NekoSakura/android_device_mediatek_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,137 Commits 2 Branches 0 Tags
Commit Graph

14 Commits

Author SHA1 Message Date
Mike Hsieh
cff428b385 [ALPS04702268] Change sw_sync permission for 3rd party app access 
Change sw_sync permission for 3rd party app use.

MTK-Commit-Id: 756f028f822b28e5863c772c977f3fdfad1eb338

Change-Id: I5f1f4566e8d60b16fd300dc91ddba8cc6aa7e5c4
CR-Id: ALPS04702268
Feature: [Module]MDP Driver
(cherry picked from commit 8d036ea19e62d9f509f1c54d395d4a711b4a4bd7)
 2020-01-18 10:18:34 +08:00
Mike Hsieh
dc6c9adc15 [ALPS04672388] Change selinux permission for MDP user 
Change selinux permission for MDP user on /dev/mdp_sync

MTK-Commit-Id: a9c03563cf5e96815399788228dc62d18d88026e

CR-Id: ALPS04672388
Change-Id: I3622da7b8ba4151f9cf79e9d4d9c8f73109ef684
Feature: [Module]MDP Driver
 2020-01-18 10:16:18 +08:00
Shanshan Guo
b11cda4bfd [ALPS04640303] SEPolicy: Fix app violation 
[Detail]
There are some selinux violation for app in MTBF,
need to add some sepolicy for them.

[Solution]
1.Add sepolicy
2.Move sepolicy of untrusted_app_* to untrusted_app_*.te
3.Modify sepolicy

MTK-Commit-Id: 62b5c74c6d1d85acf0184fc18fca0b40c4a8e60c

Change-Id: Icac33ccc54b691ee0e4ab7088f77adb1c1a4a549
CR-Id: ALPS04640303
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 10:15:38 +08:00
Shanshan Guo
62cf1a413a [ALPS04639771] SEPolicy: Modify workaround 
[Detail]
There is a workaround for bring-up,
now it needs to be modified.

[Solution]
1.Split workaround to sepcial *.te
2.Modify ged sepolicy
3.Modify mistake
4.Add sepolicy

MTK-Commit-Id: 5a2b7e3fdc826a7ca6bc70a3810f14c1661e7d79

Change-Id: I0894de45e014a5eae754e35b57fbc9b21bc4bf90
CR-Id: ALPS04639771
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 10:15:29 +08:00
Shanshan Guo
2bd9ab2104 [ALPS04654001] SEPolicy: add ioctlcmd for app 
[Detail]
For Andorid Q, there is a more stringent restriction
for ioctl, app need to access pipe by ioctlcmd=0x5402.
avc: denied { ioctl } for comm="kd" path="pipe:[7173861]"
dev="pipefs" ino=7173861 ioctlcmd=0x5402
scontext=u:r:untrusted_app_25:s0:c512,c768
tcontext=u:r:untrusted_app_25:s0:c512,c768
tclass=fifo_file permissive=0 app=com.tencent.qqpimsecure

[Solution]
Add sepolicy for app to access pipe by ioctlcmd=0x5402

MTK-Commit-Id: d38b9f7f97aab7b23d80d0f3aac8e25a790c8c91

Change-Id: I5ac20bf2dffa0c297b32aaebd75db9e04c35cc79
CR-Id: ALPS04654001
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 10:14:59 +08:00
Shanshan Guo
38ae1361bf [ALPS04653992] SEPolicy: mmap permission for app 
[Detail]
In kernel 4.14, selinux security need to check if the process has the
map permission of mmap inode. App need the map permission to
read radio_data_file.

[Solution]
Add map permission for app to read radio_data_file.

MTK-Commit-Id: 698e603818ff37a59212a37a41ecbec8e8e30233

Change-Id: I8982ddbff40cfd7280c0a3dc5e8d2f6b6394e747
CR-Id: ALPS04653992
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 10:14:58 +08:00
Ian-Y Chen
9fcf99ba09 [ALPS04328846] power: refine sepolicy 
[Detail]
1. Add prefix PERFMGR for performance related ioctl
2. Add property permission for PowerHAL

MTK-Commit-Id: 91ef99a47ee2de3c48426298c9a67d5e4dd10a6b

Change-Id: I5979aefc7fb110ee540425bc53896babdcac08bd
CR-Id: ALPS04328846
Feature: [Module]PowerHAL
 2020-01-18 10:13:32 +08:00
Shanshan Guo
7010a1c7bd [ALPS04501651] Sepolicy: Kernel API dump 
[Detail]
For Andorid Q, there is a more stringent restriction
for ioctl, app need to access proc_ged by ioctlcmds.

[Solution]
Add sepolicy for app to access proc_ged by ioctlcmds.

MTK-Commit-Id: 630cfe13e5928346453bb3800b75439d5e9e1235

Change-Id: I1bde81017e78d5b70fc78dd5fa148667360d2af4
CR-Id: ALPS04501651
Feature: Power Management
 2020-01-18 10:13:20 +08:00
Zhongchao Xia
bed757c9c8 Merge "[ALPS04382560] MDP: open mdp device fail" into alps-trunk-q0.basic 
Change-Id: I32eb257de568b42ee3405d57bfeb1407addc0836
MTK-Commit-Id: 4c9bdb05011d86bf33434ada19b957201cfe69a2
 2020-01-18 10:12:33 +08:00
Zhongchao Xia
379de5a9b0 [ALPS04382560] MDP: open mdp device fail 
[Detail]
1. Change /proc/mdp/device to /dev/mdp_device
2. Modify kernel driver change device node
3. Modify init.rc change device owner
4. Add selinux policy

MTK-Commit-Id: 08cf6d6ee97647a5f1262f475b79b420b616e527

Change-Id: I2bd7ee983116294dd62f247a9d30a67655316bd8
CR-Id: ALPS04382560
Feature: [Module]MDP Driver
 2020-01-18 10:12:32 +08:00
Shanshan Guo
552d39bdd1 [ALPS04449311] SEPlolicy: for app to access ged by ioctlcmd 
[Detail]
For Andorid Q, there is a more stringent restriction for ioctl,
app need some permissions to access proc_ged by ioctlcmd.

[Solution]
Add sepolicy for app to access proc_ged by
ioctlcmd=GED_BRIDGE_IO_BOOST_GPU_FREQ.

MTK-Commit-Id: 1d7bd0172f33336abcc94349978bbbd008f5fe9d

Change-Id: I62f422f072dc0881ea4c9f082a4c548b7164d58d
CR-Id: ALPS04449311
Feature: Power Management
 2020-01-18 10:12:25 +08:00
Shanshan Guo
203b3d02de [ALPS04428389] SEPlolicy: for app to access ged by ioctlcmd 
[Detail]
For Andorid Q, there is a more stringent restriction for ioctl,
app need some permissions to access proc_ged by ioctlcmd.

[Solution]
Group existing sepolicies for different types app to access
proc_ged by ioctlcmd together in appdomain.

MTK-Commit-Id: e9ba9a00dbbc063388c8120048a72fd8f7ce497c

Change-Id: I24a4671259a68a0fda756d37c16b7e61801e6cc8
CR-Id: ALPS04428389
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 10:12:00 +08:00
Poting Chen
de970ad094 [ALPS04331194] FPSGO: add ioctl permission 
[Detail]
add FPSGO ioctl permission

MTK-Commit-Id: 4466c4e3c548c134be6939fa50e4c8d3f37a257a

Change-Id: I0c10abd0e780f764ff423442ea3d1b6ed66177c6
CR-Id: ALPS04331194
Feature: FPSGO
 2020-01-18 10:09:36 +08:00
Chunyan Zhang
37e0caa36e import from mediatek/master to mediatek/alps-mp-o1.mp1 
Change-Id: Ic78db8195c5c51f85c9c6fd3ef8333489afd6e79
MTK-Commit-Id: 848bf57127be9d01fd1df4aab95737855456afee
 2020-01-18 09:29:32 +08:00