These policies are for system process, as a result,
move it to plat_private folder.
MTK-Commit-Id: 46e87002024d5675d566dd59f77cbde9c69bdd37
Change-Id: I9c2b72136d1f1c3062f0ac6b174c8334b1965e80
CR-Id: ALPS04649268
Feature: Mobile Log Tool
New feature:
Add selinux of HIDL service and client.
Use HIDL copy modem db and filter from vendor image
to data partition for modem log tool.
MTK-Commit-Id: 7fadaf0f2a60d05d7464264ef9e23a75ca27bb66
Change-Id: I12cc8614537f30e90a1717f9838c52283342eb55
CR-Id: ALPS04532537
Feature: Modem Log Tool
[Detail]
Only BASIC Sepolicy need to be applyed for BASIC,
we separate basic/bsp sepolicy for BASIC.
This workaround is for fixing the build errors that
cause by the declarations were defined in bsp/ dir
and neverallow rules.
MTK-Commit-Id: f1ed54e84b85f73e20dcc8c2ac5f0c42fddedc77
Change-Id: I568873fcc272d04b018efc4be00924b751bb3775
CR-Id: ALPS04340791
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
[Detail]
Add map permission for shell_exec to let Batterylog.java
can set command from shell.
Modify the permission list to rx_file_perms.
MTK-Commit-Id: d8f72393dddc2787c88bb2141594319bfe473e9a
Change-Id: I04b1b5c056223e30d5d8b6f8fe7a503afc28b521
CR-Id: ALPS04324880
Feature: Power Delivery
(cherry picked from commit 63fd26ecb2014b5a03db649b332858943a6893a9)
[Detail]
Fix build warning like:
WARNING unrecognized character at token ^M on line XXX:
[Solution]
Use dos2unix to update files
MTK-Commit-Id: 8285bcfe7a30349f3188c9b29e4b8da9ee2c1280
Change-Id: I7773e243028a2275d11782885b4bc299d5c5d043
CR-Id: ALPS04209994
Feature: build process
[Detail]add mota selinux linited
MTK-Commit-Id: 7762b88c2e81f42f95232f00c1c2cf0e81d47421
Change-Id: I5071ca451510cd14a8ccf53e8e77c3e77f50816b
Signed-off-by: mtk16229 <Heaven.Zhang@mediatek.com>
CR-Id: ALPS04112420
Feature: MOTA (Mediatek Over The Air)
[Solution] Make service auto run.
MTK-Commit-Id: 5e7859bac9dd91730634cfa9623936ee8f630fef
Change-Id: I6ae5c40a6d12d077bfe8093cdf7f4d9b32698a82
CR-Id: ALPS04085854
Feature: MTKLogger
(cherry picked from commit a8d2a91b7b056b3825e55dbbad4045dff361d08e)
Spending more bootup time after label kernel interface node
in file_contexts, there is another way to label kerner interface
node on genfs_contexts file. When move the label rule to
genfs_contexts file, the bootup time will speed more than 500ms.
MTK-Commit-Id: e237c9367e74f2953b843cc9224a98b4e7cfddbc
Change-Id: I1a1e369c3eaaf359c3bf7c051793a3ffba4c71fc
CR-Id: ALPS04017619
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
[Detail] aee_aedv_exec is defined in system.img, and when AOSP system.img
is replaced, cts will fail if aee_aedv_exev is referenced in vendor.img.
MTK-Commit-Id: 178b71c788561cea1336d2c62b67dd324ecf6e8b
Change-Id: I200ff7cd55597de05d5412677b140809e941a192
CR-Id: ALPS04056497
Feature: Android Exception Engine(AEE)
[Detail]
SEPolicy rule that put in plat_private folder will be placed in system image.
So, It will be overwrited after flashing GSI.
[Solution]
Move MTK rules to non_plat folder instead which will be placed in
vendor image.
MTK-Commit-Id: 91e5023b67f0ce18e5e364adce5da5413c71fc69
Change-Id: I372b059e44c4bbfd6d4a92a790846b2228213b88
CR-Id: ALPS03998186
Feature: Treble
Mobile_log_d exec logcat -L to get last Android Log
MTK-Commit-Id: e51d67ff3d1024ec236d26f66d5286a1aed6fb75
Change-Id: Id2f2aceb501a5324ff642f34455080ccbd54bf34
CR-Id: ALPS03997871
Feature: Mobile Log Tool
Some rules is no need any more, need to remove it.
MTK-Commit-Id: 49685f1299d990a7195a2d54b955517d8f2cc699
Change-Id: I4a590ad781589cf94989ce72c88751ac10b82eae
CR-Id: ALPS03982747
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
[Detail]
Because Android P impose so many restrictions, it is difficult for
meta mode or factory mode to format partitions. A new design is
adopted as follows:
1. Meta mode or factory mode write all 0 to first 4KB of target
partition.
2. When entering kernel booting, the partition mount process in the
original init flow find that XXX partition is wiped and automatically
format XXX partition.
In step-1 described above, selinux rules shall be added for meta_tst or
factory.
In step-2 described above, selinux rules shall be added for mke2fs.
MTK-Commit-Id: 7e9bbd418ca6353ba89ecffdc016c78504583bf3
Change-Id: I3dd869c57107b0ebebf3134f69c50744df8f8ff9
CR-Id: ALPS03957630
Feature: SP META Tool
[Detail]
Fix tpd auto test fail in factory mode due to sysfs nodes
are not allowed to read directly.
[Solution]
update touch setting sysfs policy and add to factory mode
MTK-Commit-Id: d8733ca0938653098f5ec1f5462c1723d8f67894
Change-Id: I3fb6a46cfbf02fe050174501a2606404a53bb2ad
CR-Id: ALPS03869354
Feature: [Android Default] CapTouch
[Solution]
Factory mode should build in vendor partiton, so move
factory from system partition to vendor partition
MTK-Commit-Id: c55354593a97aed3af9d0b2584037d03d3d2669c
Change-Id: I5a607b60f9ac974380c5e440a6fa0c51797d6b1b
CR-Id: ALPS03932298
Feature: Factory Mode
[Detail]
In order to meet selinux limitation, storagemanagerd act as
vold context to mount storages
[Solution]
Add the following line in file_contexts.
/system/bin/storagemanagerd u:object_r:vold_exec:s0
MTK-Commit-Id: 0b309fd0afc84f3da0ea91a324dca6f824366537
Change-Id: I68e568b8e7d37d218ae88e82cdd509c32abaea66
CR-Id: ALPS03943904
Feature: Mobile Log Tool
[Detail]
Add setgid selinux rule for aee_core_forwarder to make it can add
group to avoid dac_override
MTK-Commit-Id: e25e5ae4c8f3b760c112efd8c8809d5e9790b967
Change-Id: I90a4af9b3fe86d7699f1fa3adbd9f402c4de88ac
CR-Id: ALPS03890586
Feature: Android Exception Engine(AEE)
