NekoSakura/android_device_mediatek_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
348 Commits 2 Branches 0 Tags
Commit Graph

49 Commits

Author SHA1 Message Date
mtk11285
5c7942168d [ALPS03948310] add sepolicy 
[Detail]
1. add sepolicy for aeev
2. add sepolicy for dumpstate hal service

[Solution]

MTK-Commit-Id: c9a341625f9f299341a0ba5ec02db3ffb2cf7edc

Change-Id: Ida4c75fc762293005b1f7942dd23efb9540d5e13
CR-Id: ALPS03948310
Feature: Android Exception Engine(AEE)
 2020-01-18 09:59:28 +08:00
Juan Rong
4fef319c9b [ALPS03951067] EM: selinux for battery 
[Detail]
allow EM access battery info

MTK-Commit-Id: cdcee8fe601a984182ded4522acadfe6b70dec66

Change-Id: Ic55a779d3d6883d1dd0828258ff3bf084c8d7706
CR-Id: ALPS03951067
Feature: Fuel Gauge
 2020-01-18 09:58:35 +08:00
Chunlan Wang
c93290f067 [ALPS03932298] Factory Mode: move to vendor partition 
[Solution]
Factory mode should build in vendor partiton, so move
factory from system partition to vendor partition

MTK-Commit-Id: c55354593a97aed3af9d0b2584037d03d3d2669c

Change-Id: I5a607b60f9ac974380c5e440a6fa0c51797d6b1b
CR-Id: ALPS03932298
Feature: Factory Mode
 2020-01-18 09:58:07 +08:00
Dengwei Xu
e6294bbe3f Merge "[ALPS03914002] Add sepolicy rule for EM" into alps-trunk-p0.basic 
Change-Id: I5c768f5071bb72fb6f9381e7bfada2d5560b010e
MTK-Commit-Id: 458bba642d58b96a046575e9e696a854e4599f77
 2020-01-18 09:57:48 +08:00
yuhui.zhang
7952f3fc53 [ALPS03914002] Add sepolicy rule for EM 
[Detail]
1. Add SEPolicy rule for battery log
2. Add SEPolicy rule for EM setting property

MTK-Commit-Id: e59cf4c98b75739a0e2e58f098174747951bda5d

Change-Id: Ic6cc12fe0a26d2fad5dd6196d598a21fd96b25cb
CR-Id: ALPS03914002
Feature: Engineering Mode
 2020-01-18 09:57:40 +08:00
Denis Hsu
756781b45f Merge "[ALPS03943904] Act storagemanagerd as vold context" into alps-trunk-p0.basic 
Change-Id: Iad441b1c1dae1037468921f9fb4ea0260abc0f67
MTK-Commit-Id: 773b91887f849e607c7a27d460eb8935e8e09c60
 2020-01-18 09:57:27 +08:00
Denis Hsu
0b03f73f0c [ALPS03943904] Act storagemanagerd as vold context 
[Detail]
In order to meet selinux limitation, storagemanagerd act as
vold context to mount storages

[Solution]
Add the following line in file_contexts.
/system/bin/storagemanagerd u:object_r:vold_exec:s0

MTK-Commit-Id: 0b309fd0afc84f3da0ea91a324dca6f824366537

Change-Id: I68e568b8e7d37d218ae88e82cdd509c32abaea66
CR-Id: ALPS03943904
Feature: Mobile Log Tool
 2020-01-18 09:57:15 +08:00
Linger Lee
b4490de2ae [ALPS03946137] vibrator: fix selinux issue 
[Detail]
Add new path for P0

MTK-Commit-Id: ea1afedcb6f95a885827b002df7f6f2ea5328c77

Change-Id: Iea0ba7fcafaac70c8ec3980fc0a4753b7cbbbc91
CR-Id: ALPS03946137
Feature: [Module]Vibrator
 2020-01-18 09:56:52 +08:00
bo.shang
276c0764fc [ALPS03943443] Modem Log start USB logging fail 
Fix SELinux errors:
   1. Set vendor property
   2. Set USB property

[Solution] Add permission

MTK-Commit-Id: f9bea7ca32b8ca70e6f015d786753a43491810aa

Change-Id: I3e7cfc80eb34c3430a059b57afa1474ee49e75b1
CR-Id: ALPS03943443
Feature: Modem Log Tool
 2020-01-18 09:55:57 +08:00
Ji Zhang
3dd4f888c5 [ALPS03890586] add setgid for aee_core_forwarder 
[Detail]
Add setgid selinux rule for aee_core_forwarder to make it can add
group to avoid dac_override

MTK-Commit-Id: e25e5ae4c8f3b760c112efd8c8809d5e9790b967

Change-Id: I90a4af9b3fe86d7699f1fa3adbd9f402c4de88ac
CR-Id: ALPS03890586
Feature: Android Exception Engine(AEE)
 2020-01-18 09:55:08 +08:00
Bo Shang
2049228bfd [ALPS03938824] MTKLogger cant start modem log 
revert code

MTK-Commit-Id: bd9f5e9d378074d75b691d9a7d1d6db913e0f743

Change-Id: I13df8d2f18bb34d3f6aac4a024dd3ce84b963c7b
CR-Id: ALPS03938824
Feature: Modem Log Tool
 2020-01-18 09:53:42 +08:00
bo.shang
1228b041a5 [ALPS03938824] MTKLogger cant start modem log 
SElinux opened and selinux error caused many fail

[Solution] Add permission for setpropty

MTK-Commit-Id: d866e6798a30826ae8fc2f163541f7701481c0d0

Change-Id: I8f1513896afb4a751d1838200e03e41be8763d1d
CR-Id: ALPS03938824
Feature: Modem Log Tool
 2020-01-18 09:53:36 +08:00
bo.shang
06cc7d74f4 [ALPS03939119] MTKlogger start network log fail 
Root cause: SElinux error

[Solution] Add permission

MTK-Commit-Id: 70e0e5269742da491f639e9fdb620c0824b0d97f

Change-Id: I13dd8542b51d36789c6d83c7eebfb8cec8105782
CR-Id: ALPS03939119
Feature: Network Log Tool
 2020-01-18 09:53:33 +08:00
Guoyi Qu (曲国毅)
7c346aab63 Merge "[ALPS03921396] emdlogger SELinux error" into alps-trunk-p0.basic 
Change-Id: I5e5f12436d4d6984d8725ce1fdd82da6840581f4
MTK-Commit-Id: b35204130c2bdd173178550fcd11c7c476e4115a
 2020-01-18 09:53:12 +08:00
bo.shang
38ae679b9b [ALPS03921396] emdlogger SELinux error 
1. Fix emdlogger selinux avc error on P

[Solution] Modify SELinux file

MTK-Commit-Id: dc981c59fc3c45b273ae31cb14269ada31ae668e

Change-Id: Iaaf4198be65ad728b95497e2767e1b4c254b18d2
CR-Id: ALPS03921396
Feature: Modem Log Tool
 2020-01-18 09:53:08 +08:00
mtk11285
c058e72a5b [ALPS03841705] AEE porting on Android P about selinux 
[Detail] add some rules

MTK-Commit-Id: 350fa2869fe9390bcb7ca562af5230a2ad711640

Change-Id: Ib4966ae42233270eb7a65ab036903791767b5ec8
CR-Id: ALPS03841705
Feature: Android Exception Engine(AEE)
 2020-01-18 09:52:43 +08:00
Ji Zhang
e7cd43c12c [ALPS03890586] add rules for aee_aed 
[Detail]
Add selinux rules for aed in eng/userdebug:
capability dac_override/dac_read_search

MTK-Commit-Id: d3cb23b65eb02f7b4d57d818f0bfd617b96387ed

Change-Id: Ie4e7efe212913aa7cbfb12aa471b911fbabcdae0
CR-Id: ALPS03890586
Feature: Android Exception Engine(AEE)
 2020-01-18 09:50:50 +08:00
mtk11285
628e0eccb8 [ALPS03841705] AEE porting on Android P about selinux 
[Detail]
1. add some rules
2. temp solution for getting ro.*.mediatek.version.branch/ ro.*.mediatek.version.release property

MTK-Commit-Id: 12c4d79a10293c4611233c985c29dca94f6e24ae

Change-Id: Ice4d565664f95a456f985ed138f302fe7ac4dbff
CR-Id: ALPS03841705
Feature: Android Exception Engine(AEE)
 2020-01-18 09:50:43 +08:00
Dian Wang
39aae26920 Merge "[ALPS03909621] Move meta_tst" into alps-trunk-p0.basic 
Change-Id: I8bf77adeabb1e8c9cb670d08f2e9c7547e3545c7
MTK-Commit-Id: 2d248dc848d56e791912f2ca6c3d17650b1e558f
 2020-01-18 09:50:42 +08:00
Dian Wang
b84e8c94d9 [ALPS03909621] Move meta_tst 
[Detail] Move meta_tst from system to vendor

[Solution]
modify sepolicy/basic

MTK-Commit-Id: 4bac131e38e71904dfc6f69a0b1ec15f46a08881

Change-Id: I571edd67cf3f59c293aa2aa674292380b86fcf38
CR-Id: ALPS03909621
Feature: SP META Tool
 2020-01-18 09:50:34 +08:00
Bo Ye (叶波)
0bd12824eb Merge "[ALPS03825066] Remove unused sepolicy" into alps-trunk-p0.basic 
Change-Id: Ie14a2d381dd27dc74f2182a0cef352d8dbfb4988
MTK-Commit-Id: b2e957a3d1a8993787927440ba2007397dcc7ac4
 2020-01-18 09:50:20 +08:00
mtk12101
b086e609ac [ALPS03825066] Remove unused sepolicy 
[Detail] Because "ro.vendor.net.upload.benchmark.default"
is unlabeled property, so all use it will have name of
vendor_default_prop

[Solution] Need owner to relabel the property of
"ro.vendor.net.upload.benchmark.default"

MTK-Commit-Id: 3a772e2b252536c9bbe9829b75f3464c2df68248

Change-Id: I42f341bf01cea16a16a0e73d13e0c03b5c270dad
CR-Id: ALPS03825066
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 09:50:11 +08:00
Iris Chang
4ab7553919 Merge "[ALPS03800946] Remove data_between_core_and_vendor_violators" into alps-trunk-p0.basic 
Change-Id: I82c81a0dd1482265175253fd6bf2825d941c74cf
MTK-Commit-Id: 46e7678936d83a74b8b07ad14815905718119c25
 2020-01-18 09:49:41 +08:00
SW Integrator
700750af5e [ALPS03800946] Remove data_between_core_and_vendor_violators 
[Detail]
data_between_core_and_vendor_violators is used temporarily. We should
follow Android P SELinux rule to write sepolicy.

[Solution]
Remove data_between_core_and_vendor_violators from files which already
fix SELinux build errors

MTK-Commit-Id: 6a75842a96d8997bca10caf6ca4d5b4e7e8f68a4

Change-Id: I5e840fdf6b61d44860429a7e5c7e24c9a48a9c75
CR-Id: ALPS03800946
Feature: Treble
 2020-01-18 09:49:26 +08:00
Larry Liang
dc82c27ed1 Merge "[ALPS03841705] AEE porting on Android P about selinux" into alps-trunk-p0.basic 
Change-Id: I7b925410c8272b6cfa1311648f27ed858dec58a5
MTK-Commit-Id: 8250a3df471855f88e94a03603ca7aabe3839496
 2020-01-18 09:49:06 +08:00
mtk11285
a76cdd9cee [ALPS03841705] AEE porting on Android P about selinux 
[Detail]
1. add some rules
2. transfer aee_core_forwarder domain form kerenl to aee_core_forwarder

MTK-Commit-Id: 7ad2c5df75565153ccec471f0eb2224c912515cd

Change-Id: I9b576e3937d04b5848baeb156718d0469fa05a75
CR-Id: ALPS03841705
Feature: Android Exception Engine(AEE)
 2020-01-18 09:48:59 +08:00
mtk12101
9cbf8fb766 [ALPS03825066] Fix boot fail 
[Detail] System processes have no permission to access
vendor_default_prop

[Solution] Add get vendor_default_prop rule for system
processes

MTK-Commit-Id: ad4fb4d8ae4fb38767c16b82ce9d8351f5f59702

Change-Id: I31cf13db6b50a3cff193aa0a34bc1130e5b18942
CR-Id: ALPS03825066
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 09:48:37 +08:00
Chang-An Chen
ef0ff9c117 Merge "[ALPS03869354] refine vibrator sysfs label" into alps-trunk-p0.basic 
Change-Id: Icc4b82d34b13cbb295ed766531cc6fdca4bd9a5e
MTK-Commit-Id: e51dd72260ca4f70bf3eb17b31ff7f5c3290a44c
 2020-01-18 09:48:07 +08:00
Chang-An Chen
5e3fcfb472 [ALPS03869354] refine vibrator sysfs label 
[Detail]
Refine vibrator sysfs label, using aosp defined device
Moreover, move it to basic folder due to its basic used

MTK-Commit-Id: 41053b65c8c26973005988d1ad14208fff98fde6

Change-Id: I9ed6ece496ea1ffff9f777fb1f90c76638ad979f
CR-Id: ALPS03869354
Feature: [Android Default] Backlight
 2020-01-18 09:48:04 +08:00
mtk12101
78d7f51370 [ALPS03825066] Fix boot fail 
[Detail] System processes have no permission to access
vendor_default_prop

[Solution] Add get vendor_default_prop rule for system
processes

MTK-Commit-Id: 412119fb578fc32e9f046c09a13817cf3c755515

Change-Id: I791997e6bb44c61b69d32c6da0cc80c6f2a9759e
CR-Id: ALPS03825066
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 09:47:42 +08:00
Long Yang
c1564d4dd2 Merge "[ALPS03853366] Fix kisd sepolicy issue for android p[1/3]" into alps-trunk-p0.basic 
Change-Id: Id7b550f47c0afcf7a1b7625275f9b898ffeac428
MTK-Commit-Id: 8077b66089b85bef61e63e73d4d827112a17c415
 2020-01-18 09:46:03 +08:00
mtk14717
dd229ac506 [ALPS03853366] Fix kisd sepolicy issue for android p[1/3] 
[Detail]
Move kisd from system to vendor and add keymanage hidl
[Solution]
Modify related sepolicy in device/mediatek/sepolicy/basic

MTK-Commit-Id: c1826ac0bdcc18a4e6d3298e73514801a35a09ad

Change-Id: Iee4b65ba5addc5a21de53e76d3bb092e2f37ab01
CR-Id: ALPS03853366
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 09:45:51 +08:00
Peng Qi
bf77ac2d12 [ALPS03866092] BT HCI snoop log (2/2) 
[Detail]
1. Add selinux right for MTKLogger to able to connect Bluetooth
via socket
2. Add selinux right for Bluetooth to set debug property for
MTKLogger state check

MTK-Commit-Id: db60d64b8ed91dfee48588fb5a32f2bedc2ba604

Change-Id: I31c5abb153c2bcd44a2dafca0f1f669e7310c3fe
CR-Id: ALPS03866092
Feature: BT AOSP
 2020-01-18 09:45:40 +08:00
Larry Liang
2e97184a4b Merge "[ALPS03841705] modify aee_core_forwarder selinux rule" into alps-trunk-p0.basic 
Change-Id: I4bad1d381c0ec3b1e76f1bc7a5ae7ae68ad8add9
MTK-Commit-Id: b01515bb610c7a0c60117c97d4f98b5c9f882071
 2020-01-18 09:40:46 +08:00
mtk11285
07c11d89ba [ALPS03841705] modify aee_core_forwarder selinux rule 
[Detail]
transfer aee_core_forwarder form /vendor/bin to /system/bin,
so modify aee_core_forwarder selinux rule.

[Solution]

MTK-Commit-Id: 5a583b375a0d33032e8004e1818f05c75363e4f5

Change-Id: I9ff1d0b5d521ce2f09780146f6b75c5378d03d4d
CR-Id: ALPS03841705
Feature: Android Exception Engine(AEE)
 2020-01-18 09:40:34 +08:00
Denis Hsu
977ad3f552 [ALPS03891225] Modify vold related policy 
[Detail]
1. remove md_ctrl.te because we dont use md_ctrl in P.
2. remove debugfs_tracing policy
3. remove nvdata, protect_f, protect_s policy

MTK-Commit-Id: d4e5c9893970f0b214b518cba5f9300f130eace9

Change-Id: Iaafc30124fd69ef2b989b9e4e51d71a37d9571e9
CR-Id: ALPS03891225
Feature: Multi-Storage
 2020-01-18 09:40:17 +08:00
Timo Liao
197ea4ad2a [ALPS03890927] battery: fix sepolicy violation 
[Detail]
1. fix data between core and vendor violator
2. remove fuelgauged_static.te
3. remove fg daemon access nvram sepolicy
4. add label for battery

MTK-Commit-Id: 1443b78b112739594e0633526c6966e4871bd125

Change-Id: I931a18bfb8ac963e71311ceace8a28b4a495e881
Signed-off-by: Timo Liao <timo.liao@mediatek.com>
CR-Id: ALPS03890927
Feature: Fuel Gauge
 2020-01-18 09:39:17 +08:00
mtk12101
c7ac9f171a [ALPS03825066] Resolve build error 
[Detail]
1.Google add new neverallow rule for untrusted apps
2.The file/dir in /proc must associate with proc_type

[Solution]
1.Remove rules which violate google neverallow rules
about untrusted apps
2.Add proc_type attribute for file/dir on /proc

MTK-Commit-Id: b94412725e3a7b18db9573056c2fb43367989ed5

Change-Id: I89de16a65f05d052969c794604b9c372ed1ce7e1
CR-Id: ALPS03825066
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 09:38:47 +08:00
mtk33297
1cbaa678fe [ALPS02333452] Android p selinux change 
[Detail]
Android has defined neverallow rules
to restrict direct access to system files.
We need to have a custom label for each policy.

[Solution]
Define custom label for drmserver

MTK-Commit-Id: c84c43b87a6ac2651a0562b8818bc66516e4a50b

Change-Id: Ide4fc49628508aee77e67f3213749210430153a3
CR-Id: ALPS02333452
Feature: OMA DRM V1.0
 2020-01-18 09:38:07 +08:00
Yuxian Xu
af8b6473d2 [ALPS03886572] Mobile Log selinux rule porting 
[Detail]
Mobile Log selinux rule porting:
1. fix the violation on P
2. relable some kernel interfaces.

MTK-Commit-Id: 4108ed13f3e7693c3642b6f073c5444f133b3c38

Change-Id: I1fac185779510f10b9b94bdf6ec40573237d846a
CR-Id: ALPS03886572
Feature: Mobile Log Tool
 2020-01-18 09:37:45 +08:00
Larry Liang
a94ac3e353 Merge "[ALPS03841705] AEE porting on Android P" into alps-trunk-p0.basic 
Change-Id: Ie88c8fb29e6e51f122cb41103b6807dc9486b8a5
MTK-Commit-Id: 17ddd9047c584201262777a2b7209980d600ab49
 2020-01-18 09:35:50 +08:00
mtk11285
457f1855f1 [ALPS03841705] AEE porting on Android P 
[Detail]
1. modify property according to P rule
2. add some selinux rules
3. relable /proc/slabinfo /proc/zraminfo

MTK-Commit-Id: aa654138c8b48d223b614c81d2f39d7cd6eedd1f

Change-Id: Ib47383553b0d320d3766780f35c397be60dc1339
CR-Id: ALPS03841705
Feature: Android Exception Engine(AEE)
 2020-01-18 09:35:48 +08:00
bo.shang
933f54b148 [ALPS03879689] mdlogger SELinux error 
[Solution] Fix boot mode selinux error

MTK-Commit-Id: 561f4064456c585ee83e66fc863065d77f256ff8

Change-Id: Id272b61b7e2fc462726770ccde9bd31c1725ce9e
CR-Id: ALPS03879689
Feature: C2K Modem Log Tool
 2020-01-18 09:34:33 +08:00
yuhui.zhang
5aa62a3b04 [ALPS03860173] Modify em_svr SEPolicy 
[Detail]
Modify em_svr SEPolicy to support Android P

MTK-Commit-Id: bb10076f302a7f07d7fabb0b281a01ff3694efb6

Change-Id: Ic56cf6be0f82d0c146cdeebbc85ed00958577aff
CR-Id: ALPS03860173
Feature: Engineering Mode
 2020-01-18 09:30:40 +08:00
Bo Ye
3ace839be3 [ALPS03825066] Mark file context to fix build fails 
Restore the policies accessing files labeled
    as proc_xxx or sysfs_xxx, but there are some
    exceptions for coredomain process, such as
    meta_tst,dump_state,kpoc_charger

MTK-Commit-Id: 7953b5203bb3cac099c3326d330643b4cd73746d

Change-Id: I4b16c09c352891783e837bea370c264966ca6d13
CR-Id: ALPS03825066
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 09:29:41 +08:00
Bo Ye
4dc7f49e69 [ALPS03825066] Mark file context to fix build fails 
Should add vendor_file_type for vendor files, and
    add core_data_file_type for system files. Vendor files
    and system files are differented by file path.

MTK-Commit-Id: 602eb35b36c658789e093e2730b16b9b5c892c0f

Change-Id: Ibacc08427f332741f12757c66ecbb8ce91b76416
CR-Id: ALPS03825066
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 09:29:36 +08:00
Bo Ye
5849c224e3 [ALPS03825066] P migration selinux build failed fix 
1. Mark polices which accessing proc/sysfs file system
    2. Add violator attribute to modules violate vendor/system rule.

MTK-Commit-Id: 3954cad7a1428cda694d8428c2235a78aa6e7cc8

Change-Id: I401ae5b87eb9a03f324bef83c6678149606b15a8
CR-Id: ALPS03825066
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 09:29:36 +08:00
mtk12101
bbecfaa68b [ALPS03825066] Resolve vendor violates 
[Detail] Google add new neverallows rules on android P,
some rule violate the rules

[Solution] Remove the rules which violate google new rules

MTK-Commit-Id: ff683b4eee0a6dd95ff25fbb6c7d1fc3a79c604d

Change-Id: Iead494212c6adcec234eaef14c83d1f8c7a49deb
CR-Id: ALPS03825066
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 09:29:34 +08:00
Chunyan Zhang
37e0caa36e import from mediatek/master to mediatek/alps-mp-o1.mp1 
Change-Id: Ic78db8195c5c51f85c9c6fd3ef8333489afd6e79
MTK-Commit-Id: 848bf57127be9d01fd1df4aab95737855456afee
 2020-01-18 09:29:32 +08:00