ic834ac687b4423500ef6036824a6d6f75e57ccb3
CR-Id: ALPS03738758
Feature: [Module]Audio OpenDSP
 2020-01-18 10:05:34 +08:00
Christopher Chen
cf8b0fcdd5 [ALPS03595410] VPU: patch sync from o1.mp1 
[Detail] sync from o1.mp1

[Solution]
1. add sepolicy for debug file

MTK-Commit-Id: 17203252c8bbb77792b32aa5f04ede3408e18e0d

Change-Id: I5fb01a274e2a795612c7c64038b2cb9b49802129
CR-Id: ALPS03595410
Feature: [Android Default] Camera Application Basic Functions
(cherry picked from commit 2cdafad54592601280163dc9ee8f581661657755)
 2020-01-18 10:04:27 +08:00
mtk11285
eb025d3be3 [ALPS03948310] vendor/system property split 
[Detail]
1. vendor/system property split
2. add selinux rule about aee hidl service

MTK-Commit-Id: 4e654c789c95ca8851d8aaae2c643a08a00bb4e0

Change-Id: Ifc8eed74558a3ae83789798e99e21eafead2089b
CR-Id: ALPS03948310
Feature: Android Exception Engine(AEE)
(cherry picked from commit 8b81da18cfa29378d01ebf5be9b39e641a202c64)
 2020-01-18 10:03:12 +08:00
mtk12101
722798a334 [ALPS03982747] Remove unused sepolicy rules 
Some rules is no need any more, need to remove it.

MTK-Commit-Id: 49685f1299d990a7195a2d54b955517d8f2cc699

Change-Id: I4a590ad781589cf94989ce72c88751ac10b82eae
CR-Id: ALPS03982747
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 10:02:25 +08:00
mtk12101
6c68a34641 [ALPS03982747] Remove unnecessary violators 
Remove violators of system_executes_vendor_violators
in all .te files for Google rule.

MTK-Commit-Id: 2ea1f525e8cd6ef3cda981b2a47eabc4582fe767

Change-Id: I3940095186b1a530e7ed442cc34658c2317b9a89
CR-Id: ALPS03982747
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 10:01:50 +08:00
Stanley Chu
04cfd4136d Merge "[ALPS03866203] pidmap: Add SELinux policy for Android P" into alps-trunk-p0.basic 
Change-Id: I0817c4598a66bba6365e5a3b60d1227d15b22a0c
MTK-Commit-Id: af3963de74153a8ad057979afc7c3d0a199e4107
 2020-01-18 09:58:23 +08:00
Stanley Chu
f98f18c9c8 [ALPS03866203] pidmap: Add SELinux policy for Android P 
[Detail]
Add SELinux policy for Android P:
Allow aee_aedv and dumpstate to read pidmap proc file.

MTK-Commit-Id: 16f120df6c33e20cdb0ce7f8c2040356ffecf02a

Change-Id: If1aa665003f70a2621687fcf291433d80f0d54d3
CR-Id: ALPS03866203
Feature: Android Exception Engine(AEE)
 2020-01-18 09:58:17 +08:00
mtk11285
27697efd23 [ALPS03841705] temp solution about getting user load DB 
[Detail]
copy /data/vendor/mtklog/aee_exp/db.* to /sdcard/mtklog/aee_exp

MTK-Commit-Id: cf04e73ff27d6d1b2fba34ea3be11e5b2b095c0a

Change-Id: Iba2dcf15d6738ab309eaae5077e1875b4147cc52
CR-Id: ALPS03841705
Feature: Android Exception Engine(AEE)
 2020-01-18 09:54:52 +08:00
Larry Liang
414d985a6b Merge "[ALPS03841705] AEE porting on Android P about selinux" into alps-trunk-p0.basic 
Change-Id: I5f57fbeca5c38a70e55a6a8d1d6e5e0cd51e9d98
MTK-Commit-Id: ccfbd36043a9be458e28c37d69ec2ce8ffaf5937
 2020-01-18 09:52:49 +08:00
mtk11285
c058e72a5b [ALPS03841705] AEE porting on Android P about selinux 
[Detail] add some rules

MTK-Commit-Id: 350fa2869fe9390bcb7ca562af5230a2ad711640

Change-Id: Ib4966ae42233270eb7a65ab036903791767b5ec8
CR-Id: ALPS03841705
Feature: Android Exception Engine(AEE)
 2020-01-18 09:52:43 +08:00
Peter Wang
8183941448 [ALPS03901606] eMMC&UFS : Combo feature 
[Detail]
1. Change type name from sysfs_boot to sysfs_boot_mode
2. Add type name sysfs_boot_type

MTK-Commit-Id: 54d5bb31fc8ad1d9ac2e931fe5dc01ef4c1083cf

Change-Id: I445ecdf5a5e334a49ccc1d747daa87f6be351d20
Signed-off-by: Peter Wang <peter.wang@mediatek.com>
CR-Id: ALPS03901606
Feature: UFS Booting
 2020-01-18 09:52:26 +08:00
mtk11285
628e0eccb8 [ALPS03841705] AEE porting on Android P about selinux 
[Detail]
1. add some rules
2. temp solution for getting ro.*.mediatek.version.branch/ ro.*.mediatek.version.release property

MTK-Commit-Id: 12c4d79a10293c4611233c985c29dca94f6e24ae

Change-Id: Ice4d565664f95a456f985ed138f302fe7ac4dbff
CR-Id: ALPS03841705
Feature: Android Exception Engine(AEE)
 2020-01-18 09:50:43 +08:00
mtk12101
b086e609ac [ALPS03825066] Remove unused sepolicy 
[Detail] Because "ro.vendor.net.upload.benchmark.default"
is unlabeled property, so all use it will have name of
vendor_default_prop

[Solution] Need owner to relabel the property of
"ro.vendor.net.upload.benchmark.default"

MTK-Commit-Id: 3a772e2b252536c9bbe9829b75f3464c2df68248

Change-Id: I42f341bf01cea16a16a0e73d13e0c03b5c270dad
CR-Id: ALPS03825066
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 09:50:11 +08:00
mtk11285
a76cdd9cee [ALPS03841705] AEE porting on Android P about selinux 
[Detail]
1. add some rules
2. transfer aee_core_forwarder domain form kerenl to aee_core_forwarder

MTK-Commit-Id: 7ad2c5df75565153ccec471f0eb2224c912515cd

Change-Id: I9b576e3937d04b5848baeb156718d0469fa05a75
CR-Id: ALPS03841705
Feature: Android Exception Engine(AEE)
 2020-01-18 09:48:59 +08:00
mtk12101
78d7f51370 [ALPS03825066] Fix boot fail 
[Detail] System processes have no permission to access
vendor_default_prop

[Solution] Add get vendor_default_prop rule for system
processes

MTK-Commit-Id: 412119fb578fc32e9f046c09a13817cf3c755515

Change-Id: I791997e6bb44c61b69d32c6da0cc80c6f2a9759e
CR-Id: ALPS03825066
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 09:47:42 +08:00
mtk11285
457f1855f1 [ALPS03841705] AEE porting on Android P 
[Detail]
1. modify property according to P rule
2. add some selinux rules
3. relable /proc/slabinfo /proc/zraminfo

MTK-Commit-Id: aa654138c8b48d223b614c81d2f39d7cd6eedd1f

Change-Id: Ib47383553b0d320d3766780f35c397be60dc1339
CR-Id: ALPS03841705
Feature: Android Exception Engine(AEE)
 2020-01-18 09:35:48 +08:00
mtk11285
3f1078bbd4 [ALPS03841705] fix the violation during Android P migration 
[Detail] fix the violation during Android P migration

MTK-Commit-Id: 7dae33f4c7435a7eeae86a738d88dc6c3e52e3c3

Change-Id: I1000b278dd411438bf43ca0bda22d83aab52616f
CR-Id: ALPS03841705
Feature: Android Exception Engine(AEE)
 2020-01-18 09:30:11 +08:00
Bo Ye
5849c224e3 [ALPS03825066] P migration selinux build failed fix 
1. Mark polices which accessing proc/sysfs file system
    2. Add violator attribute to modules violate vendor/system rule.

MTK-Commit-Id: 3954cad7a1428cda694d8428c2235a78aa6e7cc8

Change-Id: I401ae5b87eb9a03f324bef83c6678149606b15a8
CR-Id: ALPS03825066
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 09:29:36 +08:00
mtk12101
bbecfaa68b [ALPS03825066] Resolve vendor violates 
[Detail] Google add new neverallows rules on android P,
some rule violate the rules

[Solution] Remove the rules which violate google new rules

MTK-Commit-Id: ff683b4eee0a6dd95ff25fbb6c7d1fc3a79c604d

Change-Id: Iead494212c6adcec234eaef14c83d1f8c7a49deb
CR-Id: ALPS03825066
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 09:29:34 +08:00
Chunyan Zhang
37e0caa36e import from mediatek/master to mediatek/alps-mp-o1.mp1 
Change-Id: Ic78db8195c5c51f85c9c6fd3ef8333489afd6e79
MTK-Commit-Id: 848bf57127be9d01fd1df4aab95737855456afee
 2020-01-18 09:29:32 +08:00