NekoSakura/android_device_mediatek_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,032 Commits 2 Branches 0 Tags
Commit Graph

28 Commits

Author SHA1 Message Date
Huaiming Li
9f9773fc1f [ALPS04772922] fix dumpstate SF_RTT dir avc error 
[Detail]
dumpstate SF_RTT dir getattr avc error in xTS

[Solution]
add getattr rule into dumpstate.te

MTK-Commit-Id: 20c47c82db9b6dfc5091f1fa03f8505c619343ee

Change-Id: Ic6de198bfd4736ba2fa3f3aea6024eeda0f57a16
CR-Id: ALPS04772922
Feature: Android Exception Engine(AEE)
 2020-01-18 10:19:52 +08:00
Nixy Hsu
2f89f8a47a [ALPS04754649] gz: add mtee trusty selinux perms 
fix sysfs permission for dumpstate under selinux.

MTK-Commit-Id: bca4ec3babf362b7f9d21b7c1ea8290f55d8d74c

Change-Id: I26cfbb4e959f0dbd89d46d6088284f36e6450c42
CR-Id: ALPS04754649
Feature: GenieZone
Signed-off-by: Nixy Hsu <nixy.hsu@mediatek.com>
 2020-01-18 10:19:30 +08:00
Huaiming Li
6272c879bf [ALPS04719663] fix some avc denied issue 
update some sepolicy rules

MTK-Commit-Id: c1294d5ae7714677077e8d38c6c1624955816cdb

Change-Id: Id30499203b004677bf95b221195ef33749ec6a36
CR-Id: ALPS04719663
Feature: Android Exception Engine(AEE)
 2020-01-18 10:18:55 +08:00
Huaiming Li
8ed6a9057c [ALPS04719663] add sepolicy rules 
1.dump file: add adsp sepolicy rule for dumping log
2.allow vendor process ro read tracing_on file

MTK-Commit-Id: 954cb9410ded3baa31927881abbff963b5bba56d

Change-Id: Iab86bf588585b7d1b34d1c1fbc6fb5acce833267
CR-Id: ALPS04719663
Feature: Android Exception Engine(AEE)
(cherry picked from commit b0f133c03c3bf22d4794c16f1a2d98d95ad1b70d)
 2020-01-18 10:18:41 +08:00
Huan Tang
943a2db478 [ALPS04714861] dumpstate: add selinux policy 
1.relabel mmcblk1 to sysfs_devices_block in sysfs
2.allow dumpstate access sysfs_devices_block

MTK-Commit-Id: 359f985388d45abc8b47a95ef71fccf72259ee35

Change-Id: I1e83b8f6f6bdba20965b7f976f9589363d28c48d
CR-Id: ALPS04714861
Feature: Android Exception Engine(AEE)
 2020-01-18 10:18:08 +08:00
Huaiming Li
fc904e056e [ALPS04642542] update sepolicy rules for dumping kmemleak file 
add new sepolicy rules for dumping kmemleak file into manual DB

MTK-Commit-Id: bbc72864526fe28df5f9278c4250a152fbe94515

Change-Id: Ie59c50451d3e7b00500a11eab43b99004d0b543c
CR-Id: ALPS04642542
Feature: Android Exception Engine(AEE)
 2020-01-18 10:17:36 +08:00
Huaiming Li
0e69d03d37 [ALPS04697232] fix google dumpstate avc error 
[Detail]
mmcblk1 stat file avc error and proc last_kmsg avc error

[Solution]
add dumpstate sepolicy rule

MTK-Commit-Id: 4d3e60120a2049f9e6f4e7ce9e2f835c2bb993ca

Change-Id: I6e1e63eb719aa8b7b4d0a86043bd0bce637a638f
CR-Id: ALPS04697232
Feature: Android Exception Engine(AEE)
 2020-01-18 10:17:23 +08:00
Stanley Chu
1a276c5460 [ALPS04682157] aee: ufs: Enable write permission for ufs_debug 
Enable write permission for /proc/ufs_debug to try to catch
precise UFS command history in erroneous scenes by:

- Stopping UFS command history immediately just after error
  (e.g., NE, JE ...etc.) happens.
- Re-starting UFS command history after UFS command history
  is dumped.

MTK-Commit-Id: 59f4a6c71850d7131cf6312e802124fe68a830c6

Change-Id: I738eff0040210b4a833f15af526c68282f697d5b
CR-Id: ALPS04682157
Feature: Android Exception Engine(AEE)
 2020-01-18 10:16:36 +08:00
Shanshan Guo
ac04c06d44 [ALPS04661377] SEPolicy:workaround for google dumpstate avc error 
[Detail]
In xTS, testNoBugreportDenials will check if there are any
avc denied log of dumpstate.
https://android-review.googlesource.com/c/platform/cts/+/667966

[Solution]
add dumpstate allow rules as workaround for google
dumpstate avc error.

MTK-Commit-Id: 98f2dcd0a8011ce5892a25bf40e3e94efe87e302

Change-Id: I12d8d197a815791be942336d6c951e38a3278d2c
CR-Id: ALPS04661377
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 10:16:29 +08:00
Huaiming Li
cbb2ca1665 [ALPS04642542] add allow rule for reading tracing_on 
ensure aee_dumpstate can read tracing_on value

MTK-Commit-Id: a97d988f87616ea966acdfc090f665237098fb22

Change-Id: I04b844de30965f943b7d3d2be1c805c3158dbf13
CR-Id: ALPS04642542
Feature: Android Exception Engine(AEE)
 2020-01-18 10:16:04 +08:00
HungWen Hsieh
2278c51caa [ALPS04419954] sync code from android p 
[Detail]
sync code from android p

MTK-Commit-Id: d0b19b83da618bab91caff90dbe9525f3f6a22a3

Change-Id: Ib664dbb0b8a1b69012fc81a2ad1bde770ccf478b
CR-Id:ALPS04419954
Feature:[Android Default] Camera Application Basic Functions
 2020-01-18 10:11:22 +08:00
Huaiming Li
6572ac2fa3 [ALPS04383536] AEE: add some new rules 
add some new rules for not exit files in basic/non_plat/,
allow dumpstate to open/read files

MTK-Commit-Id: 7d8021e582f9c10b7f9574f4fcdadee0be5d3c99

Change-Id: Ifc1ca446ce6cd40e36835acaf52ca5a12efedcdb
CR-Id: ALPS04383536
Feature: Android Exception Engine(AEE)
 2020-01-18 10:11:11 +08:00
mtk11285
85b3620577 [ALPS04325589] AEE: remove unuse rules 
1. remove unuse rules
2. allow dumpstate to r/w /proc/msdc_debug
3. allow aee_core_forwarder to access hwservicemanager_prop
4. allow aee_core_forwarder to connect aee_aed socket

MTK-Commit-Id: a43676c734f74636df65e59cdcace017eca79706

Change-Id: I3c45ed83499c0079b38af34cf462dcd80fec501d
CR-Id: ALPS04325589
Feature: Android Exception Engine(AEE)
 2020-01-18 10:09:44 +08:00
mtk11285
c54cc72936 [ALPS04036690] add selinxu rules 
[Detail]
1. relable /proc/chip/info and replace /proc/chip/hw_ver lable
2. add "allow aee_aed sysfs_leds:dir search" for red screen

MTK-Commit-Id: 9a2bac1e41aad51276011d48a65fc58fa16d2fc9

Change-Id: Ifdfb536a9fb763301960b4e771e50c0c49636e7e
CR-Id: ALPS04036690
Feature: Android Exception Engine(AEE)
 2020-01-18 10:06:25 +08:00
Dennis YC Hsieh
28cf5af63a [ALPS04023420] cmdq: CMDQ_STATUS not gen in db 
Miss rule in aee_aedv.te and cause cmdq status blocking by rule.
Add rule and fix name typo.

MTK-Commit-Id: 589feaa73ff62b1893f30d5e4b1ce02d34c94edf

Change-Id: I046f73e29f404cb51908f8191599cb46a7c1399d
Signed-off-by: Dennis YC Hsieh <dennis-yc.hsieh@mediatek.com>
CR-Id: ALPS04023420
Feature: Android Exception Engine(AEE)
 2020-01-18 10:06:20 +08:00
Lili Lin
9e64f5e935 [ALPS03878175] Remove system_writes_vendor_properties_violators 
system_writes_vendor_properties_violators is only workaround,
and will cause *TS test fail, so remove the workaround and
corresponding rules that cause build fail.

MTK-Commit-Id: f637c1416b591c821bc9c18fd3dbf3aa5f9038af

Change-Id: If09922120de0742ec47d7c0522168d4e78a4e74f
CR-Id: ALPS03878175
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 10:04:31 +08:00
Christopher Chen
cf8b0fcdd5 [ALPS03595410] VPU: patch sync from o1.mp1 
[Detail] sync from o1.mp1

[Solution]
1. add sepolicy for debug file

MTK-Commit-Id: 17203252c8bbb77792b32aa5f04ede3408e18e0d

Change-Id: I5fb01a274e2a795612c7c64038b2cb9b49802129
CR-Id: ALPS03595410
Feature: [Android Default] Camera Application Basic Functions
(cherry picked from commit 2cdafad54592601280163dc9ee8f581661657755)
 2020-01-18 10:04:27 +08:00
mtk12101
722798a334 [ALPS03982747] Remove unused sepolicy rules 
Some rules is no need any more, need to remove it.

MTK-Commit-Id: 49685f1299d990a7195a2d54b955517d8f2cc699

Change-Id: I4a590ad781589cf94989ce72c88751ac10b82eae
CR-Id: ALPS03982747
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 10:02:25 +08:00
Stanley Chu
04cfd4136d Merge "[ALPS03866203] pidmap: Add SELinux policy for Android P" into alps-trunk-p0.basic 
Change-Id: I0817c4598a66bba6365e5a3b60d1227d15b22a0c
MTK-Commit-Id: af3963de74153a8ad057979afc7c3d0a199e4107
 2020-01-18 09:58:23 +08:00
Stanley Chu
f98f18c9c8 [ALPS03866203] pidmap: Add SELinux policy for Android P 
[Detail]
Add SELinux policy for Android P:
Allow aee_aedv and dumpstate to read pidmap proc file.

MTK-Commit-Id: 16f120df6c33e20cdb0ce7f8c2040356ffecf02a

Change-Id: If1aa665003f70a2621687fcf291433d80f0d54d3
CR-Id: ALPS03866203
Feature: Android Exception Engine(AEE)
 2020-01-18 09:58:17 +08:00
Lili Lin
05f5d87b88 [ALPS03881723] Workaround to fix build break 
[Detail] Googles new commit
neverallow coredomain from writing vendor properties
cause build break

cdb1624c27

[Solution] Declare system_writes_vendor_properties_violators as workaround

MTK-Commit-Id: 2b19515d2d98945b0aadfbc9043352ae927497f3

Change-Id: I7be59b6811f6c75ea47da205be902417311fe1d0
CR-Id: ALPS03881723
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 09:56:13 +08:00
mtk11285
628e0eccb8 [ALPS03841705] AEE porting on Android P about selinux 
[Detail]
1. add some rules
2. temp solution for getting ro.*.mediatek.version.branch/ ro.*.mediatek.version.release property

MTK-Commit-Id: 12c4d79a10293c4611233c985c29dca94f6e24ae

Change-Id: Ice4d565664f95a456f985ed138f302fe7ac4dbff
CR-Id: ALPS03841705
Feature: Android Exception Engine(AEE)
 2020-01-18 09:50:43 +08:00
mtk11285
a76cdd9cee [ALPS03841705] AEE porting on Android P about selinux 
[Detail]
1. add some rules
2. transfer aee_core_forwarder domain form kerenl to aee_core_forwarder

MTK-Commit-Id: 7ad2c5df75565153ccec471f0eb2224c912515cd

Change-Id: I9b576e3937d04b5848baeb156718d0469fa05a75
CR-Id: ALPS03841705
Feature: Android Exception Engine(AEE)
 2020-01-18 09:48:59 +08:00
mtk11285
457f1855f1 [ALPS03841705] AEE porting on Android P 
[Detail]
1. modify property according to P rule
2. add some selinux rules
3. relable /proc/slabinfo /proc/zraminfo

MTK-Commit-Id: aa654138c8b48d223b614c81d2f39d7cd6eedd1f

Change-Id: Ib47383553b0d320d3766780f35c397be60dc1339
CR-Id: ALPS03841705
Feature: Android Exception Engine(AEE)
 2020-01-18 09:35:48 +08:00
mtk11285
3f1078bbd4 [ALPS03841705] fix the violation during Android P migration 
[Detail] fix the violation during Android P migration

MTK-Commit-Id: 7dae33f4c7435a7eeae86a738d88dc6c3e52e3c3

Change-Id: I1000b278dd411438bf43ca0bda22d83aab52616f
CR-Id: ALPS03841705
Feature: Android Exception Engine(AEE)
 2020-01-18 09:30:11 +08:00
Bo Ye
3ace839be3 [ALPS03825066] Mark file context to fix build fails 
Restore the policies accessing files labeled
    as proc_xxx or sysfs_xxx, but there are some
    exceptions for coredomain process, such as
    meta_tst,dump_state,kpoc_charger

MTK-Commit-Id: 7953b5203bb3cac099c3326d330643b4cd73746d

Change-Id: I4b16c09c352891783e837bea370c264966ca6d13
CR-Id: ALPS03825066
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 09:29:41 +08:00
Bo Ye
5849c224e3 [ALPS03825066] P migration selinux build failed fix 
1. Mark polices which accessing proc/sysfs file system
    2. Add violator attribute to modules violate vendor/system rule.

MTK-Commit-Id: 3954cad7a1428cda694d8428c2235a78aa6e7cc8

Change-Id: I401ae5b87eb9a03f324bef83c6678149606b15a8
CR-Id: ALPS03825066
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 09:29:36 +08:00
Chunyan Zhang
37e0caa36e import from mediatek/master to mediatek/alps-mp-o1.mp1 
Change-Id: Ic78db8195c5c51f85c9c6fd3ef8333489afd6e79
MTK-Commit-Id: 848bf57127be9d01fd1df4aab95737855456afee
 2020-01-18 09:29:32 +08:00