NekoSakura/android_device_mediatek_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,150 Commits 2 Branches 0 Tags
Commit Graph

1085 Commits

Author SHA1 Message Date
Shanshan Guo
9eeda9d646 [ALPS04833608] SEPolicy: Add specail SELabel for atag,chipid 
[Detail]
It has risk for allow process to get permission of atag,chipid
by using u:object_rsysfs:s0
To avoid that, need to add specail SELabel for atag,chipid

[Solution]
Add specail SELabel for atag,chipid

MTK-Commit-Id: b727ba4e2b59c1dbe59f5e1d9f6b9c5d94c5ffad

Change-Id: Ibaf69f387015790c657783bb1234e584e56f67aa
CR-Id: ALPS04833608
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 10:21:42 +08:00
Shanshan Guo
ffa4ed5121 [ALPS04833608] SEPolicy: Add specail SELabel for /proc/chip 
[Detail]
It has risk for allow process to get permission of /proc/chip by
using u:object_r:proc:s0
To avoid that, need to Add specail SELabel for /proc/chip

[Solution]
Add specail SELabel for /proc/chip

MTK-Commit-Id: 84d8e9654281e4f7ee8a602e91084c320feff658

Change-Id: Ia6d4be26491fa11f81734cbb80b0b98b2b88f64a
CR-Id: ALPS04833608
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 10:21:38 +08:00
Sheldon Wang
1482d6d9af [ALPS04817575] Add system property only for MTK system image 
[Solution]
When run VTS test, theres no WOS module due to its AOSP system image.
So we need to skip the edpg related function.

MTK-Commit-Id: 8f8e5faded18d6bcee1eb96dba37a2d708f3995f

Change-Id: I9cee39eea1dd75bccf6cc442f16ed3fe4e72ae95
CR-Id: ALPS04817575
Feature: WiFi Calling Service
 2020-01-18 10:21:38 +08:00
mtk07742
e164a5e7e6 [ALPS04820462] Dontaudit read rule for sdcardfs 
Dontaudit read rule for sdcardfs in system_server.

MTK-Commit-Id: 9692c06e36b398d98c8855bd936595c10a6f2116

Change-Id: I0740e40e1476f6699f6f92e648b3d7ea718cb66d
CR-Id: ALPS04820462
Feature: [Module]SystemServer
 2020-01-18 10:21:37 +08:00
Huaiming Li
cd6459c6ee [ALPS04758557] fix aee high risk rules 
1. fix some aee high risk rules

MTK-Commit-Id: 4031a4610757debf0aa0de48408c72517fd61bcb

Change-Id: I637d723cba54ba7119d15617bd2935a4b00dd6c5
CR-Id: ALPS04758557
Feature: Android Exception Engine(AEE)
 2020-01-18 10:21:37 +08:00
Wei Fu
31121b1e5d [ALPS04843717] Revise SE Linux policy 
Revise SE Linux policy, avoid using socket_device.

MTK-Commit-Id: 93924c0432a94d66682827dd9e5ee9020f10decb

Change-Id: Iad72e8ff6144be73d32c3d27bd31b830900d07a3
CR-Id: ALPS04843717
Feature: [Module]ATCI (AT Command Interface)
 2020-01-18 10:21:33 +08:00
xiao.liu
222d04459c [ALPS04840835] Remove all vendor sepolicy for fastbootd 
[Solution]
1. remove sepolicy for native partition erase permission
2. remove AB partition sepolicy, leave it to Google solution

MTK-Commit-Id: 0476e00269accaf247550928cc72c010f99787c1

Change-Id: I67ab4363307a69b5a94a0242c12750bc94670344
CR-Id: ALPS04840835
Feature: [Android Default] Fastboot
 2020-01-18 10:21:33 +08:00
mtk07742
9487dd3031 [ALPS04827489] Add sys_module rule in systemserver 
Add sys_module rule for self in systemsever.

MTK-Commit-Id: fac8a7d0dec7f3316c1127928a564e2b0009313e

Change-Id: I48692ee2ee74a7863e9b8a7b69356df0177fef5d
CR-Id: ALPS04827489
Feature: [Module]SystemServer
 2020-01-18 10:21:33 +08:00
Huaiming Li
df5012bc21 [ALPS04825820] change selinux rule for engineermode 
1. change aeev.dal to aee.dal in engineermode

MTK-Commit-Id: 47758681e9ad97de7c423fad0ee2e7a9c4e21cf0

Change-Id: Ifc4bdf0535f6aff02bd5d42c7a5a73acb104875f
CR-Id: ALPS04825820
Feature: Engineering Mode
 2020-01-18 10:21:29 +08:00
Ian-Y Chen
96de8c54ba [ALPS04838812] power: add boot_mode policy 
[Detail]
There is SE Linux warning when system server
uses perf lock api

[Solution]
Add sysfs_boot_mode permission

MTK-Commit-Id: ab3e875f72f0ec5a55cb7682d6ac4a21f6dfe6dc

Change-Id: Ifd9c2acb54022de9297f7c7b62516a58fdf1c25b
CR-Id: ALPS04838812
Feature: [Module]PowerHAL
 2020-01-18 10:21:29 +08:00
Chalos YL
8af759bcb1 [ALPS04821745] Add sepolicy for mediacodec 
Codec using /proc/m4u have not permission to perform cmd 0x671a
(MTK_M4U_CONFIG_PORT ARRAY)

MTK-Commit-Id: edb1f46ed2152cbc05d0e91873283363ea5c39ad

Change-Id: I8c2b91cf92ad2b13ba62d88affc31f21c193d2d5
CR-Id: ALPS04821745
Feature: H.264 Encoder
 2020-01-18 10:21:28 +08:00
Will-SL Chen (Will Chen)
c0f2c27d28 [ALPS04821785] Add sepolicy permission 
[Details]
Add sepolicy permission for ISP HIDL

MTK-Commit-Id: 469a87485629718c725aae81537ce5cc7295105a

Change-Id: Id5a56581f726defcf527b2eefc184524cd0c5779
CR-Id: ALPS04821785
Feature: [Android Default] Face Detection
 2020-01-18 10:21:25 +08:00
Juju Sung
939dbae537 [ALPS04823486] selinux: export fingerprint property 
coredump tool needs to expose system and vendor image
fingerprint to know the relative version info.

MTK-Commit-Id: e8794c35f056dfeb20c0dff8b8aa506bd938fbd6

Change-Id: I009e10ccc8838b032d2192055fe1defcf81cebee
CR-Id: ALPS04823486
Feature: Android Exception Engine(AEE)
 2020-01-18 10:21:25 +08:00
mtk07742
42a61b8bae [ALPS04821191] Add rules in system_server 
Add rules for proc_wlan_status and sysfs_pages_shared and
sysfs_pages_sharing and sysfs_pages_unshared and sysfs_pages_volatile.

MTK-Commit-Id: 7c7249f4597a69f068100da07e2773962c0bdba7

Change-Id: I6a3d7823295fd19b934ac0a28bef1f14ca8de2fa
CR-Id: ALPS04821191
Feature: [Module]SystemServer
 2020-01-18 10:21:24 +08:00
Eric Chung
a754653a61 [ALPS04816302] GPU: Enable SPHAL for GPUD 
[Detail]
Enable SPHAL for GPU debugger

MTK-Commit-Id: c762a93f7586279bf5d9e7f76b3aab12a20acac3

Change-Id: I794cae14228a716aa099c22d06804d56c363c449
CR-Id: ALPS04816302
Feature: OpenGL|ES
Signed-off-by: Eric Chung <eric.chung@mediatek.com>
 2020-01-18 10:21:20 +08:00
mtk07742
a4100ab1fd [ALPS04813229] Add perms in systemserver 
Add permissions in system_server.

MTK-Commit-Id: 88c1d92c05bba929078a3f4a7b2dceb7a56e0982

Change-Id: I42eafa73df5bf9227d0c21e2dd32710574093314
CR-Id: ALPS04813229
Feature: [Module]SystemServer
 2020-01-18 10:21:16 +08:00
gtk_qingyunmei
b1003a58cc [ALPS04816830] add hal mms sepolicy 
add system_app policy

MTK-Commit-Id: 733342cdf392dd669201a6030ec7fa7cf4af58db

Change-Id: I6ecdc3b4d20f0b1018e3ef8a2f2a15118c3dfc6b
CR-Id: ALPS04816830
Feature: MiraVision
 2020-01-18 10:21:16 +08:00
mtk07742
581161d905 [ALPS04813157] Add read rule for aee_prop 
Add read rule for debug_mtk_aee_prop in system_server.

MTK-Commit-Id: e7f4b639476e390d3371f2e544c85e73300e0f1b

Change-Id: I63d7e6fa1a64ee41462f7e4be035525bd534a231
CR-Id: ALPS04813157
Feature: [Module]SystemServer
 2020-01-18 10:21:15 +08:00
mtk07742
164ae5b2bd [ALPS04809091] Add search rule for battery_cmd 
Add search rule for proc_battery_cmd in system_server.

MTK-Commit-Id: b40e8c7371e8aaea6e9587a394f2f6b53c258cd4

Change-Id: Ibe9186c1d1127daa88fd2e984e5c0c1512f2196d
CR-Id: ALPS04809091
Feature: [Module]SystemServer
 2020-01-18 10:21:14 +08:00
Robbin Chiu
734efb5717 [ALPS04763245] WMT: Fix sepolicy issue 
[Solution]
Remove SEPolicy rules to fix
high risk sepolicy issues for stp_dump and wmt_loader

MTK-Commit-Id: 00ea2a4d222547ba0872c93521de79b8cb26673f

Change-Id: I8b31383f55f1075488a55c406ecd08bd5b3249af
Signed-off-by: Robbin Chiu <robbin.chiu@mediatek.com>
CR-Id: ALPS04763245
Feature: [Module]WMT Driver
 2020-01-18 10:21:11 +08:00
Freddy Hsin
29ce7c7c25 [ALPS04763256] siu: move uncrypt sepolicy 
1. rename uncrypte.te to uncrypt.te
2. move permission in bsp to basic

MTK-Commit-Id: 13f7243b07dc87cf357da41a5920826c80b1dede

Change-Id: I26363151ce8644a67eb9742d9c507a77abfff129
CR-Id: ALPS04763256
Feature: [Android Default] SIU (SD Image Update)
 2020-01-18 10:21:07 +08:00
Juju Sung
f98ad21ce5 [ALPS04767749] selinux: export fingerprint property 
coredump tool needs to expose system and vendor image
fingerprint to know the relative version info.

MTK-Commit-Id: bb82be1edc85daa3838c5917597d1c25e57bc434

Change-Id: Id29698199ac9081c56ad51f244b75732c9e18894
CR-Id: ALPS04767749
Feature: Android Exception Engine(AEE)
 2020-01-18 10:21:07 +08:00
Denis Hsu
ff55ca78e3 [ALPS04795693] Clear the vendor.powerhal.init for FDE encryption flow 
power-hal would be killed and re-start in the manual encryption flow.
To prevenet the second power-hal would be stuck by other service,
clear the vendor.powerhal.init property.

MTK-Commit-Id: 0ec23aea4fa637f6e1e22a45c9afb914c48d20d8

Change-Id: Idaf2ad7b01337ce94afe507395588e299fb9cb8a
CR-Id: ALPS04795693
Feature: Full Disk Encryption (FDE)
 2020-01-18 10:21:07 +08:00
sharon.feng
bd4bfe1387 [ALPS04807382] Add sepolicy for mediacodec 
[Detail] Hybrid encoder would use /proc/m4u device that we have to enable its access permission.

MTK-Commit-Id: ba554f2ef0c5e78a7f9df483453b04630c557391

Change-Id: I93d40947a40da9d17d63cb0ad79519837b64e643
CR-Id: ALPS04807382
Feature: H.264 Encoder
 2020-01-18 10:21:03 +08:00
sharon.feng
c4a244736f [ALPS04807382] Add sepolicy for mediacodec 
[Detail] Hybrid encoder would use /proc/m4u device that we have to enable its access permission.

MTK-Commit-Id: 95d62cfe0a8c3c5f1b5992717c93872edf435668

Change-Id: I65cc0b24892afaba20a8433e548b05f005078a19
CR-Id: ALPS04807382
Feature: H.264 Encoder
 2020-01-18 10:21:03 +08:00
James Hsu
e72c16be08 [ALPS04774560] mrdump: add sepolicy to drop caches 
add sepolicy to write /proc/sys/vm/drop_caches

MTK-Commit-Id: 87067ad776cde751a3d2d416088df2cc4ef00e0f

Change-Id: I793b166041b051f28dc2d443858bb469ce9edd9c
Signed-off-by: James Hsu <james.hsu@mediatek.com>
CR-Id: ALPS04774560
Feature: Memory RAM Dump (MRDUMP)
(cherry picked from commit 42a3fcaceb572b4bdd6be2b36380383040f1d46b)
 2020-01-18 10:21:03 +08:00
Ian-Y Chen
0386f1b975 [ALPS04802193] EAS: add proc_cpufreq sepolicy 
[Detail]
EAS cannot control CPU freq

[Solution]
Add proc_cpufreq in vendor_init.te

MTK-Commit-Id: 69955d988abbc3ba90ebefdb734212a9ff1e4e19

Change-Id: Id749e5d60bfa29a4b4c131557981b69eed7d5077
CR-Id: ALPS04802193
Feature: Energy Aware Scheduling Plus (EAS+)
 2020-01-18 10:20:59 +08:00
Haojie Li
5e81b738ca [ALPS04475916] D2+ Add M4U SELinux Permission 
[Detail]
add selinux permission for camera

MTK-Commit-Id: f21aac620680035891c6cab33de49a2c02f659eb

Change-Id: I4a0134dda8c8411be3bb2c3a9c69f1e91803a91e
CR-Id: ALPS04475916
Feature: [Android Default] Camera Application Basic Functions
 2020-01-18 10:20:59 +08:00
mtk14723
979f4465f3 [ALPS04359407] EM: modify sepolicy from nvdata to nvcfg 
[Detail]
Modify sepolicy of emhidl from nvdata to nvcfg
for MCF to access nvcfg

MTK-Commit-Id: 1027f0b3abdbca6457c0a20af765d063ea2f9a78

Change-Id: I95bde16e2910fb37d2f9ffc5a0f29f8fb618ec64
CR-Id: ALPS04359407
Feature: Engineering Mode
 2020-01-18 10:20:55 +08:00
mtk11515
69fa27667a [ALPS04799819] add system binder call permission 
[Solution] add system binder call permission
for ATM app change

MTK-Commit-Id: cf3c223076a71f242690524178ac5a5a6f6d651b

Change-Id: I79c6b30d5611d1c8774f25218c65dbf732129fb9
CR-Id: ALPS04799819
Feature: ATM
 2020-01-18 10:20:55 +08:00
Ian-Y Chen
8695ad239f [ALPS04328846] power: add fliperfs policy 
[Detail]
1. Add proc_fliperfs policy
2. Add fliperfs permission to powerhal

MTK-Commit-Id: 519ec87e9f32de2f987acad288224be03b1fdde8

Change-Id: Ie3d58e1e48e0862864a70a281e2c2e3040206f09
CR-Id: ALPS04328846
Feature: [Module]PowerHAL
 2020-01-18 10:20:54 +08:00
bo.shang
34e4338c7e [ALPS04760404] Remove SElinux code 
1. Dont create folder in data by process self

MTK-Commit-Id: 137bc58be1b0069794c7b52db91f8532e406bf31

Change-Id: I20c0ca16c66490b81a03192eb642131b50933933
CR-Id: ALPS04760404
Feature: Modem Log Tool
 2020-01-18 10:20:51 +08:00
Freddy Hsin
b069f1aff7 [ALPS04794271] bootctl: add misc access permission for bootctrl 
add misc access permission for bootctrl

MTK-Commit-Id: 5c7ec0779ccca3fd9f9cc516cdae1b003fed2112

Change-Id: Ia8327de54f3e8e429506f2d58309cf46a1a0513a
CR-Id: ALPS04794271
Feature: [Android Default] SIU (SD Image Update)
 2020-01-18 10:20:50 +08:00
Ian-Y Chen
c3f01bd285 [ALPS04760857] power: remove redundant policy 
[Detail]
Remove SE policy which is used by powerhal

MTK-Commit-Id: 08a121d90319599509142fb1b76a8bae7d287b6b

Change-Id: Idfca0859f22e880ff9ec6d55db315911438f9e53
CR-Id: ALPS04760857
Feature: [Module]PowerHAL
 2020-01-18 10:20:45 +08:00
Vineet Goyal
b5f7f8fef6 [ALPS04793667] MSDC: Change block device path 
Change block device path so that access from user space
need not take care platform-dependent device address.

MTK-Commit-Id: 0c06dba2f545b1ecbf614f6fab0f8f9faef7199a

Change-Id: I68746d22e61259a9bcdbf4124446b9c81077edbe
Signed-off-by: Vineet Goyal <vineet.goyal@mediatek.com>
CR-Id: ALPS04793667
Feature: eMMC Boot Up
 2020-01-18 10:20:45 +08:00
Ian-Y Chen
bf78be7a61 [ALPS04328846] power: add sys_fs_f2fs permission 
[Detail]
Add sys_fs_f2fs permission to PowerHal

MTK-Commit-Id: 4bd3689745cf60eaf6e1f43705b45edba8c71b9d

Change-Id: Ibe9f83936f9b8c60bd94582849d1f9a4672b992a
CR-Id: ALPS04328846
Feature: [Module]PowerHAL
 2020-01-18 10:20:44 +08:00
Huaiming Li
b14829ba29 [ALPS04719663] add some sepolicy rules 
1. set prop to allow vendor init rc set property
2. allow aee_aedv to read reboot reason file

MTK-Commit-Id: c12035a6290abbc0144f8840b2081e8b3e31b0d9

Change-Id: Id1521fab2999bff15ca4f2e2399e16f672636284
CR-Id: ALPS04719663
Feature: Android Exception Engine(AEE)
 2020-01-18 10:20:41 +08:00
Guoyi Qu
cf0ffa1738 [ALPS04760297] SEPolicy Optimize 
Revise high risk SEPolicies.

MTK-Commit-Id: 54290cb8aeb0fbb67310ed0cffe826684158effe

CR-Id: ALPS04760297
Feature: Connsys Log Tool
Change-Id: I369c7a917f8ee9cc95e0db14e552ce9195583a14
 2020-01-18 10:20:40 +08:00
Cui Zhang
ba7ce778ea [ALPS04791203] m4u: add ioctl define for permissioin control 
[Detail]
Add ioctl define for permissioin control
if user need to add m4u permission,
need to add it in its process .te file

MTK-Commit-Id: 450b6a3cf6177d0befee4dbe3e41104c8e957191

Change-Id: If708b999fd398a2388cdf7fc764d91814a9bbf86
Signed-off-by: Cui Zhang <cui.zhang@mediatek.com>
CR-Id: ALPS04791203
Feature: [Module]ION/M4U
 2020-01-18 10:20:36 +08:00
Ian-Y Chen
19ad399e64 [ALPS04328846] power: enable cache audit 
[Detail]
1. Add label for cache audit
2. Add permission to PowerHal

MTK-Commit-Id: b0f9581a8cb23b9dcb655b33b7255aedb597574e

Change-Id: Iea67821d04cb287c3492bf2eb6f3c4adc07aef84
CR-Id: ALPS04328846
Feature: [Module]PowerHAL
 2020-01-18 10:20:33 +08:00
Peter Wang
e32b6f7663 [ALPS04786311] eMMC : patch clear eMMC fail in factory 
When clear eMMC, need umount bootfs, add permission to stop
mdlogger process which access bootfs.

MTK-Commit-Id: 9ebab1fae0665a8c08af9b2d59b52a40f570054b

Change-Id: If4a9667906698b812a45b17d1162df3db3ed61f3
CR-Id: ALPS04786311
Feature: Factory Mode
 2020-01-18 10:20:33 +08:00
Peter Wang
af17e4d54a [ALPS04786311] eMMC : patch clear eMMC fail in factory 
When clear eMMC, need umount bootfs, add permission to stop
mdlogger process which access bootfs.

MTK-Commit-Id: 2d39dc0341e703f5ae92797146c0d2cec8defe77

Change-Id: I32bb7e94db970361a9f3a345f0cf7541fc9fd634
CR-Id: ALPS04786311
Feature: Factory Mode
 2020-01-18 10:20:32 +08:00
Gang Xu
667f0f00df [ALPS04785930] Add ICCID to sensitive property 
ICCID belongs to sensitive information and is not allowed to print.
Add IMSI property to sensitive group and it is not printed in
mtklogger property files.

MTK-Commit-Id: 9a8e54973852a5afc01083ffe6ef2b7ac91d9347

Change-Id: I6e8a799bc5299deca730add0d0dfee77550b2a63
CR-Id: ALPS04785930
Feature: Mobile Data Service
 2020-01-18 10:20:28 +08:00
Jimmy Lai
b1dfbc5f60 [ALPS04763260] Fix Permission 
add sysfs_device_tree_model sepolicy
/firmware/devicetree/base/model

MTK-Commit-Id: 1b81ac4c2d260969ee02b1ffa81cf0bdfb99d019

Change-Id: I9c9bc011ec7f35a264af3bee6340991e9c2a2bec
CR-Id: ALPS04763260
Feature: [Module]Video Driver
 2020-01-18 10:20:28 +08:00
Cosmo Sung
d5f4f31ade [ALPS04773384] SeLinux permission 
Remove general socket permission.

MTK-Commit-Id: 82b1e7c7fdc88ecec8fe72e2dc97023feda7f932

Change-Id: I48cb912ae8aa3480476dd451d7ebb0657a1c3793
CR-Id: ALPS04773384
Feature: DSDS (Dual SIM Dual Standby) Framework-Common Framework(RIL)
 2020-01-18 10:20:24 +08:00
jerry-sc.wu
31f4d86bf1 [ALPS04763250] Thermal: SEPolicy de-risk 
[Detail]
1. using set_prop for SEPolicy optimize.
2. modify high risk sysfs write operation for security.

MTK-Commit-Id: 48b34c3013d5402a3d6253945d3b41a148f0d167

Change-Id: I9657ab3f5eee2616f452a442fb6201779edd831c
Signed-off-by: jerry-sc.wu <jerry-sc.wu@mediatek.com>
CR-Id: ALPS04763250
Feature: Thermal Management
 2020-01-18 10:20:24 +08:00
Ian-Y Chen
c947a234d9 [ALPS04760762] power: remove high risk policy 
[Detail]
Remove procfs and sysfs root permission

MTK-Commit-Id: 1af6e86e9f71ef919ec46a7eda2f2901a5c63a80

Change-Id: I3ddea266511017eba1b51d7879be3a5a81b497e6
CR-Id: ALPS04760762
Feature: [Module]PowerHAL
 2020-01-18 10:20:20 +08:00
Wilma wu
854a8b9f99 [ALPS04387262] RTC: label sysfs_rtc files 
fix hctosys permission.

MTK-Commit-Id: 58c00437a1e1bd2c06f4745ce38c505f36ea32e4

Change-Id: I878a9bbe0f3d42d2dd3e205c3bcc2108c8976889
Signed-off-by: Wilma wu <wilma.wu@mediatek.com>
CR-Id: ALPS04387262
Feature: RTC-Power Drop Auto Reboot
 2020-01-18 10:20:20 +08:00
Huaiming Li
ebb30438c8 [ALPS04776332] fix google dumpstate avc issue 
[Detail]
09-05 15:58:31.552000  9693  9693 W df      : type=1400 audit(0.0:990):
avc: denied { search } for name="expand" dev="tmpfs" ino=10779
scontext=u:r:dumpstate:s0 tcontext=u:object_r:mnt_expand_file:s0 tclass=dir permissive=0

[Solution]
add sepolicy rule:
allow dumpstate mnt_expand_file:dir search;

MTK-Commit-Id: 2117b8897e13ad2e52f8f7b9b16532e20cc8f477

Change-Id: I428cc52d30c3396d9d355af286bcdaa94d170eec
CR-Id: ALPS04776332
Feature: Android Exception Engine(AEE)
 2020-01-18 10:20:13 +08:00
yuhui.zhang
92bb4e88bb [ALPS04316338] Fix wcn coredump JE problem 
[Detail]
Wcn coredump move to vendor on Android Q. EM need to set property by
vendor hidl

MTK-Commit-Id: 7b93a89746c7d9f5c2672418babb22c9a23513b0

Change-Id: I9ff4d54918c9becab9dcaaae9f5cbb3d04d17ac6
CR-Id: ALPS04316338
Feature: Engineering Mode
 2020-01-18 10:20:13 +08:00