[Detail]
There is a workaround for bring-up,
now it needs to be modified.
[Solution]
1.Split workaround to sepcial *.te
2.Modify ged sepolicy
3.Modify mistake
4.Add sepolicy
MTK-Commit-Id: 5a2b7e3fdc826a7ca6bc70a3810f14c1661e7d79
Change-Id: I0894de45e014a5eae754e35b57fbc9b21bc4bf90
CR-Id: ALPS04639771
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
Some rules is no need any more, need to remove it.
MTK-Commit-Id: 49685f1299d990a7195a2d54b955517d8f2cc699
Change-Id: I4a590ad781589cf94989ce72c88751ac10b82eae
CR-Id: ALPS03982747
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
[Detail]
1.Property new change
neverallow coredomain from writing vendor properties
(allow audioserver_28_0 audiohal_prop (property_service (set)))
(allow audioserver_28_0 mtk_thermal_config_prop (property_service (set)))
audio_hal property which prefix is af. use to audiodump.
it will replace by the audio_prop which property prefix is vendor.af
before, mtk_thermal_config_prop use to set powerhal.
And we use it by HIDL now, so this permission can remove.
[Solution]
remove violate properties setting.
MTK-Commit-Id: 2942812bb4a57655898d407f84162fbdae9c3fc9
Change-Id: I1a01ddd8b83fa7eb0c499f67400660b738e9b986
CR-Id: ALPS03902666
Feature: [Module]Native AudioFlinger
[Detail] Because "ro.vendor.net.upload.benchmark.default"
is unlabeled property, so all use it will have name of
vendor_default_prop
[Solution] Need owner to relabel the property of
"ro.vendor.net.upload.benchmark.default"
MTK-Commit-Id: 3a772e2b252536c9bbe9829b75f3464c2df68248
Change-Id: I42f341bf01cea16a16a0e73d13e0c03b5c270dad
CR-Id: ALPS03825066
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
[Detail] System processes have no permission to access
vendor_default_prop
[Solution] Add get vendor_default_prop rule for system
processes
MTK-Commit-Id: 412119fb578fc32e9f046c09a13817cf3c755515
Change-Id: I791997e6bb44c61b69d32c6da0cc80c6f2a9759e
CR-Id: ALPS03825066
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
[Detail]
remove workaround of data between core and vendor violator
1. remove audioserver.te violated setting
violated by allow audioserver nvdata_file:dir
violated by allow audioserver nvram_data_file:dir
violated by allow audioserver thermal_manager_data_file:dir
violated by allow audioserver mtk_audiohal_data_file:dir
violated by allow audioserver thermal_manager_data_file:file
violated by allow audioserver nvram_data_file:file
violated by allow audioserver nvdata_file:file
2. remove mtk_hal_audio.te violated setting
violated by allow mtk_hal_audio system_data_file:dir
violated by allow mtk_hal_audio media_rw_data_file:dir
violated by allow mtk_hal_audio radio_data_file:dir
violated by allow mtk_hal_audio radio_data_file:file
violated by allow mtk_hal_audio system_data_file:lnk_file
violated by allow mtk_hal_audio system_data_file:file
violated by allow mtk_hal_audio media_rw_data_file:file
audiohal_data_file is defined as core_data_file_type
it cant use in vendor partition. temporarily remove it.
MTK-Commit-Id: c0453cc6ede361322deb8f138055accc473511b8
Change-Id: I15649ad3351f1a7ee29956668862aad05efc0778
CR-Id: ALPS03898061
Feature: Phone Sound
Restore the policies accessing files labeled
as proc_xxx or sysfs_xxx, but there are some
exceptions for coredomain process, such as
meta_tst,dump_state,kpoc_charger
MTK-Commit-Id: 7953b5203bb3cac099c3326d330643b4cd73746d
Change-Id: I4b16c09c352891783e837bea370c264966ca6d13
CR-Id: ALPS03825066
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
