NekoSakura/android_device_mediatek_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,070 Commits 2 Branches 0 Tags
Commit Graph

1070 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Freddy Hsin
dfac4fce0a [ALPS04658973] ota update: add recovery.te for basic project 
add recovery.te to grant the permission under
recovery of basic function

MTK-Commit-Id: 5484785e1a1d5a45616e8b75b7bf42274314b042

Change-Id: I8bdfb2bc847154fb5b1c3ce4515541047c6df3b4
CR-Id: ALPS04658973
Feature: [Android Default] SIU (SD Image Update)
 2020-01-18 10:15:30 +08:00
Shanshan Guo
62cf1a413a [ALPS04639771] SEPolicy: Modify workaround 
[Detail]
There is a workaround for bring-up,
now it needs to be modified.

[Solution]
1.Split workaround to sepcial *.te
2.Modify ged sepolicy
3.Modify mistake
4.Add sepolicy

MTK-Commit-Id: 5a2b7e3fdc826a7ca6bc70a3810f14c1661e7d79

Change-Id: I0894de45e014a5eae754e35b57fbc9b21bc4bf90
CR-Id: ALPS04639771
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 10:15:29 +08:00
Zhongchao Xia
f513291cad Merge "[ALPS04654012] SurfaceFlinger: update proc_ged sepolicy" into alps-trunk-q0.basic 
Change-Id: I682fe7121c21b1ab20a9062e254d2f14b09602b8
MTK-Commit-Id: f93f7492c759635796a507ef89feb4d7e192446a
 2020-01-18 10:15:26 +08:00
Kaiduan.Cao
a7a2701b66 [ALPS04654012] SurfaceFlinger: update proc_ged sepolicy 
Update the sepolicy for surfaceflinger proc_ged ioctl.

MTK-Commit-Id: 61dc5b4a1d4886d3a53879e4db927ec7f115b3b5

Change-Id: I1479e29fa864c44e8ed3850a650511ca4ba52602
CR-Id: ALPS04654012
Feature: [Module]SurfaceFlinger/HWComposer
 2020-01-18 10:15:23 +08:00
Yongmao Xie
6d785caf19 Merge "[ALPS04660543] MDM HIDL change feature" into alps-trunk-q0.basic 
Change-Id: I847f1900c968e9eefd45ae1a638b3a3d1e3a7f63
MTK-Commit-Id: 1d9837ff0d879163eb98109e274db29a016c716f
 2020-01-18 10:15:22 +08:00
Zhengyu Zhan
bd57f96afe [ALPS04660543] MDM HIDL change feature 
[Detail]
md_monitor will build to vendor image, now it will use HIDL to connect
with JAVA user.

device.mk, SELinux policy about md_monitor need change from system to
vendor, and add relate contents for HILD service.

MDML change:
PlainDataDecoder now need use new constructor with a context, old
constructor will throw an Exception.

For single modem bin:
layout and filter bin file will move from /data/md_mon to
/data/vendor/md_mon. JAVA user shall get layout file via HIDL, then
save a temp file in its cache folder.

For non-single modem bin:
layout file move from /system/etc/mddb/ to /vendor/etc/mddb/, filter bin
file move from /system/etc/firmware/ to /vendor/etc/firmware/. And
system process can access /vendor/etc/. So dont need other change.

MTK-Commit-Id: be91b65d9497e3190ea1127bc71ed2abcb32ed98

Change-Id: I5c99f81c4be7a9f41d3b955156ab3e50ec655d97
CR-Id: ALPS04660543
Feature: Modem Monitor(MDM) Framework
 2020-01-18 10:15:17 +08:00
Ethan Lau (劉榮茂)
7bbd9db661 Merge "[ALPS04653648] Factory Mode: fix SElinux policy" into alps-trunk-q0.basic 
Change-Id: Ie269effa84c31f1fa4b0e71eca17985d31391a8b
MTK-Commit-Id: 8a2011d115b294b0487d42e668ed3da9c074981d
 2020-01-18 10:15:16 +08:00
Jenny Hsu
9018986a9a [ALPS04653648] Factory Mode: fix SElinux policy 
[Detail] Add whitelist for SELinux avc denied problem

MTK-Commit-Id: 77c1c8b73aa059657ab355206e5bc73410db6534

Change-Id: I1e8911b3ccd94a0d59ab6f22dd7948d4fcb89abf
CR-Id: ALPS04653648
Feature: Factory Mode
 2020-01-18 10:15:12 +08:00
Guoyi Qu
6424d6bcfc Merge "[ALPS04532537] Copy vendor modem db and filter" into alps-trunk-q0.basic 
Change-Id: I492632bcd58169f121208cba92f9d49bae55bdac
MTK-Commit-Id: 88e9281d903d0132cdf089c4541b6effce5f3e05
 2020-01-18 10:15:10 +08:00
bo.shang
5068833fef [ALPS04532537] Copy vendor modem db and filter 
New feature:

Add selinux of HIDL service and client.

Use HIDL copy modem db and filter from vendor image

to data partition for modem log tool.

MTK-Commit-Id: 7fadaf0f2a60d05d7464264ef9e23a75ca27bb66

Change-Id: I12cc8614537f30e90a1717f9838c52283342eb55
CR-Id: ALPS04532537
Feature: Modem Log Tool
 2020-01-18 10:15:08 +08:00
Ethan Lau (劉榮茂)
51644f6ec8 Merge "[ALPS04653648] Factory Mode: fix SElinux policy" into alps-trunk-q0.basic 
Change-Id: I957bd048bf6649c4484b2012f64f4a9a10290c19
MTK-Commit-Id: feac521370436d73d3fd9443694aa1ac42ff94be
 2020-01-18 10:15:06 +08:00
Jenny Hsu
5985a06909 [ALPS04653648] Factory Mode: fix SElinux policy 
[Detail] Add whitelist for SELinux avc denied problem

MTK-Commit-Id: 69c17be2893ecc73c0b486728899d56c11587a08

Change-Id: I2fbf51c12e68b134d6ee7a95421dba0706894147
CR-Id: ALPS04653648
Feature: Factory Mode
 2020-01-18 10:15:04 +08:00
Wilson Fan
5d35b26aba [ALPS04641674] Flashlight: add flashlight sepolicy in basic 
[Detail]
Add flashlight device sepolicy in basic

MTK-Commit-Id: ad0aff2ace102a539e4c43b1b0d72257596ab45d

Change-Id: I5676a830af246c3856bd8ed26d5e79973abc33d1
CR-Id: ALPS04641674
Feature: [Android Default] Flashlight
 2020-01-18 10:15:00 +08:00
Denis Hsu
346ca0c012 [ALPS04631260] skip selinux violation log for fstrim vendor folder 
vold cannot do fstrim on vendor folders (ex: nvdata, protect_f)
because of never allow rule.
Thus, skip selinux violation log for fstrim vendor folder.

MTK-Commit-Id: cf15f3ec6ae93e65c1f13b22f044e766a63eaece

Change-Id: I9c26ee000b8554df7abb03141ecf73a78d727f87
CR-Id: ALPS04631260
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 10:15:00 +08:00
Jianping Jiang
2a609d6b82 [ALPS04641743] GPS: factory execute mnld fail 
Move mnld execute permission for factory from bsp to basic.

MTK-Commit-Id: 5f8449ec00c670d7b0901b9b4c167ee502cab88d

Change-Id: Ifdb13b700f63572b9df2ff0bb64315a42375df71
CR-Id: ALPS04641743
Feature: Factory Mode
 2020-01-18 10:14:59 +08:00
Shanshan Guo
2bd9ab2104 [ALPS04654001] SEPolicy: add ioctlcmd for app 
[Detail]
For Andorid Q, there is a more stringent restriction
for ioctl, app need to access pipe by ioctlcmd=0x5402.
avc: denied { ioctl } for comm="kd" path="pipe:[7173861]"
dev="pipefs" ino=7173861 ioctlcmd=0x5402
scontext=u:r:untrusted_app_25:s0:c512,c768
tcontext=u:r:untrusted_app_25:s0:c512,c768
tclass=fifo_file permissive=0 app=com.tencent.qqpimsecure

[Solution]
Add sepolicy for app to access pipe by ioctlcmd=0x5402

MTK-Commit-Id: d38b9f7f97aab7b23d80d0f3aac8e25a790c8c91

Change-Id: I5ac20bf2dffa0c297b32aaebd75db9e04c35cc79
CR-Id: ALPS04654001
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 10:14:59 +08:00
Shanshan Guo
38ae1361bf [ALPS04653992] SEPolicy: mmap permission for app 
[Detail]
In kernel 4.14, selinux security need to check if the process has the
map permission of mmap inode. App need the map permission to
read radio_data_file.

[Solution]
Add map permission for app to read radio_data_file.

MTK-Commit-Id: 698e603818ff37a59212a37a41ecbec8e8e30233

Change-Id: I8982ddbff40cfd7280c0a3dc5e8d2f6b6394e747
CR-Id: ALPS04653992
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 10:14:58 +08:00
lokesh
96c9971cfd [ALPS04654005] Selinux error bootanimation 
Allow SELinux permissions for all GED proc

MTK-Commit-Id: d371e1d19a81c711fa97dc73c51709c8f9eee142

Change-Id: I64155523baef9b75b8947626de7e4d5bd6b47795
CR-Id: ALPS04654005
Feature:[Module]Settings
 2020-01-18 10:14:58 +08:00
mtk81325
0605921b96 [ALPS04304578] [V3]UDC: SElinux permission grant 
Feature - Userdata Checkpoint

We will format the metadata partition(md_udc) in first boot-up,
because it is a RAW data part, so giving the permission grant
to e2fs.

MTK-Commit-Id: de837a8e097cad8067f5d653370545b51f8d457e

Change-Id: Iaebc665979ab36422b6df846a2f05450c222d1f5
CR-Id: ALPS04304578
Feature: [Android Default] F2FS File System
 2020-01-18 10:14:58 +08:00
Hua Tian (田华)
2053ec451b Merge "[ALPS04649268] Save mobile log in data partition in meta mode" into alps-trunk-q0.basic 
Change-Id: I5efc68f3ae699362104c5db0659b91fe65f37ce7
MTK-Commit-Id: 3294cc8af25cc2e6b4358acd0d6b2a589574b403
 2020-01-18 10:14:57 +08:00
hua.tian
270eab4eb8 [ALPS04649268] Save mobile log in data partition in meta mode 
Add SELINUX policy for mobile_log_d to save log in /data/debuglogger
and for getting log from adb.

MTK-Commit-Id: 8775f10bd89be7ac112cbc56daf422814f0f385f

Change-Id: I39e5e1d0ccb2381ef302c187ff83a9e9cb0fa959
CR-Id: ALPS04649268
Feature: Mobile Log Tool
 2020-01-18 10:14:56 +08:00
Cheng-Wei Lee
dc1d2e3aba Merge "[ALPS04331556] Gralloc: Enable mapper 2.1 implement" into alps-trunk-q0.basic 
Change-Id: If74e6a095cfb8b853358e446df7b6b5cbbda2b63
MTK-Commit-Id: 4add8c8425fe25734ce37b2a26860296f241247e
 2020-01-18 10:14:54 +08:00
WEi Lee
0afde209c0 [ALPS04331556] Gralloc: Enable mapper 2.1 implement 
[Detail]
Enable mapper 2.1 impl. on file contexts

MTK-Commit-Id: f70b1b9b0eb38ce6ec9a93f7667afb4c9e3bdd74

Change-Id: If5c793d8d7e0cbc3a94afa27274b828531e97c61
CR-Id: ALPS04331556
Feature: OpenGL|ES
 2020-01-18 10:14:49 +08:00
Facer Pei
aeefff0ff1 Merge "[ALPS04331131] Wlan: wlan_assistant selinux" into alps-trunk-q0.basic 
Change-Id: I8c0759fbaadc5a70e54a45d2696289bdfdc5a4b0
MTK-Commit-Id: 59fe152577a10dfb8887f36af0f010142e28b319
 2020-01-18 10:14:48 +08:00
chun-yi lin
8700268780 [ALPS04331131] Wlan: wlan_assistant selinux 
For Meta mode, we use the property to notify meta tool that NVRAM
has read. Set the selinux rule for this property.

MTK-Commit-Id: 0cafb33d13392e6a676930814e3df3ba27fb146b

Change-Id: I62ca6e004861720eb43b90ace6f5fff85da49298
Signed-off-by: Facer Pei <facer.pei@mediatek.com>
CR-Id: ALPS04331131
Feature: [Module]Wi-Fi Driver
(cherry picked from commit bf9cdf5f2598cecdc0b5f4fd1b1016b9fd77dfd6)
(cherry picked from commit a846ce17a1eedc26d31b6c82b2583f58cd8e53f5)
(cherry picked from commit 8f6643f055c69d5b45e17048ce9a76311d6fdd92)
 2020-01-18 10:14:46 +08:00
Qiuyue Zhong (钟秋月)
4f69960fd1 Merge "[ALPS04608727] improve sepolicy for d2 plus" into alps-trunk-q0.basic 
Change-Id: I76dc84c36793e15c855cf55ddd6d4711b1092b2b
MTK-Commit-Id: f42e007c213c1681904d72026af41a20d5e09d1d
 2020-01-18 10:14:45 +08:00
kai.zhao
c882363e4d [ALPS04608727] improve sepolicy for d2 plus 
[Detail] improve sepolicy for d2 plus

MTK-Commit-Id: 2340a49104f5457dbd4c02fdd0027d3a6487e203

Change-Id: Idf1d27da771e438b9e8a12ab54591775cdeefeb3
CR-Id: ALPS04608727
Feature: OpenGL|ES
 2020-01-18 10:14:41 +08:00
YC Shen
f9c68f4cad Merge "[ALPS04292313] Add sepolicy for MTK Wi-Fi lazy hal" into alps-trunk-q0.basic 
Change-Id: I8a72afdeff48a6372df0391c63fc6d03671ba8d9
MTK-Commit-Id: 6de0c92ba0fcd139dfe7065d067a2ba002f13c27
 2020-01-18 10:14:40 +08:00
TF Huang
bdf828cf29 [ALPS04292313] Add sepolicy for MTK Wi-Fi lazy hal 
Add sepolicy for new added Wi-Fi lazy hal

MTK-Commit-Id: 16ae21d83bc037845e2c6f5c17af86940998a90e

Change-Id: I7863c666aeb9ea782f8007b81124eb00cff430d0
CR-Id: ALPS04292313
Feature: [Module]Wi-Fi HAL
 2020-01-18 10:14:31 +08:00
Marx Chiu (邱弘志)
dde8ac8308 Merge "[ALPS04643911] Fix cameraserver permission GED_IO" into alps-trunk-q0.basic 
Change-Id: I9d3ccd9bb7dcd303ad54bcff4ed0fa0c211f4872
MTK-Commit-Id: 0a9d484fce7aee55b05e8fda923f2210e2b82b79
 2020-01-18 10:14:30 +08:00
Lovefool Tai
5deaf73ab0 [ALPS04643911] Fix cameraserver permission GED_IO 
[Detail]
To solve the kernel dump message when switch to stereo mode.
Enable the capability of mtk_hal_camera about GED_IO.

MTK-Commit-Id: 88e25a18c125c57a1bbf5c40102ef604f556be95

Change-Id: Ia5a462a2264e2b2ed68090c5ce2e24d5f21d9423
CR-Id: ALPS04643911
Feature: [Android Default] Camera Application Basic Functions
 2020-01-18 10:14:29 +08:00
Yogesh Tundele
470060d569 Merge "[ALPS04640555] Recovery: Add SELinux Permission" into alps-trunk-q0.basic 
Change-Id: Ie4ae365d24b95d6a45d9475d63dcdad5b941d71e
MTK-Commit-Id: fa1f39c95d5896492a4bf529f6f461d3b7bec096
 2020-01-18 10:14:27 +08:00
Yogesh Tundele
69a1acead8 [ALPS04640555] Recovery: Add SELinux Permission 
[Detail]
Uncrypt service need permission to write Setup bcb thus adding permission
[Solution]
uncrypt.te required for SELinux permission so added project wise.

MTK-Commit-Id: 449e4268822584641f10ce798271d33344d7fa5c

Change-Id: I8c2109029e4d5b58a1ca7aa8bc62954e1d939606
CR-Id: ALPS04640555
Feature: [Module]Settings
Signed-off-by: Yogesh Tundele <yogesh.tundele@mediatek.com>
 2020-01-18 10:14:26 +08:00
Shanshan Guo
c50b176f22 Merge "[ALPS04475279] Revert Sepolicy:move type sysfs_mmcblk" into alps-trunk-q0.basic 
Change-Id: Ib3f39b3e808c27ebc9e42a8fadaa708205d0db33
MTK-Commit-Id: ca7e92c24ecd2b6b5998af00ac090cc9bb00f45d
 2020-01-18 10:14:25 +08:00
Shanshan Guo
6b7634890e [ALPS04475279] Revert Sepolicy:move type sysfs_mmcblk 
Revert "[ALPS04475279] Sepolicy:move type sysfs_mmcblk"

MTK-Commit-Id: 29c0cafecc272113f799b08271f1ad71fd5abb30

Change-Id: I7b9988640f621e1dfb7129d9bf21ca446e447d04
CR-Id: ALPS04475279
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 10:14:23 +08:00
Marx Chiu (邱弘志)
e73950065c Merge "[ALPS04566986] Fix cameraserver permission" into alps-trunk-q0.basic 
Change-Id: I524976ce8b9c63d1e2a62ae3ce8c475053d41d79
MTK-Commit-Id: b0fbfb81e7ee33becde7236dcd4887e472ce70c2
 2020-01-18 10:14:21 +08:00
Cheng Li
be2c30ed8e [ALPS04566986] Fix cameraserver permission 
[Detail]
allow permission of ioctl for cameraserver

[Solution]

MTK-Commit-Id: 01b85f4aed18628c9053fde9f4a2fd96509d49ec

Change-Id: Icddcd0e5eb51583d65aca6763d4b2f31683ffd7f
CR-Id: ALPS04566986
Feature: [Android Default] Camera Application Basic Functions
 2020-01-18 10:14:19 +08:00
Vincent Sung
d82b26fb4d Merge "[ALPS04578241] GPU: Enable selinux of apphint shared lib" into alps-trunk-q0.basic 
Change-Id: Ic766960e09bf93730eae6018a4e9fc71cef80bc1
MTK-Commit-Id: ce7fe4da2e609a39c1f6b36b436ca9a439629d84
 2020-01-18 10:14:18 +08:00
Eric Chung
96acf6341d [ALPS04578241] GPU: Enable selinux of apphint shared lib 
[Detail]
Enable selinux for dlopen new GPU shared lib in GPU driver

MTK-Commit-Id: 2085a1ed91111ea79d8a99d8aa8707deb9fdf4d3

Change-Id: Ia7b3b633da12027328fe978adf652fedd18ccb3b
CR-Id: ALPS04578241
Feature: OpenGL|ES
 2020-01-18 10:14:13 +08:00
Jianping Jiang
11f88203b8 [ALPS04255502] lbs_dbg: move lbs_dbg sepolicy to system 
Move lbs_dbg sepolicy to system for System/vendor Layer decouple

MTK-Commit-Id: a4638ef15ca2020d8f7eba6ab2d053d7716d0ad4

Change-Id: I4ecfb1276b47ec75bab4c72ff04ebeb035d757b3
CR-Id: ALPS04255502
Feature: Location Aiding
 2020-01-18 10:14:12 +08:00
Coboy Chen
e4381125dc Merge "[ALPS04327011] sepolicy: add ioctl defines" into alps-trunk-q0.basic 
Change-Id: I9356ac43defb39a173f59d56cca537ebd0746b58
MTK-Commit-Id: faf136f811e8fc992beb60254bc5c34ab423a2cd
 2020-01-18 10:14:11 +08:00
Coboy Chen
045348b627 [ALPS04327011] sepolicy: add ioctl defines 
Add ioctl defines of MMC and UFS for storageproxyd.

MTK-Commit-Id: b274b0af303546e3dedb47510ca2f43460ee3f33

Change-Id: I9af1c8904c44d1d773c1f7248ac945fe8a991888
Signed-off-by: Coboy Chen <coboy.chen@mediatek.com>
CR-Id: ALPS04327011
Feature: GenieZone
 2020-01-18 10:14:10 +08:00
Shanshan Guo
57056d7216 Merge "[ALPS04475279] Sepolicy:move type sysfs_mmcblk" into alps-trunk-q0.basic 
Change-Id: Ic0e05fe2193f56681534c162c5bda2099f642b43
MTK-Commit-Id: 7163ce9a190023ad740e736f212512815b23f8c3
 2020-01-18 10:14:09 +08:00
Shanshan Guo
54b1880fd1 [ALPS04475279] Sepolicy:move type sysfs_mmcblk 
[Detail]
sysfs_mmcblk is used by vendor & system process,
its type need to be moved to plat_public.

[Solution]
move type sysfs_mmcblk form non_plat to plat_public.

MTK-Commit-Id: 9221eb0ec44290e461e5602f7bfaf08b72994b4d

Change-Id: Ibe9a39e70e2071bfa9c88518fd34e232fc4844d6
CR-Id: ALPS04475279
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
 2020-01-18 10:14:07 +08:00
Seiya Wang
cfa7fc2798 Merge "[ALPS04361666] hal_bootctl_default: add permission" into alps-trunk-q0.basic 
Change-Id: Ib1679b854be96342c041b267d961bff687fdf058
MTK-Commit-Id: 43f805c7e7377791900f451efb0e1683d1ef8f80
 2020-01-18 10:14:06 +08:00
ryan-c.hsu
5bb4c4434f [ALPS04361666] hal_bootctl_default: add permission 
[Detail]
add permission to get boot_type

MTK-Commit-Id: fc9f66eee3c02575c4ef55812136ceee31dcf080

Change-Id: Ia783a03546f7c63d0190fb59a0bd815217b0af38
CR-Id: ALPS04361666
Feature: A/B System Updates
(cherry picked from commit 0feea4c29acf9f596373c0c1dc2e3afb11cdd2b7)
 2020-01-18 10:14:01 +08:00
Seiya Wang
ad89badb13 Merge "[ALPS04361666] add sys_rawio permission for user load" into alps-trunk-q0.basic 
Change-Id: I8f7a2001e3732748a922efb3d7cbc734f2dff7f4
MTK-Commit-Id: 521e2266317875a87e18db61209a5919d286dc58
 2020-01-18 10:14:00 +08:00
ryan-c.hsu
0235a29737 [ALPS04361666] add sys_rawio permission for user load 
[Detail]
user load is also need this permission to update boot slot

MTK-Commit-Id: 1d36ab48bb02c462f86732182cd15c2803efc524

Change-Id: If3ea6ef5e89c6beed827752b4ee777004b386647
CR-Id: ALPS04361666
Feature: A/B System Updates
(cherry picked from commit 91b20c70ead67f39b68a61648ed41c417d39adf2)
 2020-01-18 10:13:58 +08:00
Neng Kou
ba7500624e Merge "[ALPS04533784] Move sepolicy of cam cooler to bsp" into alps-trunk-q0.basic 
Change-Id: I77e3a7ad16f7160bdaae2376ccf67f7262f7d043
MTK-Commit-Id: 99c86f6f19543e4edfb81f3e7b1e73fec1a32b07
 2020-01-18 10:13:57 +08:00
Ian-Y Chen
817a9684d5 [ALPS04328846] power: add wifi permission 
[Detail]
Add wifi permission for PowerHAL

MTK-Commit-Id: 5b5ccb13e75e84bc72212f45996be381cd905136

Change-Id: I5f7672e8fdfd99f5c1c11cf448a7477b3a3d4b31
CR-Id: ALPS04328846
Feature: [Module]PowerHAL
 2020-01-18 10:13:57 +08:00