NekoSakura/android_device_mediatek_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
930 Commits 2 Branches 0 Tags
Commit Graph

26 Commits

Author SHA1 Message Date
Yifei Qiao
9708912e27 [ALPS04700799] Align keymanager sepolicy with p0.mp6 
Align keymanager sepolicy with p0.mp6

MTK-Commit-Id: 24a187bc32e2be7663abb880c07659834d71f4b0

Change-Id: Ia98525be2155dcf3261633d1e6c25a775426068d
CR-Id: ALPS04700799
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 10:17:31 +08:00
Juju Sung
f680189e6c [ALPS04284125] Sepolicy: add lost label 
[Detail]
netd_socket is deprecated in a/26f84c6.
The netd_socket used in mulitple modem generation,
for cross modem compatibility we add a dummy label to
prevent splitting new branch.

MTK-Commit-Id: b949378b387f9eb942de90b7475aea4ec711f68c

Change-Id: I5179175d9df973a0da01d4520269468b70f742ce
CR-Id: ALPS04284125
Feature: Modem Interface Driver
 2020-01-18 10:13:13 +08:00
Kobe Wu
a25d1ca12f [ALPS04400836] Fix SELinux issue 
[Detail]
avc:  denied  { find } for interface=android.hardware.audio::
IDevicesFactory sid=u:r:audiocmdservice_atci:s0 pid=4193 scontext=u:r:
audiocmdservice_atci:s0 tcontext=u:object_r:hal_audio_hwservice:s0
tclass=hwservice_manager permissive=0

[Solution]
hal_client_domain(audiocmdservice_atci, hal_audio)
allow audiocmdservice_atci hal_audio_hwservice:hwservice_manager find;

MTK-Commit-Id: 19954438860104bb7e0036ce92d21429103e6149

Change-Id: Idc7fe552e63aec6e4e1081a0f4681d251b019be3
CR-Id: ALPS04400836
Feature: Audio Tuning Tool
Signed-off-by: Kobe Wu <kobe-cp.wu@mediatek.com>
 2020-01-18 10:10:18 +08:00
Po Hu
4f97064d35 [ALPS04209994] Android Q migration prepare 
[Detail]
Fix build warning like:
WARNING unrecognized character at token ^M on line XXX:

[Solution]
Use dos2unix to update files

MTK-Commit-Id: 8285bcfe7a30349f3188c9b29e4b8da9ee2c1280

Change-Id: I7773e243028a2275d11782885b4bc299d5c5d043
CR-Id: ALPS04209994
Feature: build process
 2020-01-18 10:08:11 +08:00
Juju Sung
12bc2025e2 [ALPS04239425] Sepolicy: fix undefined type declration 
[Detail]
Unknown type:untrusted_v2_app,alarm_device,qtaguid_proc,mtd_device
Duplicated type:proc_slabinfo

MTK-Commit-Id: 11ccfcffb994452eb58a697e94a8da748ac73933

Change-Id: I2e847041d14d6b6613044cfaa98f242b7fd9381a
CR-Id: ALPS04239425
Feature: Build System
 2020-01-18 10:08:05 +08:00
mtk14717
0f84ebfce2 [ALPS04085275] Key manager porting [10] 
[Detail]
Vendor process can not r/w system data file
[Solution]
Change key_provision from system to vendor

MTK-Commit-Id: 7506682fb0b8dbad81fbd58ec1f0da331696d1d5

Change-Id: Ic8afbf2ec8385ae43d5abd124473af9550de9aa1
CR-Id: ALPS04085275
Feature: [Module]keymaster
 2020-01-18 10:06:54 +08:00
mtk12101
722798a334 [ALPS03982747] Remove unused sepolicy rules 
Some rules is no need any more, need to remove it.

MTK-Commit-Id: 49685f1299d990a7195a2d54b955517d8f2cc699

Change-Id: I4a590ad781589cf94989ce72c88751ac10b82eae
CR-Id: ALPS03982747
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 10:02:25 +08:00
Chunlan Wang
c93290f067 [ALPS03932298] Factory Mode: move to vendor partition 
[Solution]
Factory mode should build in vendor partiton, so move
factory from system partition to vendor partition

MTK-Commit-Id: c55354593a97aed3af9d0b2584037d03d3d2669c

Change-Id: I5a607b60f9ac974380c5e440a6fa0c51797d6b1b
CR-Id: ALPS03932298
Feature: Factory Mode
 2020-01-18 09:58:07 +08:00
Peter Wang
2c7dd5ac57 Merge "[ALPS03901606] eMMC&UFS : Combo feature" into alps-trunk-p0.basic 
Change-Id: I4c2f71a7849a30d85ece28c9b145249f9db056c1
MTK-Commit-Id: 52337831adf6f4f1f3fe2ab268936646e789de8d
 2020-01-18 09:52:29 +08:00
Peter Wang
8183941448 [ALPS03901606] eMMC&UFS : Combo feature 
[Detail]
1. Change type name from sysfs_boot to sysfs_boot_mode
2. Add type name sysfs_boot_type

MTK-Commit-Id: 54d5bb31fc8ad1d9ac2e931fe5dc01ef4c1083cf

Change-Id: I445ecdf5a5e334a49ccc1d747daa87f6be351d20
Signed-off-by: Peter Wang <peter.wang@mediatek.com>
CR-Id: ALPS03901606
Feature: UFS Booting
 2020-01-18 09:52:26 +08:00
SW Integrator
38f6afbf14 [ALPS03800946] Remove vold_socket 
[Detail]
Remove vold_socket because its not allowed

[Solution]
Remove marked code

MTK-Commit-Id: 8c940b5494f7631fce98a251f2d0ba857f9346df

Change-Id: I50c1d6cfd21f4877b0c1f08bd3f3bacb2c47885e
CR-Id: ALPS03800946
Feature: Treble
 2020-01-18 09:52:12 +08:00
SW Integrator
700750af5e [ALPS03800946] Remove data_between_core_and_vendor_violators 
[Detail]
data_between_core_and_vendor_violators is used temporarily. We should
follow Android P SELinux rule to write sepolicy.

[Solution]
Remove data_between_core_and_vendor_violators from files which already
fix SELinux build errors

MTK-Commit-Id: 6a75842a96d8997bca10caf6ca4d5b4e7e8f68a4

Change-Id: I5e840fdf6b61d44860429a7e5c7e24c9a48a9c75
CR-Id: ALPS03800946
Feature: Treble
 2020-01-18 09:49:26 +08:00
Long Yang
c1564d4dd2 Merge "[ALPS03853366] Fix kisd sepolicy issue for android p[1/3]" into alps-trunk-p0.basic 
Change-Id: Id7b550f47c0afcf7a1b7625275f9b898ffeac428
MTK-Commit-Id: 8077b66089b85bef61e63e73d4d827112a17c415
 2020-01-18 09:46:03 +08:00
mtk14717
dd229ac506 [ALPS03853366] Fix kisd sepolicy issue for android p[1/3] 
[Detail]
Move kisd from system to vendor and add keymanage hidl
[Solution]
Modify related sepolicy in device/mediatek/sepolicy/basic

MTK-Commit-Id: c1826ac0bdcc18a4e6d3298e73514801a35a09ad

Change-Id: Iee4b65ba5addc5a21de53e76d3bb092e2f37ab01
CR-Id: ALPS03853366
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 09:45:51 +08:00
mtk12968
02f57d1f7c [ALPS03598446] add selinux policy for mdp 
[Detail]add a mtk_mdp_device lable and a allow rule for VP

[Solution]add a mtk_mdp_device lable and a allow rule for VP

MTK-Commit-Id: d015c8eba69f036e0f4770e045b1c99bd4d6c8c5

Change-Id: I9b72360ae4a31d849d8e6ada94d4ee8c49f36b1b
CR-Id: ALPS03598446
Feature: [Module]MDP Driver
(cherry picked from commit e10343315224b4b166767bc7e19fa0b14cc06892)
 2020-01-18 09:45:24 +08:00
Larry Liang
f9ccc3b4ea Merge "[ALPS03841705] remove unuse selinux rule" into alps-trunk-p0.basic 
Change-Id: If10189a5f8f50b9dd1cd3f9eafab6eb45abb5b31
MTK-Commit-Id: ffdde889a9b9d4233902fc634a6ab071f2e38c0c
 2020-01-18 09:41:08 +08:00
mtk11285
33f97ac789 [ALPS03841705] remove unuse selinux rule 
[Detail] remove unuse selinux rule

MTK-Commit-Id: 83678f3c246610d78ddac840511df45153e9121e

Change-Id: Ibc862ad2b990bcf77642e271f45ad0e1d1fa9574
CR-Id: ALPS03841705
Feature: Android Exception Engine(AEE)
 2020-01-18 09:41:02 +08:00
Denis Hsu
977ad3f552 [ALPS03891225] Modify vold related policy 
[Detail]
1. remove md_ctrl.te because we dont use md_ctrl in P.
2. remove debugfs_tracing policy
3. remove nvdata, protect_f, protect_s policy

MTK-Commit-Id: d4e5c9893970f0b214b518cba5f9300f130eace9

Change-Id: Iaafc30124fd69ef2b989b9e4e51d71a37d9571e9
CR-Id: ALPS03891225
Feature: Multi-Storage
 2020-01-18 09:40:17 +08:00
mtk33297
56f34167cf [ALPS02333452] Android p selinux change 
[Detail]
Android has defined neverallow rules
to restrict direct access to system files.
We need to have a custom label for each policy.

[Solution]
Define custom label for drmserver

MTK-Commit-Id: 996de9ff486db13908f6d58b476613957d4f336d

Change-Id: I34c8d86c1baf9daa02e29323007e4136c6048b31
CR-Id: ALPS02333452
Feature: OMA DRM V1.0
 2020-01-18 09:38:57 +08:00
Yuxian Xu
af8b6473d2 [ALPS03886572] Mobile Log selinux rule porting 
[Detail]
Mobile Log selinux rule porting:
1. fix the violation on P
2. relable some kernel interfaces.

MTK-Commit-Id: 4108ed13f3e7693c3642b6f073c5444f133b3c38

Change-Id: I1fac185779510f10b9b94bdf6ec40573237d846a
CR-Id: ALPS03886572
Feature: Mobile Log Tool
 2020-01-18 09:37:45 +08:00
yuhui.zhang
cfa692cd89 [ALPS03860173] Update em_svr te file 
[Detail]
Update em_svr te file on Android P rules

MTK-Commit-Id: 209e5983cf99919666577929b0c4861131c8c9f7

Change-Id: Ifc5c86499abbf712c3388776a993178f8d14df32
CR-Id: ALPS03860173
Feature: Engineering Mode
 2020-01-18 09:37:16 +08:00
Morven-CF Yeh
a1cfcc550c [ALPS03860276] Rename MTKs system properties 
[Detail] modify debug.factory.idle_state to
vendor.debug.factory.idle_state

MTK-Commit-Id: 725183500a96ad7d96bea72edfd5fd42643db833

Change-Id: I323b158642aec36604fe6d1dab2afe217ba09002
Signed-off-by: Morven-CF Yeh <morven-cf.yeh@mediatek.com>
CR-Id: ALPS03860276
Feature: Power Management
 2020-01-18 09:31:09 +08:00
Bo Ye
3ace839be3 [ALPS03825066] Mark file context to fix build fails 
Restore the policies accessing files labeled
    as proc_xxx or sysfs_xxx, but there are some
    exceptions for coredomain process, such as
    meta_tst,dump_state,kpoc_charger

MTK-Commit-Id: 7953b5203bb3cac099c3326d330643b4cd73746d

Change-Id: I4b16c09c352891783e837bea370c264966ca6d13
CR-Id: ALPS03825066
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 09:29:41 +08:00
Bo Ye
5849c224e3 [ALPS03825066] P migration selinux build failed fix 
1. Mark polices which accessing proc/sysfs file system
    2. Add violator attribute to modules violate vendor/system rule.

MTK-Commit-Id: 3954cad7a1428cda694d8428c2235a78aa6e7cc8

Change-Id: I401ae5b87eb9a03f324bef83c6678149606b15a8
CR-Id: ALPS03825066
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 09:29:36 +08:00
mtk12101
bbecfaa68b [ALPS03825066] Resolve vendor violates 
[Detail] Google add new neverallows rules on android P,
some rule violate the rules

[Solution] Remove the rules which violate google new rules

MTK-Commit-Id: ff683b4eee0a6dd95ff25fbb6c7d1fc3a79c604d

Change-Id: Iead494212c6adcec234eaef14c83d1f8c7a49deb
CR-Id: ALPS03825066
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 09:29:34 +08:00
Chunyan Zhang
37e0caa36e import from mediatek/master to mediatek/alps-mp-o1.mp1 
Change-Id: Ic78db8195c5c51f85c9c6fd3ef8333489afd6e79
MTK-Commit-Id: 848bf57127be9d01fd1df4aab95737855456afee
 2020-01-18 09:29:32 +08:00