NekoSakura/android_device_mediatek_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
android_device_mediatek_sep.../plat_private/audioserver.te
Nancy Huang 9e238bfba9 [ALPS04760196] audioserver: fix high risk sepolicy 
[Detail]
1. Remove system_data_file access rule
2. Remove socket access in audioserver

MTK-Commit-Id: 53231b8b52745a21cc302833524911c55bab4960

Change-Id: I661f78bfbe0377bf88445494af0f33edb5f4fef7
CR-Id: ALPS04760196
Feature: [Module]Proprietary Audio Utility
2020-01-18 10:20:04 +08:00

72 lines
2.1 KiB
Plaintext
Raw Permalink Blame History

# ==============================================
# MTK Policy Rule for plat_private
# ==============================================
# Date : WK14.32
# Operation : Migration
# Purpose : For audio dump and log
allow audioserver sdcard_type:dir { w_dir_perms create };
allow audioserver sdcard_type:file create;
allow audioserver sdcard_type:dir remove_name;
allow audioserver sdcard_type:file unlink;
# Date : WK14.34
# Operation : Migration
# Purpose : Smartcard Service
allow audioserver system_data_file:file open;
# Data : WK14.38
# Operation : Migration
# Purpose : for boot animation.
allow audioserver bootanim:binder { transfer call };
allow audioserver mtkbootanimation:binder { transfer call };
# Data : WK14.38
# Operation : Migration
# Purpose : dump for debug
allow audioserver sdcard_type:file append;
# Data : WK14.46
# Operation : Migration
# Purpose : for SMS app
allow audioserver radio_data_file:dir search;
allow audioserver radio_data_file:file open;
# Data : WK14.47
# Operation : Audio playback
# Purpose : Music as ringtone
allow audioserver radio:dir { search read };
allow audioserver radio:file r_file_perms;
# Data : WK14.47
# Operation : CTS
# Purpose : cts search strange app
allow audioserver untrusted_app:dir search;
# Date : WK15.34
# Operation : Migration
# Purpose: for camera middleware dump image buffer to sdcard & audio frameworks dump
allow audioserver storage_file:lnk_file {read write};
allow audioserver mnt_user_file:dir {write read search};
allow audioserver mnt_user_file:lnk_file {read write};
# Purpose: Dump debug info
allow audioserver kmsg_device:chr_file { open write };
allow audioserver media_rw_data_file:dir { create_dir_perms };
# Date : WK16.27
# Operation : Migration
# Purpose: tunning tool update parameters
allow audioserver media_rw_data_file:file { create_file_perms };
# Date : WK16.28
# Operation : Migration
# Purpose: Write audio dump files to external SDCard.
allow audioserver sdcard_type:file { create_file_perms };
allow audioserver storage_file:dir { r_dir_perms };
# Date : W18.01
# Add for turn on SElinux in enforcing mode
allow audioserver self:netlink_kobject_uevent_socket { read create };
Reference in New Issue View Git Blame Copy Permalink