[Detail]
Google introduced new neverallow rule for restricting core_domain &
non-core_domain communication via data partition.
This patch removes MTK sepolicy rules which violate neverallow rule.
MTK-Commit-Id: 2f3ae1f106cdf28f00ee75638dd77fd8242f9746
Change-Id: If6c64eec4f3cf5760988e3c266da83d1d93e649f
CR-Id: ALPS03897468
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
[Detail]
remove workaround of data between core and vendor violator
1. remove audioserver.te violated setting
violated by allow audioserver nvdata_file:dir
violated by allow audioserver nvram_data_file:dir
violated by allow audioserver thermal_manager_data_file:dir
violated by allow audioserver mtk_audiohal_data_file:dir
violated by allow audioserver thermal_manager_data_file:file
violated by allow audioserver nvram_data_file:file
violated by allow audioserver nvdata_file:file
2. remove mtk_hal_audio.te violated setting
violated by allow mtk_hal_audio system_data_file:dir
violated by allow mtk_hal_audio media_rw_data_file:dir
violated by allow mtk_hal_audio radio_data_file:dir
violated by allow mtk_hal_audio radio_data_file:file
violated by allow mtk_hal_audio system_data_file:lnk_file
violated by allow mtk_hal_audio system_data_file:file
violated by allow mtk_hal_audio media_rw_data_file:file
audiohal_data_file is defined as core_data_file_type
it cant use in vendor partition. temporarily remove it.
MTK-Commit-Id: c0453cc6ede361322deb8f138055accc473511b8
Change-Id: I15649ad3351f1a7ee29956668862aad05efc0778
CR-Id: ALPS03898061
Feature: Phone Sound
[Detail] Property rename in sepolicy
[Solution]
According P property rule
MTK-Commit-Id: dccca517eb8386e9e509da7461dddd82e3cbb06d
Change-Id: I9b38830f8792d40c954f251656d5623bb6c731c6
CR-Id: ALPS03888283
Feature: SP META Tool
[Detail]
Move MTK mount point to /mnt/vendor
MTK-Commit-Id: b82563f14020ab90a563ec3c9ce14e6c3bbe7531
Change-Id: I8699303125d48589baf0f2b768cf66b848da7357
CR-Id: ALPS03892700
Feature: eMMC Boot Up
[Detail] vendor binary cannot set debug_prop
after enabling PRODUCT_COMPATIBLE_PROPERTY_OVERRIDE
[Solution] Mark it
MTK-Commit-Id: ab4a34b8a5afdef574ac2f42464925832328d48b
CR-Id: ALPS03881723
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
Change-Id: I9bed16503eb2d1e3f31f1225d58c99b42ca61940
[Detail]
1. remove md_ctrl.te because we dont use md_ctrl in P.
2. remove debugfs_tracing policy
3. remove nvdata, protect_f, protect_s policy
MTK-Commit-Id: d4e5c9893970f0b214b518cba5f9300f130eace9
Change-Id: Iaafc30124fd69ef2b989b9e4e51d71a37d9571e9
CR-Id: ALPS03891225
Feature: Multi-Storage
[Detail]
AOSP has defined neverallow rules
to restrict direct access to system files.
[Solution]
Since MTK does not use "/data/misc/bluedroid/" to
store BT address. It should be alright to remove
this kind of thing.
MTK-Commit-Id: 5b3aae9aebd39c24a3846c27c7ca9fceda9513d3
Change-Id: I5a8420e9f5259259b2bd11a6da033a140f0bea7c
CR-Id: ALPS03893095
Feature: BT Chipset Capability
[Detail]
Android has defined neverallow rules
to restrict direct access to system files.
We need to have a custom label for each policy.
[Solution]
Define custom label for drmserver
MTK-Commit-Id: 996de9ff486db13908f6d58b476613957d4f336d
Change-Id: I34c8d86c1baf9daa02e29323007e4136c6048b31
CR-Id: ALPS02333452
Feature: OMA DRM V1.0
[Detail]
1.Google add new neverallow rule for untrusted apps
2.The file/dir in /proc must associate with proc_type
[Solution]
1.Remove rules which violate google neverallow rules
about untrusted apps
2.Add proc_type attribute for file/dir on /proc
MTK-Commit-Id: b94412725e3a7b18db9573056c2fb43367989ed5
Change-Id: I89de16a65f05d052969c794604b9c372ed1ce7e1
CR-Id: ALPS03825066
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
[Detail]
Android has defined neverallow rules
to restrict direct access to system files.
We need to have a custom label for each policy.
[Solution]
Define custom label for drmserver
MTK-Commit-Id: c84c43b87a6ac2651a0562b8818bc66516e4a50b
Change-Id: Ide4fc49628508aee77e67f3213749210430153a3
CR-Id: ALPS02333452
Feature: OMA DRM V1.0
[Detail]
Mobile Log selinux rule porting:
1. fix the violation on P
2. relable some kernel interfaces.
MTK-Commit-Id: 4108ed13f3e7693c3642b6f073c5444f133b3c38
Change-Id: I1fac185779510f10b9b94bdf6ec40573237d846a
CR-Id: ALPS03886572
Feature: Mobile Log Tool
