Add file & dir permission on gpu, proc_ged, and debugfs_ion
MTK-Commit-Id: b27f71d9a9c557042c7844b034d26c5a58895204
Change-Id: Ie0dce4d5fba5cfdce1b76cdd8706d81f010a3771
CR-Id: ALPS04669482
Feature: Video Player
1. Add codes to handling to NR cell in SUPL task.
2. Avoid AVC messages due to gps_data_file
MTK-Commit-Id: aa1f052111fecc95e8af838f16a34cf2f2695f60
Change-Id: Id47d9ab2999ca482f4ec077a0d0d38f4060135ca
CR-Id: ALPS04671051
Feature: A-GPS
[Detail]
mtk_em_tel_log_prop is defined in bsp/, the rule in basic/ will
cause error while building basic project.
[Solution]
Move the rule of mtk_em_tel_log_prop from basic/ to bsp/.
MTK-Commit-Id: 0d04d80f653343466407bd1dd3b260bfdd0859a9
Change-Id: Ibb01bd54502f5178fc35429c5df128a6c319e812
CR-Id: ALPS04668349
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
[Detail]
There are some selinux violation for app in MTBF,
need to add some sepolicy for them.
[Solution]
1.Add sepolicy
2.Move sepolicy of untrusted_app_* to untrusted_app_*.te
3.Modify sepolicy
MTK-Commit-Id: 62b5c74c6d1d85acf0184fc18fca0b40c4a8e60c
Change-Id: Icac33ccc54b691ee0e4ab7088f77adb1c1a4a549
CR-Id: ALPS04640303
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
add recovery.te to grant the permission under
recovery of basic function
MTK-Commit-Id: 5484785e1a1d5a45616e8b75b7bf42274314b042
Change-Id: I8bdfb2bc847154fb5b1c3ce4515541047c6df3b4
CR-Id: ALPS04658973
Feature: [Android Default] SIU (SD Image Update)
[Detail]
There is a workaround for bring-up,
now it needs to be modified.
[Solution]
1.Split workaround to sepcial *.te
2.Modify ged sepolicy
3.Modify mistake
4.Add sepolicy
MTK-Commit-Id: 5a2b7e3fdc826a7ca6bc70a3810f14c1661e7d79
Change-Id: I0894de45e014a5eae754e35b57fbc9b21bc4bf90
CR-Id: ALPS04639771
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
[Detail]
md_monitor will build to vendor image, now it will use HIDL to connect
with JAVA user.
device.mk, SELinux policy about md_monitor need change from system to
vendor, and add relate contents for HILD service.
MDML change:
PlainDataDecoder now need use new constructor with a context, old
constructor will throw an Exception.
For single modem bin:
layout and filter bin file will move from /data/md_mon to
/data/vendor/md_mon. JAVA user shall get layout file via HIDL, then
save a temp file in its cache folder.
For non-single modem bin:
layout file move from /system/etc/mddb/ to /vendor/etc/mddb/, filter bin
file move from /system/etc/firmware/ to /vendor/etc/firmware/. And
system process can access /vendor/etc/. So dont need other change.
MTK-Commit-Id: be91b65d9497e3190ea1127bc71ed2abcb32ed98
Change-Id: I5c99f81c4be7a9f41d3b955156ab3e50ec655d97
CR-Id: ALPS04660543
Feature: Modem Monitor(MDM) Framework
New feature:
Add selinux of HIDL service and client.
Use HIDL copy modem db and filter from vendor image
to data partition for modem log tool.
MTK-Commit-Id: 7fadaf0f2a60d05d7464264ef9e23a75ca27bb66
Change-Id: I12cc8614537f30e90a1717f9838c52283342eb55
CR-Id: ALPS04532537
Feature: Modem Log Tool
[Detail]
For Andorid Q, there is a more stringent restriction
for ioctl, app need to access pipe by ioctlcmd=0x5402.
avc: denied { ioctl } for comm="kd" path="pipe:[7173861]"
dev="pipefs" ino=7173861 ioctlcmd=0x5402
scontext=u:r:untrusted_app_25:s0:c512,c768
tcontext=u:r:untrusted_app_25:s0:c512,c768
tclass=fifo_file permissive=0 app=com.tencent.qqpimsecure
[Solution]
Add sepolicy for app to access pipe by ioctlcmd=0x5402
MTK-Commit-Id: d38b9f7f97aab7b23d80d0f3aac8e25a790c8c91
Change-Id: I5ac20bf2dffa0c297b32aaebd75db9e04c35cc79
CR-Id: ALPS04654001
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
[Detail]
In kernel 4.14, selinux security need to check if the process has the
map permission of mmap inode. App need the map permission to
read radio_data_file.
[Solution]
Add map permission for app to read radio_data_file.
MTK-Commit-Id: 698e603818ff37a59212a37a41ecbec8e8e30233
Change-Id: I8982ddbff40cfd7280c0a3dc5e8d2f6b6394e747
CR-Id: ALPS04653992
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
Feature - Userdata Checkpoint
We will format the metadata partition(md_udc) in first boot-up,
because it is a RAW data part, so giving the permission grant
to e2fs.
MTK-Commit-Id: de837a8e097cad8067f5d653370545b51f8d457e
Change-Id: Iaebc665979ab36422b6df846a2f05450c222d1f5
CR-Id: ALPS04304578
Feature: [Android Default] F2FS File System
Add SELINUX policy for mobile_log_d to save log in /data/debuglogger
and for getting log from adb.
MTK-Commit-Id: 8775f10bd89be7ac112cbc56daf422814f0f385f
Change-Id: I39e5e1d0ccb2381ef302c187ff83a9e9cb0fa959
CR-Id: ALPS04649268
Feature: Mobile Log Tool
For Meta mode, we use the property to notify meta tool that NVRAM
has read. Set the selinux rule for this property.
MTK-Commit-Id: 0cafb33d13392e6a676930814e3df3ba27fb146b
Change-Id: I62ca6e004861720eb43b90ace6f5fff85da49298
Signed-off-by: Facer Pei <facer.pei@mediatek.com>
CR-Id: ALPS04331131
Feature: [Module]Wi-Fi Driver
(cherry picked from commit bf9cdf5f2598cecdc0b5f4fd1b1016b9fd77dfd6)
(cherry picked from commit a846ce17a1eedc26d31b6c82b2583f58cd8e53f5)
(cherry picked from commit 8f6643f055c69d5b45e17048ce9a76311d6fdd92)
