1. allow domain process can use fd
2. allow domain process can write data to file in /data/vendor/aee_exp/
MTK-Commit-Id: 7b021c62aa51a474e12c59a805f97b27b940e357
Change-Id: I286e248c8fd3fe05492753a91806c19ffce0079d
CR-Id: ALPS04864227
Feature: Android Exception Engine(AEE)
Remove it first; user has to add it back later with specified file.
MTK-Commit-Id: b01231f987504c3e0826537cb126f7a4c5cfe715
Change-Id: I03a2ffd9b109f8712fc2c7b37cf335ba0f1daadc
CR-Id: ALPS04760813
Feature: H.264 Encoder
[Detail]
Make EM BT functions have right to access NVRAM
MTK-Commit-Id: 48b88d77cbc4334a61b5ae0cabcfd296fc3a699d
Change-Id: Ib82b72c26068ea8cd09a170d252089885d9c7fb0
CR-Id: ALPS04859964
Feature: Engineering Mode
(cherry picked from commit 257e62c385534b7690039f7a8dc9436b8d4d63ef)
Add search rule for proc_chip and setsched rule for zygote in system_server.
MTK-Commit-Id: e6b2c39860f7cb83d54f1c01b9fe90969d8ede3b
Change-Id: If7fb47b1873a688b047a919eb726e18f4daadc19
CR-Id: ALPS04855246
Feature: [Module]SystemServer
[Detail]
It has risk for allow process to get permission of atag,chipid
by using u:object_rsysfs:s0
To avoid that, need to add specail SELabel for atag,chipid
[Solution]
Add specail SELabel for atag,chipid
MTK-Commit-Id: b727ba4e2b59c1dbe59f5e1d9f6b9c5d94c5ffad
Change-Id: Ibaf69f387015790c657783bb1234e584e56f67aa
CR-Id: ALPS04833608
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
[Detail]
It has risk for allow process to get permission of /proc/chip by
using u:object_r:proc:s0
To avoid that, need to Add specail SELabel for /proc/chip
[Solution]
Add specail SELabel for /proc/chip
MTK-Commit-Id: 84d8e9654281e4f7ee8a602e91084c320feff658
Change-Id: Ia6d4be26491fa11f81734cbb80b0b98b2b88f64a
CR-Id: ALPS04833608
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
[Solution]
When run VTS test, theres no WOS module due to its AOSP system image.
So we need to skip the edpg related function.
MTK-Commit-Id: 8f8e5faded18d6bcee1eb96dba37a2d708f3995f
Change-Id: I9cee39eea1dd75bccf6cc442f16ed3fe4e72ae95
CR-Id: ALPS04817575
Feature: WiFi Calling Service
[Detail]
There is SE Linux warning when system server
uses perf lock api
[Solution]
Add sysfs_boot_mode permission
MTK-Commit-Id: ab3e875f72f0ec5a55cb7682d6ac4a21f6dfe6dc
Change-Id: Ifd9c2acb54022de9297f7c7b62516a58fdf1c25b
CR-Id: ALPS04838812
Feature: [Module]PowerHAL
coredump tool needs to expose system and vendor image
fingerprint to know the relative version info.
MTK-Commit-Id: e8794c35f056dfeb20c0dff8b8aa506bd938fbd6
Change-Id: I009e10ccc8838b032d2192055fe1defcf81cebee
CR-Id: ALPS04823486
Feature: Android Exception Engine(AEE)
Add rules for proc_wlan_status and sysfs_pages_shared and
sysfs_pages_sharing and sysfs_pages_unshared and sysfs_pages_volatile.
MTK-Commit-Id: 7c7249f4597a69f068100da07e2773962c0bdba7
Change-Id: I6a3d7823295fd19b934ac0a28bef1f14ca8de2fa
CR-Id: ALPS04821191
Feature: [Module]SystemServer
coredump tool needs to expose system and vendor image
fingerprint to know the relative version info.
MTK-Commit-Id: bb82be1edc85daa3838c5917597d1c25e57bc434
Change-Id: Id29698199ac9081c56ad51f244b75732c9e18894
CR-Id: ALPS04767749
Feature: Android Exception Engine(AEE)
power-hal would be killed and re-start in the manual encryption flow.
To prevenet the second power-hal would be stuck by other service,
clear the vendor.powerhal.init property.
MTK-Commit-Id: 0ec23aea4fa637f6e1e22a45c9afb914c48d20d8
Change-Id: Idaf2ad7b01337ce94afe507395588e299fb9cb8a
CR-Id: ALPS04795693
Feature: Full Disk Encryption (FDE)
[Detail] Hybrid encoder would use /proc/m4u device that we have to enable its access permission.
MTK-Commit-Id: ba554f2ef0c5e78a7f9df483453b04630c557391
Change-Id: I93d40947a40da9d17d63cb0ad79519837b64e643
CR-Id: ALPS04807382
Feature: H.264 Encoder
[Detail] Hybrid encoder would use /proc/m4u device that we have to enable its access permission.
MTK-Commit-Id: 95d62cfe0a8c3c5f1b5992717c93872edf435668
Change-Id: I65cc0b24892afaba20a8433e548b05f005078a19
CR-Id: ALPS04807382
Feature: H.264 Encoder
This effectively disables LD_PRELOAD for init children and breaks
loading of libdirect-coredump. This, however, is needed to avoid
layering violation and is the right thing to do long term.
MTK-Commit-Id: dafd04d1c1bbf0dae863774bfbd2c76cfecb2d98
Bug: 140789528
Test: Boot with boringssl_self_test32 enabled.
Change-Id: Id10c673694431dfae2fff401598e808a71e397ca
CR-Id: ALPS04767749
Feature: Android Exception Engine(AEE)
[Detail]
EAS cannot control CPU freq
[Solution]
Add proc_cpufreq in vendor_init.te
MTK-Commit-Id: 69955d988abbc3ba90ebefdb734212a9ff1e4e19
Change-Id: Id749e5d60bfa29a4b4c131557981b69eed7d5077
CR-Id: ALPS04802193
Feature: Energy Aware Scheduling Plus (EAS+)
[Detail]
Modify sepolicy of emhidl from nvdata to nvcfg
for MCF to access nvcfg
MTK-Commit-Id: 1027f0b3abdbca6457c0a20af765d063ea2f9a78
Change-Id: I95bde16e2910fb37d2f9ffc5a0f29f8fb618ec64
CR-Id: ALPS04359407
Feature: Engineering Mode
1. Dont create folder in data by process self
MTK-Commit-Id: 137bc58be1b0069794c7b52db91f8532e406bf31
Change-Id: I20c0ca16c66490b81a03192eb642131b50933933
CR-Id: ALPS04760404
Feature: Modem Log Tool
Android Q and R have different policy in basic.
We sync it from Q policy and fix R neverallow rule
MTK-Commit-Id: 67144e1e0efe28d30381b1f3a98728c1a87e396e
Change-Id: Id7c92fa79976951c86d1286262f684e8f747427b
CR-Id: ALPS04793867
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
[Detail]
Remove SE policy which is used by powerhal
MTK-Commit-Id: 08a121d90319599509142fb1b76a8bae7d287b6b
Change-Id: Idfca0859f22e880ff9ec6d55db315911438f9e53
CR-Id: ALPS04760857
Feature: [Module]PowerHAL
Change block device path so that access from user space
need not take care platform-dependent device address.
MTK-Commit-Id: 0c06dba2f545b1ecbf614f6fab0f8f9faef7199a
Change-Id: I68746d22e61259a9bcdbf4124446b9c81077edbe
Signed-off-by: Vineet Goyal <vineet.goyal@mediatek.com>
CR-Id: ALPS04793667
Feature: eMMC Boot Up
[Detail]
Add ioctl define for permissioin control
if user need to add m4u permission,
need to add it in its process .te file
MTK-Commit-Id: 450b6a3cf6177d0befee4dbe3e41104c8e957191
Change-Id: If708b999fd398a2388cdf7fc764d91814a9bbf86
Signed-off-by: Cui Zhang <cui.zhang@mediatek.com>
CR-Id: ALPS04791203
Feature: [Module]ION/M4U
