NekoSakura/android_device_mediatek_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,167 Commits 2 Branches 0 Tags
Commit Graph

8 Commits

Author SHA1 Message Date
Aayush Gupta
9ef4675f68 non_plat: Allow all domains to search debugfs_ion dir 
[   12.536452] .(1)[399:logd.auditd]type=1400 audit(1262323310.848:231): avc: denied { search } for comm="audio@5.0-servi" name="clients" dev="debugfs" ino=3111 scontext=u:r:mtk_hal_audio:s0 tcontext=u:object_r:debugfs_ion:s0 tclass=dir permissive=1
[   59.661176] .(0)[399:logd.auditd]type=1400 audit(1609417550.280:331): avc: denied { search } for comm="RenderThread" name="clients" dev="debugfs" ino=3111 scontext=u:r:system_app:s0 tcontext=u:object_r:debugfs_ion:s0 tclass=dir permissive=1
[   50.275600] .(4)[399:logd.auditd]type=1400 audit(1609417547.748:325): avc: denied { search } for comm="RenderThread" name="clients" dev="debugfs" ino=3111 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:debugfs_ion:s0 tclass=dir permissive=1 app=com.android.launcher3

Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
Change-Id: Ib8c7e944e95851d5ceef42bb3ea88c77c3cc7e0b
 2021-01-03 10:04:01 +05:30
Huaiming Li
812b6fe928 [ALPS04864227] add selinux rules for fixing system API dump issue 
1. allow domain process can use fd
2. allow domain process can write data to file in /data/vendor/aee_exp/

MTK-Commit-Id: 7b021c62aa51a474e12c59a805f97b27b940e357

Change-Id: I286e248c8fd3fe05492753a91806c19ffce0079d
CR-Id: ALPS04864227
Feature: Android Exception Engine(AEE)
 2020-01-18 10:21:51 +08:00
Shanshan Guo
f4c7151104 [ALPS04760380] SEPolicy: remove unused sepolicies of libudf.so 
[Detail]
libudf.so has been place in both system and vendor,
so dont need these sepolicies anymore.

[Solution]
Remove unused sepolicies of libudf.so

MTK-Commit-Id: 8e79905072cf0855c1c50c679681fd33b936b54f

Change-Id: I051c61e5be725dab8b3375adc6f52882556cc3c1
CR-Id: ALPS04760380
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 10:19:19 +08:00
Juju Sung
9ca13651c2 [ALPS04239425] Sepolicy: remove neverallow rule 
[Detail]
app_zygote.te violated by allow app_zygote aee_aed:unix_stream_socket { connectto };
domain.te violated by allow aee_aedv debugfs:lnk_file { read };
We remove two policy to prevent build break.

MTK-Commit-Id: 7035ebb6f8308dc756848a173bb2a412d421f9b3

Test: Build only
Change-Id: I6b228a38d5953e2ceaa41c4193d2bf6c14bee581
CR-Id: ALPS04239425
Feature:Android Exception Engine(AEE)
 2020-01-18 10:08:09 +08:00
Juju Sung
12bc2025e2 [ALPS04239425] Sepolicy: fix undefined type declration 
[Detail]
Unknown type:untrusted_v2_app,alarm_device,qtaguid_proc,mtd_device
Duplicated type:proc_slabinfo

MTK-Commit-Id: 11ccfcffb994452eb58a697e94a8da748ac73933

Change-Id: I2e847041d14d6b6613044cfaa98f242b7fd9381a
CR-Id: ALPS04239425
Feature: Build System
 2020-01-18 10:08:05 +08:00
Bo Ye
3ace839be3 [ALPS03825066] Mark file context to fix build fails 
Restore the policies accessing files labeled
    as proc_xxx or sysfs_xxx, but there are some
    exceptions for coredomain process, such as
    meta_tst,dump_state,kpoc_charger

MTK-Commit-Id: 7953b5203bb3cac099c3326d330643b4cd73746d

Change-Id: I4b16c09c352891783e837bea370c264966ca6d13
CR-Id: ALPS03825066
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 09:29:41 +08:00
mtk12101
bbecfaa68b [ALPS03825066] Resolve vendor violates 
[Detail] Google add new neverallows rules on android P,
some rule violate the rules

[Solution] Remove the rules which violate google new rules

MTK-Commit-Id: ff683b4eee0a6dd95ff25fbb6c7d1fc3a79c604d

Change-Id: Iead494212c6adcec234eaef14c83d1f8c7a49deb
CR-Id: ALPS03825066
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 09:29:34 +08:00
Chunyan Zhang
37e0caa36e import from mediatek/master to mediatek/alps-mp-o1.mp1 
Change-Id: Ic78db8195c5c51f85c9c6fd3ef8333489afd6e79
MTK-Commit-Id: 848bf57127be9d01fd1df4aab95737855456afee
 2020-01-18 09:29:32 +08:00