NekoSakura/android_device_mediatek_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,172 Commits 2 Branches 0 Tags
Commit Graph

10 Commits

Author SHA1 Message Date
Sayali Lokhande
e52cb818b3 non_plat: Allow kernel to search debugfs_mmc dir 
Debugfs is failed to be initialized because of the denial below.
Add selinux policy to fix it.
avc: denied { search } for comm="kworker/0:1" name="mmc0"
dev="debugfs" ino=6562 scontext=u:r:kernel:s0
tcontext=u:object_r:debugfs_mmc:s0 tclass=dir permissive=0

CRs-Fixed: 2636489
Change-Id: I831a363d448b3efe11960c3937b04dbca80d37f3
 2021-01-18 21:42:58 +05:30
Aayush Gupta
22380a4614 non_plat: Label /dev/tee* and grant required perms to domains 
/dev/tee* are accessed by domains that interact with TEE and thus
require access to them too.

Test: Boot and observe that denials are not visible in logs anymore

Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
Change-Id: I7b0944a1063da8561d2928e4110674ce4845ecea
 2020-12-30 17:00:34 +05:30
Shane Chien
c869528f64 [ALPS03953773] Audio: Add permission for SmartPA calibration 
Add permission for SmartPA calibration in factory
mode, otherwise it will encounter avc denied in
SmartPA calibration test case.
mtk_audiohal_data_file:dir { read search open } is
merged to mtk_audiohal_data_file:dir create_dir_perms.

MTK-Commit-Id: e26e9c0120f4907d966986cc50c4d964ae816c98

Change-Id: I38c25d06426afcc2f83b4ee646cba510dde71817
CR-Id: ALPS03953773
Feature: DSP SmartPA
 2020-01-18 10:07:22 +08:00
PoYen Wu
e0b43e5996 [ALPS03751935] vow: allow VOW thread write PCM dump 
1. Allow VOW kthread write Bargein PCM dump to debug

MTK-Commit-Id: 8a90bdefd5243f4984ebe273a3b490dbc4316365

Change-Id: I11f34f63aea07325ec50407937c038e5c91fa64d
Signed-off-by: PoYen Wu <poyen.wu@mediatek.com>
CR-Id: ALPS03751935
Feature: MagiEar-Voice Wakeup
 2020-01-18 10:07:07 +08:00
Vincent Sung
aa64d98da4 [ALPS04014572] GPU: Security firmware binary load 
[Detail]
Add sepolicty for fw load from kernel on vendor partition

MTK-Commit-Id: cdd1518aac6771b0e6276e07831d8acaa887ad03

Change-Id: I2789c865d401e7a1b85ecb9dea4db52c7839f17d
CR-Id: ALPS04014572
Feature: OpenGL|ES
 2020-01-18 10:04:58 +08:00
mtk12101
722798a334 [ALPS03982747] Remove unused sepolicy rules 
Some rules is no need any more, need to remove it.

MTK-Commit-Id: 49685f1299d990a7195a2d54b955517d8f2cc699

Change-Id: I4a590ad781589cf94989ce72c88751ac10b82eae
CR-Id: ALPS03982747
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 10:02:25 +08:00
Sam-KY Lin
3006c81521 [ALPS03897468] kernel: remove sepolicy which violate neverallow rule 
[Detail]
Google introduced new neverallow rule for restricting core_domain &
non-core_domain communication via data partition.
This patch removes MTK sepolicy rules which violate neverallow rule.

MTK-Commit-Id: 2f3ae1f106cdf28f00ee75638dd77fd8242f9746

Change-Id: If6c64eec4f3cf5760988e3c266da83d1d93e649f
CR-Id: ALPS03897468
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 09:42:23 +08:00
mtk11285
07c11d89ba [ALPS03841705] modify aee_core_forwarder selinux rule 
[Detail]
transfer aee_core_forwarder form /vendor/bin to /system/bin,
so modify aee_core_forwarder selinux rule.

[Solution]

MTK-Commit-Id: 5a583b375a0d33032e8004e1818f05c75363e4f5

Change-Id: I9ff1d0b5d521ce2f09780146f6b75c5378d03d4d
CR-Id: ALPS03841705
Feature: Android Exception Engine(AEE)
 2020-01-18 09:40:34 +08:00
Bo Ye
5849c224e3 [ALPS03825066] P migration selinux build failed fix 
1. Mark polices which accessing proc/sysfs file system
    2. Add violator attribute to modules violate vendor/system rule.

MTK-Commit-Id: 3954cad7a1428cda694d8428c2235a78aa6e7cc8

Change-Id: I401ae5b87eb9a03f324bef83c6678149606b15a8
CR-Id: ALPS03825066
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 09:29:36 +08:00
Chunyan Zhang
37e0caa36e import from mediatek/master to mediatek/alps-mp-o1.mp1 
Change-Id: Ic78db8195c5c51f85c9c6fd3ef8333489afd6e79
MTK-Commit-Id: 848bf57127be9d01fd1df4aab95737855456afee
 2020-01-18 09:29:32 +08:00