1957ab0ba8
DSBP property is set by multiple mediatek devices to declare support
for the same. It is already labeled in property_contexts but seems to
missing permission for vendor_init to actually set it.
Denial observed without this change:
[ 4.713173] .(7)[1:init]selinux: avc: denied { set } for property=persist.vendor.radio.mtk_dsbp_support pid=1 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:mtk_dsbp_support_prop:s0 tclass=property_service permissive=1\x0a
Test: Boot and observe that propery is set without any denial
Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
Change-Id: I0cc0c2cadbf9edb3fb205b9e52074f852fe08658
91 lines
3.2 KiB
Plaintext
91 lines
3.2 KiB
Plaintext
allow vendor_init exported3_system_prop:property_service set;
|
|
allow vendor_init dalvik_prop:property_service set;
|
|
|
|
allow vendor_init ffs_prop:property_service set;
|
|
allow vendor_init mediatek_prop:property_service set;
|
|
allow vendor_init mtk_md_version_prop:property_service set;
|
|
allow vendor_init mtk_volte_prop:property_service set;
|
|
allow vendor_init vendor_radio_prop:property_service set;
|
|
allow vendor_init mtk_ril_mode_prop:property_service set;
|
|
allow vendor_init wmt_prop:property_service set;
|
|
allow vendor_init coredump_prop:property_service set;
|
|
allow vendor_init proc_wmtdbg:file w_file_perms;
|
|
allow vendor_init vold_prop:property_service set;
|
|
|
|
allow vendor_init proc:file write;
|
|
allow vendor_init proc_cpufreq:file w_file_perms;
|
|
allow vendor_init proc_bootprof:file write;
|
|
allow vendor_init rootfs:dir { write add_name setattr };
|
|
allow vendor_init self:capability sys_module;
|
|
|
|
allow vendor_init tmpfs:dir { write create add_name };
|
|
allow vendor_init unlabeled:dir { relabelfrom getattr setattr search };
|
|
allow vendor_init vendor_file:system module_load;
|
|
|
|
allow vendor_init kmsg_device:chr_file unlink;
|
|
set_prop(vendor_init, persist_mtk_aee_prop)
|
|
set_prop(vendor_init, ro_mtk_aee_prop)
|
|
set_prop(vendor_init, vendor_usb_prop)
|
|
set_prop(vendor_init, mtk_ct_volte_prop)
|
|
set_prop(vendor_init, mtk_gps_support_prop)
|
|
set_prop(vendor_init, mtk_rat_config_prop)
|
|
set_prop(vendor_init, tel_switch_prop)
|
|
set_prop(vendor_init, mtk_aal_ro_prop)
|
|
set_prop(vendor_init, mtk_pq_ro_prop)
|
|
set_prop(vendor_init, mtk_default_prop)
|
|
set_prop(vendor_init, mtk_nn_option_prop)
|
|
|
|
set_prop(vendor_init, mtk_emmc_support_prop)
|
|
set_prop(vendor_init, mtk_anr_support_prop)
|
|
set_prop(vendor_init, mtk_antutu_prop)
|
|
set_prop(vendor_init, mtk_bt_sap_enable_prop)
|
|
set_prop(vendor_init, coredump_prop)
|
|
|
|
# allow create symbolic link, /mnt/sdcard, for meta/factory mode
|
|
allow vendor_init tmpfs:lnk_file create;
|
|
|
|
set_prop(vendor_init, mtk_cxp_vendor_prop)
|
|
|
|
# Run "ifup lo" to bring up the localhost interface
|
|
allow vendor_init proc_hostname:file w_file_perms;
|
|
allow vendor_init self:udp_socket { create ioctl };
|
|
# in addition to unpriv ioctls granted to all domains, init also needs:
|
|
allowxperm vendor_init self:udp_socket ioctl { SIOCSIFFLAGS };
|
|
allow vendor_init self:global_capability_class_set net_raw;
|
|
|
|
# enhance boot time
|
|
allow vendor_init proc_perfmgr:file write;
|
|
|
|
# allow create symbolic link, /mnt/sdcard, for meta/factory mode
|
|
allow vendor_init tmpfs:lnk_file create;
|
|
|
|
set_prop(vendor_init, mtk_appresolutiontuner_prop)
|
|
|
|
# fullscreen switch
|
|
set_prop(vendor_init, mtk_fullscreenswitch_prop)
|
|
|
|
# for kernel module verification support, allow vendor domain to search kernel keyring
|
|
allow vendor_init kernel:key search;
|
|
|
|
# Purpose: /dev/block/mmcblk0p10
|
|
allow vendor_init expdb_block_device:blk_file rw_file_perms;
|
|
|
|
set_prop(vendor_init, mtk_wifi_hotspot_prop)
|
|
|
|
set_prop(vendor_init, persist_aeev_prop)
|
|
|
|
set_prop(vendor_init, mtk_powerhal_prop)
|
|
|
|
# mmstat tracer
|
|
allow vendor_init debugfs_tracing_instances:dir create_dir_perms;
|
|
allow vendor_init debugfs_tracing_instances:file w_file_perms;
|
|
|
|
# Wifi version recorder
|
|
set_prop(vendor_init, vendor_wifi_version)
|
|
|
|
# MTK camera property
|
|
set_prop(vendor_init, mtk_camera_prop)
|
|
|
|
# MTK DSBP property
|
|
set_prop(vendor_init, mtk_dsbp_support_prop)
|