346ca0c012
vold cannot do fstrim on vendor folders (ex: nvdata, protect_f) because of never allow rule. Thus, skip selinux violation log for fstrim vendor folder. MTK-Commit-Id: cf15f3ec6ae93e65c1f13b22f044e766a63eaece Change-Id: I9c26ee000b8554df7abb03141ecf73a78d727f87 CR-Id: ALPS04631260 Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
34 lines
1.2 KiB
Plaintext
34 lines
1.2 KiB
Plaintext
# ==============================================
|
|
# MTK Policy Rule
|
|
# ==============================================
|
|
|
|
# volume manager
|
|
|
|
# Date : WK16.19
|
|
# Operation : Migration
|
|
# Purpose : unmount /mnt/cd-rom. It causes by unmountAll() when VolumeManager starts
|
|
allow vold iso9660:filesystem unmount;
|
|
|
|
# Date : WK16.19
|
|
# Operation : Migration
|
|
# Purpose : vold will traverse /proc when remountUid().
|
|
# It will trigger violation if mtk customize some label in /proc.
|
|
# However, we should ignore the violation if the processes never access the storage.
|
|
dontaudit vold proc_battery_cmd:dir { read open };
|
|
dontaudit vold proc_mtkcooler:dir { read open };
|
|
dontaudit vold proc_mtktz:dir { read open };
|
|
dontaudit vold proc_thermal:dir { read open };
|
|
|
|
# Date : WK18.30
|
|
# Operation : Migration
|
|
# Purpose : vold create mdlog folder in data for meta mode.
|
|
allow vold mdlog_data_file:dir { create_dir_perms };
|
|
|
|
allow vold mtd_device:blk_file rw_file_perms;
|
|
|
|
# dontaudit for fstrim on 'vendor' folder
|
|
dontaudit vold nvdata_file:dir r_dir_perms;
|
|
dontaudit vold nvcfg_file:dir r_dir_perms;
|
|
dontaudit vold protect_f_data_file:dir r_dir_perms;
|
|
dontaudit vold protect_s_data_file:dir r_dir_perms;
|