NekoSakura/android_device_mediatek_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,146 Commits 2 Branches 0 Tags
Commit Graph

1146 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jimmy Lai
b1dfbc5f60 [ALPS04763260] Fix Permission 
add sysfs_device_tree_model sepolicy
/firmware/devicetree/base/model

MTK-Commit-Id: 1b81ac4c2d260969ee02b1ffa81cf0bdfb99d019

Change-Id: I9c9bc011ec7f35a264af3bee6340991e9c2a2bec
CR-Id: ALPS04763260
Feature: [Module]Video Driver
 2020-01-18 10:20:28 +08:00
bo.shang
53a2892e48 [ALPS04788229] Add selinux permssion 
could read persist.sys. property

MTK-Commit-Id: 266f05feffaee309566f7d7410f7a00463457ff6

Change-Id: I380ef42f2549eca315fb9c69bf03bee097a18f08
CR-Id: ALPS04788229
Feature: Modem Log Tool
 2020-01-18 10:20:25 +08:00
Cosmo Sung
d5f4f31ade [ALPS04773384] SeLinux permission 
Remove general socket permission.

MTK-Commit-Id: 82b1e7c7fdc88ecec8fe72e2dc97023feda7f932

Change-Id: I48cb912ae8aa3480476dd451d7ebb0657a1c3793
CR-Id: ALPS04773384
Feature: DSDS (Dual SIM Dual Standby) Framework-Common Framework(RIL)
 2020-01-18 10:20:24 +08:00
jerry-sc.wu
31f4d86bf1 [ALPS04763250] Thermal: SEPolicy de-risk 
[Detail]
1. using set_prop for SEPolicy optimize.
2. modify high risk sysfs write operation for security.

MTK-Commit-Id: 48b34c3013d5402a3d6253945d3b41a148f0d167

Change-Id: I9657ab3f5eee2616f452a442fb6201779edd831c
Signed-off-by: jerry-sc.wu <jerry-sc.wu@mediatek.com>
CR-Id: ALPS04763250
Feature: Thermal Management
 2020-01-18 10:20:24 +08:00
Ian-Y Chen
c947a234d9 [ALPS04760762] power: remove high risk policy 
[Detail]
Remove procfs and sysfs root permission

MTK-Commit-Id: 1af6e86e9f71ef919ec46a7eda2f2901a5c63a80

Change-Id: I3ddea266511017eba1b51d7879be3a5a81b497e6
CR-Id: ALPS04760762
Feature: [Module]PowerHAL
 2020-01-18 10:20:20 +08:00
Wilma wu
854a8b9f99 [ALPS04387262] RTC: label sysfs_rtc files 
fix hctosys permission.

MTK-Commit-Id: 58c00437a1e1bd2c06f4745ce38c505f36ea32e4

Change-Id: I878a9bbe0f3d42d2dd3e205c3bcc2108c8976889
Signed-off-by: Wilma wu <wilma.wu@mediatek.com>
CR-Id: ALPS04387262
Feature: RTC-Power Drop Auto Reboot
 2020-01-18 10:20:20 +08:00
Guoyi Qu
dab7fbe9a1 [ALPS04727197] Add permission 
Add permission to save logs to special folder

MTK-Commit-Id: 51c58a7b5b66247b1ab454f71e6cc721ff83f61f

Change-Id: I00b58af1ae46842c84f183c2154583e59e98199b
CR-Id: ALPS04727197
Feature: Modem Log Tool
 2020-01-18 10:20:16 +08:00
Huaiming Li
ebb30438c8 [ALPS04776332] fix google dumpstate avc issue 
[Detail]
09-05 15:58:31.552000  9693  9693 W df      : type=1400 audit(0.0:990):
avc: denied { search } for name="expand" dev="tmpfs" ino=10779
scontext=u:r:dumpstate:s0 tcontext=u:object_r:mnt_expand_file:s0 tclass=dir permissive=0

[Solution]
add sepolicy rule:
allow dumpstate mnt_expand_file:dir search;

MTK-Commit-Id: 2117b8897e13ad2e52f8f7b9b16532e20cc8f477

Change-Id: I428cc52d30c3396d9d355af286bcdaa94d170eec
CR-Id: ALPS04776332
Feature: Android Exception Engine(AEE)
 2020-01-18 10:20:13 +08:00
yuhui.zhang
92bb4e88bb [ALPS04316338] Fix wcn coredump JE problem 
[Detail]
Wcn coredump move to vendor on Android Q. EM need to set property by
vendor hidl

MTK-Commit-Id: 7b93a89746c7d9f5c2672418babb22c9a23513b0

Change-Id: I9ff4d54918c9becab9dcaaae9f5cbb3d04d17ac6
CR-Id: ALPS04316338
Feature: Engineering Mode
 2020-01-18 10:20:13 +08:00
Jun Zhao
655451ea9e [ALPS04768250] occur fatal SWT when have some proccess in background 
Add policy for wfd & HDMI

MTK-Commit-Id: d45ac4bdc336432a8d59d9bf2ec09d2954a39988

Change-Id: I7e36f4c93131b98d9e6273e7b410c0b59866ec0a
CR-Id: ALPS04768250
Feature: Wi-Fi Display
 2020-01-18 10:20:12 +08:00
Yifei Qiao
dd08af703d [ALPS04775042] Fix install drm key sepolicy error 
Fix install drm key sepolicy error

MTK-Commit-Id: e3c03327cba36fb5fc352203f0bbe8337316e5ae

Change-Id: I8e418d69dcdf5838cd94f242055526c7f897f9ab
CR-Id: ALPS04775042
Feature: [Module]keymaster
 2020-01-18 10:20:09 +08:00
Juju Sung
1dbf2b6dff [ALPS04387792] BGService: add sepolicy permission 
[Detail]
1. add BGService sepolicy permission

MTK-Commit-Id: 136f9e6df88b8e10652a3393405737b20e986f51

Change-Id: I62a077fbadd17a865c21e8c1551b2202d10bc6ce
CR-Id: ALPS04387792
Feature: [Android Default] Camera Application Basic Functions
 2020-01-18 10:20:09 +08:00
swintegrator
8d9e4a522f [ALPS04784782] Add SELinux sepolicy for TEEI OS communication 
Add hal_graphics_allocator_default SELinux sepolicy to
enable normal/secure world communication.

This is used for secure memory allocation from graphics allocator HAL
to TEEI OS.

MTK-Commit-Id: a47f2e49b8c563fdc457443e46af591a2691a441

Change-Id: I2bdc87303310f5acdd85f0491e58644b26963838
CR-Id: ALPS04784782
Feature: Microtrust TEEI
 2020-01-18 10:20:08 +08:00
yizheng.yang
51885451fa [ALPS04781447] Add selinux permission 
Add permission for atcid

MTK-Commit-Id: e4ab92c694185c03bbcc792fed84fdeaf0013409

Change-Id: Ib7f76d8c5f03da070559f8f73de6f611367b96a6
CR-Id: ALPS04781447
Feature: [Module]ATCI (AT Command Interface)
 2020-01-18 10:20:05 +08:00
Nancy Huang
9e238bfba9 [ALPS04760196] audioserver: fix high risk sepolicy 
[Detail]
1. Remove system_data_file access rule
2. Remove socket access in audioserver

MTK-Commit-Id: 53231b8b52745a21cc302833524911c55bab4960

Change-Id: I661f78bfbe0377bf88445494af0f33edb5f4fef7
CR-Id: ALPS04760196
Feature: [Module]Proprietary Audio Utility
 2020-01-18 10:20:04 +08:00
otis.huang
ae6fbad5e9 [ALPS04387792] BGService: add sepolicy permission 
[Detail]
1. add BGService sepolicy permission

MTK-Commit-Id: f5832af535feb84ff9f94ae25eb02fc6f5959762

Change-Id: I22a1e8d6e17a2f455771adf677d2ce8cb32e6550
CR-Id: ALPS04387792
Feature: [Android Default] Camera Application Basic Functions
 2020-01-18 10:20:04 +08:00
yizheng.yang
1a9ed28058 [ALPS04760107] Fix high risk selinux 
Fix high risk selinux in atci

MTK-Commit-Id: 920482c8d6406a57b2b653e98b8b28c30c2e6d1b

Change-Id: I6cbd85f3699f055312a5f6b2ea577bd9161ef29e
CR-Id: ALPS04760107
Feature: [Module]ATCI (AT Command Interface)
 2020-01-18 10:20:00 +08:00
Chun-Hung Wu
ef2d9a611a [ALPS04776340] dumpstate: add selinux policy 
[Detail]
Add sd card mmcblk0/mmcblk1 sysfs_mmcblk for dumpstate

MTK-Commit-Id: 6b8fde0993498cd8659b028f978ee118a082f81b

Change-Id: I4212764d39ee8752d6a5347d2a5e629f53205d0e
CR-Id: ALPS04776340
Feature: UFS Booting
 2020-01-18 10:20:00 +08:00
Eric Chung
606cbd7ddc [ALPS04761007] GPU: Fix high risk sepolicy 
[Detail]
Remove "allow property set" in mtk_hal_gpu

MTK-Commit-Id: 846c697e7b7766010b31a37371fbbe0babaa8203

Change-Id: I87f87982ea5c0147a60c6120548d4a44dd8c7f29
CR-Id: ALPS04761007
Feature: OpenGL|ES
 2020-01-18 10:19:59 +08:00
bo.shang
6eceb7c147 [ALPS04761154] Remove risk selinux permission 
Remove create folder in data selinux permission

MTK-Commit-Id: d6a218ddee9f5bcde67381631e400a8c3d5a4497

Change-Id: I031aa0ba9463796a11e6ba68774595ad2ff40ce4
CR-Id: ALPS04761154
Feature: Network Log Tool
 2020-01-18 10:19:53 +08:00
chien-wei hsu
6bc8ac8bdb [ALPS04760982] audiohal: fix High risk SEPolicies of mtk_hal_audio 
[detail]
remove sysfs file permission,
only request the sysfs_ccci file

MTK-Commit-Id: 0649e6c55c648d65fa9c599d73bfa98e02e918fe

Change-Id: Idab0ac8e4aff9234887f70dc60fe51339d78cd2b
CR-Id: ALPS04760982
Feature: [Module]Audio HAL
 2020-01-18 10:19:52 +08:00
Huaiming Li
9f9773fc1f [ALPS04772922] fix dumpstate SF_RTT dir avc error 
[Detail]
dumpstate SF_RTT dir getattr avc error in xTS

[Solution]
add getattr rule into dumpstate.te

MTK-Commit-Id: 20c47c82db9b6dfc5091f1fa03f8505c619343ee

Change-Id: Ic6de198bfd4736ba2fa3f3aea6024eeda0f57a16
CR-Id: ALPS04772922
Feature: Android Exception Engine(AEE)
 2020-01-18 10:19:52 +08:00
Guobao Wang
0b9d1a7568 [ALPS04763239] Remove the high risk sepolicy sysfs_vcorefs_pwrctrl 
Remove the high risk sepolicy sysfs_vcorefs_pwrctrl because its no
longer in use.

MTK-Commit-Id: 7aec1b3e31558366c3d3f098eb7c9eac02398a2a

Change-Id: I2e0dcd99be464f01435f8e96ea6dd5fa6ca12716
CR-Id: ALPS04763239
Feature: SIM
 2020-01-18 10:19:51 +08:00
Youxiu Wang
6f8abd5708 [ALPS04763237] Modify permission forRIL 
Reduce the scope of permission for RIL to access proc node.

MTK-Commit-Id: 4f0402b23acbbcf90e195f4c0bfc3bd249c1489e

Change-Id: I442119bd6696a40aa1a49bec781cfb947869b995
CR-Id: ALPS04763237
Feature: DSDS (Dual SIM Dual Standby) Framework-Common Framework(RIL)
 2020-01-18 10:19:51 +08:00
Jen-Chih Chang
f4b78200ab [ALPS04761137] Remove mtkrild emulator SEPolicies 
Remove ununsed mtkrild emulator SEPolicies

MTK-Commit-Id: c6a07a483b3ff3c64b356d44808009aff7bb95b8

Change-Id: Ifbc17574943048f2f855ceb3282a89b892d7dc8c
CR-Id: ALPS04761137
Feature: DSDS (Dual SIM Dual Standby) Framework-Common Framework(RIL)
 2020-01-18 10:19:50 +08:00
mtk14723
dc117a90e7 [ALPS04761108] Backlight: remove the unused sepolicy 
[Detail]
Remove the unused sepolicy, which has high risk

MTK-Commit-Id: 93b6fa2d6408dc551867fb24b260b053a9b746a7

Change-Id: Id8ddccde37e766c59b1d258d17db2759da6a3ef9
CR-Id: ALPS04761108
Feature: [Android Default] Backlight
 2020-01-18 10:19:50 +08:00
mtk10871
6d71aabb69 [ALPS04690934] BT feature: log in data area 
[Detail]
Log is available to store in data area.
Change api for setting corresponding permission.

MTK-Commit-Id: 00be41e217b22f187a664d5d51cb18d52bc63635

Change-Id: I69c0869067e8f815c0f41930248b1c0e2c7f6358
CR-Id: ALPS04690934
Feature: BT AOSP
(cherry picked from commit e7396905545c154bc2ff6e76b4fa117ddbca0bb9)
 2020-01-18 10:19:50 +08:00
hao.wang
36fcc17d60 [ALPS04760753] add hal mms sepolicy 
Add merged_hal_service plolicy

MTK-Commit-Id: b098be0f7ff7c5f3755b9f7dfbf07dd17cf5eb65

Change-Id: I064377cb7628c703563fe2b3acc5e8718c0bd458
CR-Id: ALPS04760753
Feature: [Android Default] Camera Application Basic Functions
 2020-01-18 10:19:49 +08:00
Denis Hsu
4aa82d78c9 [ALPS04761184] Remove high risk policy for nvram 
Remove high risk policy for nvram.

MTK-Commit-Id: 6b89d790d606c06b3c48ef2711ad4e1f3b3132de

Change-Id: Iae4a7b021816f771d77b3f58f150de03863dfb9f
CR-Id: ALPS04761184
Feature: NVRAM Partition
 2020-01-18 10:19:49 +08:00
Cosmo Sung
979dff06fc [ALPS04761137] SeLinux permission 
Add rild socket type.

MTK-Commit-Id: d6850afb4aa38dbb3ec7e439b40a3379edf131a0

Change-Id: I3593adadabeffbe98bacdc27579f392073a40300
CR-Id: ALPS04761137
Feature: DSDS (Dual SIM Dual Standby) Framework-Common Framework(RIL)
 2020-01-18 10:19:48 +08:00
Huaiming Li
b42ff07e97 [ALPS04719663] fix avc denied issue 
add aee_aedv allow to read proc_pl_lk file

MTK-Commit-Id: ffc098c939b46f9df94d41e901d3c0f9ab7a9169

Change-Id: Ib3dbfce32dd63afe83998d2c5dea977ab9dcc6c4
CR-Id: ALPS04719663
Feature: Android Exception Engine(AEE)
 2020-01-18 10:19:48 +08:00
Juju Sung
61d7044c46 [ALPS04767749] Selinux: Add new TE path 
[Detail]
New sepolicy path declared and also support
legacy android.

MTK-Commit-Id: 8982268bbef8f852c153428f1a5f83849953c7c2

Change-Id: Ic10f297a312ff2e89e44a0aa323ffa11bc78ff6e
CR-Id: ALPS04767749
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 10:19:48 +08:00
Nixy Hsu
2f89f8a47a [ALPS04754649] gz: add mtee trusty selinux perms 
fix sysfs permission for dumpstate under selinux.

MTK-Commit-Id: bca4ec3babf362b7f9d21b7c1ea8290f55d8d74c

Change-Id: I26cfbb4e959f0dbd89d46d6088284f36e6450c42
CR-Id: ALPS04754649
Feature: GenieZone
Signed-off-by: Nixy Hsu <nixy.hsu@mediatek.com>
 2020-01-18 10:19:30 +08:00
Yanjie Jiang
725c0b46e1 [ALPS04760260] ccci: delete rule not used 
Change sepolicy rule for security.

MTK-Commit-Id: 0fe0072748de8b9077117a9d4d67bebea46cf9ec

Change-Id: I85a2991ffa2928330989a53ad0597d403274ccce
CR-Id: ALPS04760260
Feature: Modem Interface Driver
Signed-off-by: Yanjie Jiang <yanjie.jiang@mediatek.com>
 2020-01-18 10:19:29 +08:00
Cosmo Sung
a49221caf7 [ALPS04763240] SeLinux permission 
Remove unused policies.

MTK-Commit-Id: fb08d7258914676e713d5a4522b8ecb3b35d56d9

Change-Id: I1be805ef301abfefc1723be2ebd97153ddba1d23
CR-Id: ALPS04763240
Feature: DSDS (Dual SIM Dual Standby) Framework-Common Framework(RIL)
 2020-01-18 10:19:29 +08:00
Hao Dong
0ae7f56165 [ALPS04765260] BT open fail 
[Description]
Sepolicy modification for BT Driver setprop

MTK-Commit-Id: fa7f679e819436f0a49387411103ce866734dc2f

Change-Id: I4b4edf6d45333d1ed4cb5a4fee17697dbae87acc
Signed-off-by: Hao Dong <hao.dong@mediatek.com>
CR-Id: ALPS04765260
Feature: BT AOSP
 2020-01-18 10:19:25 +08:00
mtk10721
24cdf7e61e [ALPS04758146] fix selinux 
[Detail] ioctl is not allowed

[Solution] Fix it

MTK-Commit-Id: 92a8921309a104dab501f57264e8939a57df0c30

Change-Id: I670513bdc93979217ea068b0aca61e1bda11364f
CR-Id: ALPS04758146
Feature: [Android Default] Camera Application Basic Functions
 2020-01-18 10:19:25 +08:00
Caroline Yang
61181c335d [ALPS04763248] Remove unused sepolicies 
[Detail]
Remove unused sepolicies of thermalindicator.

MTK-Commit-Id: 3a0b1cc66e7e651ee0f0307654389e25c4e721d9

Change-Id: I535e42ae60b0170f621452aca19419283a7fa3fe
CR-Id: ALPS04763248
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 10:19:24 +08:00
Leo Hsieh
a61938f39c [ALPS04740849] Add sepolicy for 3-apk 
Add sepolicy ro.vendor.mtk_nn.option for 3-apk.

MTK-Commit-Id: fab2092fdc76055e29ff31c900da0bee29f7ac5e

Change-Id: I0b44a239fb76f3cde51fa0e992023fbf34e4a57f
CR-Id: ALPS04740849
Feature: NeuroPilot
 2020-01-18 10:19:23 +08:00
zhuoliang zhang
35c1be8aab [ALPS04760322] high risk sepolicies of dhcp 
delete the legacy selinux file :dhcp.te

MTK-Commit-Id: b963a9f2c64ece1174cd78d6602cd7ddc768e347

Change-Id: I8a2a10f3c1f2626836abc3b514c97df43a1795de
CR-Id: ALPS04760322
Feature: [Module]IP Networking
 2020-01-18 10:19:23 +08:00
hongxu.zhao
f57f7914f3 [ALPS04761129] sensor: high risk sepolicy of mtk_hal_sensors 
give /sys/class/sensor folder perms for mtk_hal_sensors

MTK-Commit-Id: 7d2c08aad389eb68e423d9fa75d5c4f0d514577c

Change-Id: I63c5300a31b523de5d4c22ac53e5e03ba8cdd048
CR-Id: ALPS04761129
Feature: Sensor Hub
 2020-01-18 10:19:22 +08:00
Shanshan Guo
f4c7151104 [ALPS04760380] SEPolicy: remove unused sepolicies of libudf.so 
[Detail]
libudf.so has been place in both system and vendor,
so dont need these sepolicies anymore.

[Solution]
Remove unused sepolicies of libudf.so

MTK-Commit-Id: 8e79905072cf0855c1c50c679681fd33b936b54f

Change-Id: I051c61e5be725dab8b3375adc6f52882556cc3c1
CR-Id: ALPS04760380
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 10:19:19 +08:00
Eric Chung
7876720527 [ALPS04735709] GPU: Add selinux policy to enable GED new ioctl 
[Detail]
New GED ioctl: GED_BRIDGE_IO_HINT_FORCE_MDP

MTK-Commit-Id: 49b81814f6f14ea55b6dcff2780726a71533f9ae

Change-Id: I9c2d10c8e10f67c0618b7daee7d980a783fa86bf
CR-Id: ALPS04735709
Feature: Vulkan
 2020-01-18 10:19:15 +08:00
Jimmy Lai
bf88392bfa [ALPS04740488] SVP IT 
1. Add tag for vcodec internal log file

MTK-Commit-Id: 2b4abdfbddc7095bf9a0a721c650917bc8bbddd6

Change-Id: I72d45bed4a61f5234ae0b82b7c4958bfe1da5ad2
CR-Id: ALPS04740488
Feature: Secure Video Path (SVP)
 2020-01-18 10:19:15 +08:00
Juan Rong
03a9cc799a [ALPS04753766] [EM]AAL: set property 
Allow EM set AAL property

MTK-Commit-Id: 7395aeb88595801b47a52b473d102d672181a58d

Change-Id: Iea2bd4fc8d761a1103277352c1c90b0ed1da98b6
CR-Id: ALPS04753766
Feature: Engineering Mode
 2020-01-18 10:19:15 +08:00
Chris-YC Chen
6af540cfae [ALPS04723991] mmservice 1.3 
1. update mmservice to 1.3
2. PQ func sup in MMS by FD

MTK-Commit-Id: 667fe3cc027eb10d8f637b53ed95191f0775fdc0

Change-Id: I2519b020e10af3036ad30c59d7761cf741417456
CR-Id: ALPS04723991
Feature: [Module]MDP Driver
 2020-01-18 10:19:11 +08:00
mtk11285
b913b95845 [ALPS04754945] aee: phase out unused selinux rules 
NE DB is created by /system/bin/aee_aed* on Q,
so remove selinux rules about /data/vendor/tombstones.

MTK-Commit-Id: f3b5da9438aa0fe4cc6e96bcafe0b253da475fee

Change-Id: I875ed2f4c62413e4b438b36945cda9ec7933f9b3
CR-Id: ALPS04754945
Feature: Android Exception Engine(AEE)
 2020-01-18 10:19:11 +08:00
Zhongchao Xia
489d71fd5e [ALPS04741328] MMS HIDL use lazy mode 
MMS HIDL use lazy mode if MTK_GMO_RAM_OPTIMIZE
is true.

MTK-Commit-Id: fd8a40b123a05c3b49eeec138c9326ead2cc5288

Change-Id: I23fd115254a9e74aa0068b8ecd36fd9ebcf1fad8
CR-Id: ALPS04741328
Feature: [Module]MDP Driver
(cherry picked from commit 25220c503042401944a96a1dba27df45058419d3)
 2020-01-18 10:19:10 +08:00
guozhen.tang
9da18d4d0b [ALPS04753953] gps sanity fail 
add permission for gps to read prop file

MTK-Commit-Id: 5876b325d9ddbe6a6a3c800f830432f64fd3a5b6

Change-Id: I2aad7aebe615a27b21aaef33aa94dfcc8bf4c429
CR-Id: ALPS04753953
Feature: A-Glonass
 2020-01-18 10:19:04 +08:00
hua.tian
482be9e9f2 [ALPS04746763] Remove unsafe rules 
Remove the rules to create folder under /data in own process.

MTK-Commit-Id: 7bda57233e721387cb85dc246253a66de9e1ee46

Change-Id: I904278893497cd1270840b7e2bd4d20e3bc9dde9
CR-Id: ALPS04746763
Feature: Mobile Log Tool
 2020-01-18 10:19:04 +08:00