/dev/ut_keymaster is used by keymaster. Label it and allow relevant permissions
which domains using it (vold, tee and keymaster) requires.
Denial observed without this change:
[ 46.666247] .(2)[399:logd.auditd]type=1400 audit(1609128921.744:392): avc: denied { ioctl } for comm="keymaster@3.0-s" path="/dev/ut_keymaster" dev="tmpfs" ino=17464 ioctlcmd=0x5402 scontext=u:r:hal_keymaster_default:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1
Test: Boot and notice that denial no longer appears
Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
Change-Id: Iee0126d637a139397db8857d8a780277c3ea4576
During init, vold needs rw permissions in order to manage block devices.
This change allows the required permissions.
Denial observed without this change:
[ 7.574441] .(1)[397:logd.auditd]type=1400 audit(1608975791.836:9): avc: denied { write } for comm="Binder:379_2" name="uevent" dev="sysfs" ino=35884 scontext=u:r:vold:s0 tcontext=u:object_r:sysfs_mmcblk:s0 tclass=file permissive=1
Test: Boot and observe that denial has disappeared
Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
Change-Id: I3fa256cf5957f0af3fa2628833820f0f9fcf298b
add some policy to prevent form selinux violation
when formatting as internal.
MTK-Commit-Id: 11a1e82eea3751a833fdf92aea8b31012f948bdc
Change-Id: I44ea4c0b3eb2699a51d0cdf3881e2b4971c0c3cd
CR-Id: ALPS04667690
Feature: [Android Default] Download Manager
create mdlog folder in data for meta mode
MTK-Commit-Id: 0996cc7cf243909b06862c32f11b43194f20ca0c
Change-Id: I4e0f5aaab5cf5b363a0214b5ea8ce6e994dec69f
CR-Id: ALPS04027460
Feature: Modem Log Tool
[Detail] Because "ro.vendor.net.upload.benchmark.default"
is unlabeled property, so all use it will have name of
vendor_default_prop
[Solution] Need owner to relabel the property of
"ro.vendor.net.upload.benchmark.default"
MTK-Commit-Id: 3a772e2b252536c9bbe9829b75f3464c2df68248
Change-Id: I42f341bf01cea16a16a0e73d13e0c03b5c270dad
CR-Id: ALPS03825066
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
[Detail] System processes have no permission to access
vendor_default_prop
[Solution] Add get vendor_default_prop rule for system
processes
MTK-Commit-Id: 412119fb578fc32e9f046c09a13817cf3c755515
Change-Id: I791997e6bb44c61b69d32c6da0cc80c6f2a9759e
CR-Id: ALPS03825066
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
[Detail]
1. remove md_ctrl.te because we dont use md_ctrl in P.
2. remove debugfs_tracing policy
3. remove nvdata, protect_f, protect_s policy
MTK-Commit-Id: d4e5c9893970f0b214b518cba5f9300f130eace9
Change-Id: Iaafc30124fd69ef2b989b9e4e51d71a37d9571e9
CR-Id: ALPS03891225
Feature: Multi-Storage
