1. We have too many config properties set by PRODUCT_PROPERTY_OVERRIDES,
and these properties usually are not sensitive and allow all processes to read.
2. Since Android P, properties should follow naming rule to add "vendor",
and then this will cause properties to be labeled as vendor_default_prop.
By default, coredomain is not granted to read vendor_default_prop.
Actually these properties are read widely from system/vendor processes.
3. So we introduce "mtk_default_prop" type that grant read access to
all processes, including system and vendor.
MTK-Commit-Id: 18077a2cb14b7b1ddadb7000e8abb565f0fd49e3
Change-Id: Ia378db3dbb9d0bf388139be3419e013228c79d6e
CR-Id: ALPS03934986
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
[Detail]
1. Backlight level test in factory mode fail due to no sepolicy
applied, and sysfs_leds is not allow to add to factory.te.
2. Vibrator test fail due to no corresponding selinux policy.
[Solution]
1. Using hidl for backlight in factory mode.
2. Add vibrator policy.
MTK-Commit-Id: 9470dca00da2fecfb373af94aae3502714d31ea3
Change-Id: I42cd45951054a267449e79f559b3761fce34d497
CR-Id: ALPS03869354
Feature: [Android Default] Backlight
[Detail]
Let lmkd visit systemServer, it will connect with duraspeed socket
MTK-Commit-Id: 51e15fadc8dbb29d3cd5578589666fed1b853162
Change-Id: Iaa127d47e737e82abe721a937d4373cc38978808
CR-Id: ALPS03949661
Feature: DuraSpeed
[Detail]
1.Property new change
neverallow coredomain from writing vendor properties
(allow audioserver_28_0 audiohal_prop (property_service (set)))
(allow audioserver_28_0 mtk_thermal_config_prop (property_service (set)))
audio_hal property which prefix is af. use to audiodump.
it will replace by the audio_prop which property prefix is vendor.af
before, mtk_thermal_config_prop use to set powerhal.
And we use it by HIDL now, so this permission can remove.
[Solution]
remove violate properties setting.
MTK-Commit-Id: 2942812bb4a57655898d407f84162fbdae9c3fc9
Change-Id: I1a01ddd8b83fa7eb0c499f67400660b738e9b986
CR-Id: ALPS03902666
Feature: [Module]Native AudioFlinger
[Solution]
Factory mode should build in vendor partiton, so move
factory from system partition to vendor partition
MTK-Commit-Id: c55354593a97aed3af9d0b2584037d03d3d2669c
Change-Id: I5a607b60f9ac974380c5e440a6fa0c51797d6b1b
CR-Id: ALPS03932298
Feature: Factory Mode
Change property name for new rule in P branch
MTK-Commit-Id: f6085b301d89b12bf36fd0d8fe2cea8144204bad
Change-Id: I0b9945db11eae1a1a59d201389ba001a18a3fc50
CR-Id: ALPS03934599
Feature: Connsys Log Tool
[Detail]
Rename CT VoLTE system property and allow other module to access
persist.vendor.mtk_ct_volte_support.
MTK-Commit-Id: bc5a52b6998d941aa12c7532f095d1a8c67d663f
Change-Id: I33881fd6684dc76e148ac4917e5c146f949e24f7
CR-Id: ALPS03929399
Feature: [China Telecom]VoLTE Customization
[Detail]
1. remove set vendor usb property
2. add set system usb property
MTK-Commit-Id: 993587b76581472ff751db17bb4f7210926c6342
Change-Id: Ib7da63617e3ac0c0f3fb271ef082db602d39ca37
CR-Id: ALPS03885057
Feature: Modem Log Tool
[Detail] As title
[Solution] As title
MTK-Commit-Id: 2e0d48205919bc075721a6470a4102a95cf841de
Change-Id: I88e7bdf77940d7d89379af3d73996d998235f093
CR-Id: ALPS03943803
Feature: [Android Default] Camera Application Basic Functions
System APP cannot set vendor property, and these
polices is not used. Just remove these policies.
MTK-Commit-Id: 0805ff18c4d4f90b2e9d2fdb97e1eff810ae5096
Change-Id: Ib07ef6d587d688246884fff6505434b7b7bc708c
CR-Id: ALPS03885471
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
[Solution]
Factory mode need to get com type is USB or UART, so add the
permission in factory.te
MTK-Commit-Id: aff8a941116fde70abd5c492fa084e74d927629e
Change-Id: I0b9206bda110b9dde77168db73a8378c4a571851
CR-Id: ALPS03928691
Feature: Factory Mode
[Detail] modify meta_tst.te and file.te
[Solution]
P Migration meta_tst get com port type/uart port info/boot mode/usb state/usb close
MTK-Commit-Id: 650d2e874dd8e73a5b79f911ba6bb6579c7819c1
Change-Id: Ie405027bcb4b567721c531a94a3a6247fa15689b
CR-Id: ALPS03888283
Feature: SP META Tool
[Detail] Vibrator has no right to access sysfs
[Solution] Add sysfs rule to vibrator te file
MTK-Commit-Id: 8c598697e8ea1c72ad9753fe706ab729ac7b47d7
Change-Id: Ib90a4681121ffe4ddbb0443c220b78f42e0de722
Signed-off-by: Qiangming Xia <qiangming.xia@mediatek.com>
CR-Id: ALPS03946622
Feature: [Module]Vibrator
[Detail]
selinux policy restrict access of /mnt/vendor, application
should add policy for the path
[Solution]
add new policy for /mnt/vendor
MTK-Commit-Id: a02d937c92f815a7e8f785abee7304a2f3f12cf9
Change-Id: I3221d0bcd13374e296c8d4923b4679f4904fb71f
Signed-off-by: Simfex Chiu <simfex.chiu@mediatek.com>
CR-Id: ALPS03940671
Feature: [Module]Wi-Fi HAL
[Detail]
BT vendor lib cannot read the valid BD address from nvram
since selinux violation.
Android P version changes nvdata path to /mnt/vendor/nvdata.
If want to open fstab when using nvram function, it needs
search policy.
[Solution]
allow mtk_hal_bluetooth mnt_vendor_file:dir search
MTK-Commit-Id: 24997cbec894555c537930fe9f10122c450a5e4f
Change-Id: I9279614b100a2675ca88264899125ed549d3301f
CR-Id: ALPS03943817
Feature: BT AOSP
