[Detail]
Google introduced new neverallow rule for restricting core_domain &
non-core_domain communication via data partition.
This patch removes MTK sepolicy rules which violate neverallow rule.
MTK-Commit-Id: 2f3ae1f106cdf28f00ee75638dd77fd8242f9746
Change-Id: If6c64eec4f3cf5760988e3c266da83d1d93e649f
CR-Id: ALPS03897468
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
[Detail]
remove workaround of data between core and vendor violator
1. remove audioserver.te violated setting
violated by allow audioserver nvdata_file:dir
violated by allow audioserver nvram_data_file:dir
violated by allow audioserver thermal_manager_data_file:dir
violated by allow audioserver mtk_audiohal_data_file:dir
violated by allow audioserver thermal_manager_data_file:file
violated by allow audioserver nvram_data_file:file
violated by allow audioserver nvdata_file:file
2. remove mtk_hal_audio.te violated setting
violated by allow mtk_hal_audio system_data_file:dir
violated by allow mtk_hal_audio media_rw_data_file:dir
violated by allow mtk_hal_audio radio_data_file:dir
violated by allow mtk_hal_audio radio_data_file:file
violated by allow mtk_hal_audio system_data_file:lnk_file
violated by allow mtk_hal_audio system_data_file:file
violated by allow mtk_hal_audio media_rw_data_file:file
audiohal_data_file is defined as core_data_file_type
it cant use in vendor partition. temporarily remove it.
MTK-Commit-Id: c0453cc6ede361322deb8f138055accc473511b8
Change-Id: I15649ad3351f1a7ee29956668862aad05efc0778
CR-Id: ALPS03898061
Feature: Phone Sound
[Detail] Property rename in sepolicy
[Solution]
According P property rule
MTK-Commit-Id: dccca517eb8386e9e509da7461dddd82e3cbb06d
Change-Id: I9b38830f8792d40c954f251656d5623bb6c731c6
CR-Id: ALPS03888283
Feature: SP META Tool
[Detail]
Move MTK mount point to /mnt/vendor
MTK-Commit-Id: b82563f14020ab90a563ec3c9ce14e6c3bbe7531
Change-Id: I8699303125d48589baf0f2b768cf66b848da7357
CR-Id: ALPS03892700
Feature: eMMC Boot Up
[Detail] vendor binary cannot set debug_prop
after enabling PRODUCT_COMPATIBLE_PROPERTY_OVERRIDE
[Solution] Mark it
MTK-Commit-Id: ab4a34b8a5afdef574ac2f42464925832328d48b
CR-Id: ALPS03881723
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
Change-Id: I9bed16503eb2d1e3f31f1225d58c99b42ca61940
[Detail]
1. remove md_ctrl.te because we dont use md_ctrl in P.
2. remove debugfs_tracing policy
3. remove nvdata, protect_f, protect_s policy
MTK-Commit-Id: d4e5c9893970f0b214b518cba5f9300f130eace9
Change-Id: Iaafc30124fd69ef2b989b9e4e51d71a37d9571e9
CR-Id: ALPS03891225
Feature: Multi-Storage
[Detail]
AOSP has defined neverallow rules
to restrict direct access to system files.
[Solution]
Since MTK does not use "/data/misc/bluedroid/" to
store BT address. It should be alright to remove
this kind of thing.
MTK-Commit-Id: 5b3aae9aebd39c24a3846c27c7ca9fceda9513d3
Change-Id: I5a8420e9f5259259b2bd11a6da033a140f0bea7c
CR-Id: ALPS03893095
Feature: BT Chipset Capability
[Detail]
Android has defined neverallow rules
to restrict direct access to system files.
We need to have a custom label for each policy.
[Solution]
Define custom label for drmserver
MTK-Commit-Id: 996de9ff486db13908f6d58b476613957d4f336d
Change-Id: I34c8d86c1baf9daa02e29323007e4136c6048b31
CR-Id: ALPS02333452
Feature: OMA DRM V1.0
[Detail]
1.Google add new neverallow rule for untrusted apps
2.The file/dir in /proc must associate with proc_type
[Solution]
1.Remove rules which violate google neverallow rules
about untrusted apps
2.Add proc_type attribute for file/dir on /proc
MTK-Commit-Id: b94412725e3a7b18db9573056c2fb43367989ed5
Change-Id: I89de16a65f05d052969c794604b9c372ed1ce7e1
CR-Id: ALPS03825066
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
[Detail]
Android has defined neverallow rules
to restrict direct access to system files.
We need to have a custom label for each policy.
[Solution]
Define custom label for drmserver
MTK-Commit-Id: c84c43b87a6ac2651a0562b8818bc66516e4a50b
Change-Id: Ide4fc49628508aee77e67f3213749210430153a3
CR-Id: ALPS02333452
Feature: OMA DRM V1.0
[Detail]
Mobile Log selinux rule porting:
1. fix the violation on P
2. relable some kernel interfaces.
MTK-Commit-Id: 4108ed13f3e7693c3642b6f073c5444f133b3c38
Change-Id: I1fac185779510f10b9b94bdf6ec40573237d846a
CR-Id: ALPS03886572
Feature: Mobile Log Tool
[Detail] Modify meta_tst.te for Android P
[Solution]
Add comport type and uart info sepolicy
MTK-Commit-Id: b2f1a2b46f1bc8135b98dd306ff4353b3ba5383f
Change-Id: Ib40eb5e5a9512d7d33b25b191e04eab9684fe121
CR-Id: ALPS03888283
Feature: SP META Tool
[Detail] Vendor partition shouldnt access aosp defined property
which is not in whitlist. So remove the related changes of labeled
aosp property.
This reverts commit 9d534a80d67e7457a1411b8b36249898ed4c6986.
This reverts commit 901fb42d2e3856a139b90420922f558d7231ea7d.
This reverts commit 41dc8fb567b409e149e59f4f514268ca5883c7ab.
[Solution] Remove label of ro.sf.lcd_density.
MTK-Commit-Id: 02cf063b8407a9d9242f064c86767200e9c0ac0a
Change-Id: I02dcc2fa3fda95c498f0ef70d9aa6bd9224d3b02
CR-Id: ALPS03869840
Feature: [Module]SurfaceFlinger/HWComposer
