Some rules is no need any more, need to remove it.
MTK-Commit-Id: 49685f1299d990a7195a2d54b955517d8f2cc699
Change-Id: I4a590ad781589cf94989ce72c88751ac10b82eae
CR-Id: ALPS03982747
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
[Detail]
Because Android P impose so many restrictions, it is difficult for
meta mode or factory mode to format partitions. A new design is
adopted as follows:
1. Meta mode or factory mode write all 0 to first 4KB of target
partition.
2. When entering kernel booting, the partition mount process in the
original init flow find that XXX partition is wiped and automatically
format XXX partition.
In step-1 described above, selinux rules shall be added for meta_tst or
factory.
In step-2 described above, selinux rules shall be added for mke2fs.
MTK-Commit-Id: 7e9bbd418ca6353ba89ecffdc016c78504583bf3
Change-Id: I3dd869c57107b0ebebf3134f69c50744df8f8ff9
CR-Id: ALPS03957630
Feature: SP META Tool
[Detail]
Fix tpd auto test fail in factory mode due to sysfs nodes
are not allowed to read directly.
[Solution]
update touch setting sysfs policy and add to factory mode
MTK-Commit-Id: d8733ca0938653098f5ec1f5462c1723d8f67894
Change-Id: I3fb6a46cfbf02fe050174501a2606404a53bb2ad
CR-Id: ALPS03869354
Feature: [Android Default] CapTouch
[Solution]
Factory mode should build in vendor partiton, so move
factory from system partition to vendor partition
MTK-Commit-Id: c55354593a97aed3af9d0b2584037d03d3d2669c
Change-Id: I5a607b60f9ac974380c5e440a6fa0c51797d6b1b
CR-Id: ALPS03932298
Feature: Factory Mode
[Detail]
In order to meet selinux limitation, storagemanagerd act as
vold context to mount storages
[Solution]
Add the following line in file_contexts.
/system/bin/storagemanagerd u:object_r:vold_exec:s0
MTK-Commit-Id: 0b309fd0afc84f3da0ea91a324dca6f824366537
Change-Id: I68e568b8e7d37d218ae88e82cdd509c32abaea66
CR-Id: ALPS03943904
Feature: Mobile Log Tool
[Detail]
Add setgid selinux rule for aee_core_forwarder to make it can add
group to avoid dac_override
MTK-Commit-Id: e25e5ae4c8f3b760c112efd8c8809d5e9790b967
Change-Id: I90a4af9b3fe86d7699f1fa3adbd9f402c4de88ac
CR-Id: ALPS03890586
Feature: Android Exception Engine(AEE)
[Detail] Move meta_tst from system to vendor
[Solution]
modify sepolicy/basic
MTK-Commit-Id: 4bac131e38e71904dfc6f69a0b1ec15f46a08881
Change-Id: I571edd67cf3f59c293aa2aa674292380b86fcf38
CR-Id: ALPS03909621
Feature: SP META Tool
[Detail] Because "ro.vendor.net.upload.benchmark.default"
is unlabeled property, so all use it will have name of
vendor_default_prop
[Solution] Need owner to relabel the property of
"ro.vendor.net.upload.benchmark.default"
MTK-Commit-Id: 3a772e2b252536c9bbe9829b75f3464c2df68248
Change-Id: I42f341bf01cea16a16a0e73d13e0c03b5c270dad
CR-Id: ALPS03825066
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
[Detail]
data_between_core_and_vendor_violators is used temporarily. We should
follow Android P SELinux rule to write sepolicy.
[Solution]
Remove data_between_core_and_vendor_violators from files which already
fix SELinux build errors
MTK-Commit-Id: 6a75842a96d8997bca10caf6ca4d5b4e7e8f68a4
Change-Id: I5e840fdf6b61d44860429a7e5c7e24c9a48a9c75
CR-Id: ALPS03800946
Feature: Treble
[Detail] System processes have no permission to access
vendor_default_prop
[Solution] Add get vendor_default_prop rule for system
processes
MTK-Commit-Id: ad4fb4d8ae4fb38767c16b82ce9d8351f5f59702
Change-Id: I31cf13db6b50a3cff193aa0a34bc1130e5b18942
CR-Id: ALPS03825066
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
[Detail]
Refine vibrator sysfs label, using aosp defined device
Moreover, move it to basic folder due to its basic used
MTK-Commit-Id: 41053b65c8c26973005988d1ad14208fff98fde6
Change-Id: I9ed6ece496ea1ffff9f777fb1f90c76638ad979f
CR-Id: ALPS03869354
Feature: [Android Default] Backlight
[Detail] System processes have no permission to access
vendor_default_prop
[Solution] Add get vendor_default_prop rule for system
processes
MTK-Commit-Id: 412119fb578fc32e9f046c09a13817cf3c755515
Change-Id: I791997e6bb44c61b69d32c6da0cc80c6f2a9759e
CR-Id: ALPS03825066
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
[Detail]
Move kisd from system to vendor and add keymanage hidl
[Solution]
Modify related sepolicy in device/mediatek/sepolicy/basic
MTK-Commit-Id: c1826ac0bdcc18a4e6d3298e73514801a35a09ad
Change-Id: Iee4b65ba5addc5a21de53e76d3bb092e2f37ab01
CR-Id: ALPS03853366
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
[Detail]
1. Add selinux right for MTKLogger to able to connect Bluetooth
via socket
2. Add selinux right for Bluetooth to set debug property for
MTKLogger state check
MTK-Commit-Id: db60d64b8ed91dfee48588fb5a32f2bedc2ba604
Change-Id: I31c5abb153c2bcd44a2dafca0f1f669e7310c3fe
CR-Id: ALPS03866092
Feature: BT AOSP
[Detail]
1. remove md_ctrl.te because we dont use md_ctrl in P.
2. remove debugfs_tracing policy
3. remove nvdata, protect_f, protect_s policy
MTK-Commit-Id: d4e5c9893970f0b214b518cba5f9300f130eace9
Change-Id: Iaafc30124fd69ef2b989b9e4e51d71a37d9571e9
CR-Id: ALPS03891225
Feature: Multi-Storage
[Detail]
1.Google add new neverallow rule for untrusted apps
2.The file/dir in /proc must associate with proc_type
[Solution]
1.Remove rules which violate google neverallow rules
about untrusted apps
2.Add proc_type attribute for file/dir on /proc
MTK-Commit-Id: b94412725e3a7b18db9573056c2fb43367989ed5
Change-Id: I89de16a65f05d052969c794604b9c372ed1ce7e1
CR-Id: ALPS03825066
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
[Detail]
Android has defined neverallow rules
to restrict direct access to system files.
We need to have a custom label for each policy.
[Solution]
Define custom label for drmserver
MTK-Commit-Id: c84c43b87a6ac2651a0562b8818bc66516e4a50b
Change-Id: Ide4fc49628508aee77e67f3213749210430153a3
CR-Id: ALPS02333452
Feature: OMA DRM V1.0
[Detail]
Mobile Log selinux rule porting:
1. fix the violation on P
2. relable some kernel interfaces.
MTK-Commit-Id: 4108ed13f3e7693c3642b6f073c5444f133b3c38
Change-Id: I1fac185779510f10b9b94bdf6ec40573237d846a
CR-Id: ALPS03886572
Feature: Mobile Log Tool
