NekoSakura/android_device_mediatek_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
android_device_mediatek_sep.../plat_private/factory.te
Bo Ye 5849c224e3 [ALPS03825066] P migration selinux build failed fix 
1. Mark polices which accessing proc/sysfs file system
    2. Add violator attribute to modules violate vendor/system rule.

MTK-Commit-Id: 3954cad7a1428cda694d8428c2235a78aa6e7cc8

Change-Id: I401ae5b87eb9a03f324bef83c6678149606b15a8
CR-Id: ALPS03825066
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
2020-01-18 09:29:36 +08:00

38 lines
1.6 KiB
Plaintext
Raw Blame History

# ==============================================
# Policy File of /system/bin/factory Executable File
# ==============================================
# Type Declaration
# ==============================================
type factory_exec , exec_type, file_type;
typeattribute factory coredomain;
# ==============================================
# MTK Policy Rule
# ==============================================
init_daemon_domain(factory)
allow factory property_socket:sock_file write;
allow factory init:unix_stream_socket connectto;
allow factory kernel:system module_request;
allow factory node:tcp_socket node_bind;
allow factory userdata_block_device:blk_file rw_file_perms;
allow factory port:tcp_socket { name_bind name_connect };
#allow factory self:capability { sys_module ipc_lock sys_nice dac_override net_raw fsetid net_admin sys_time sys_boot sys_admin };
allow factory sdcard_type:dir r_dir_perms;
### TBD, neverallowxperm on line 177 of system/sepolicy/public/domain.te
#allow factory self:netlink_route_socket create_socket_perms;
allow factory self:netlink_route_socket { bind create getattr write nlmsg_read read nlmsg_write };
#allow factory proc_net:file { read getattr open };
allowxperm factory self:udp_socket ioctl priv_sock_ioctls;
allowxperm factory self:udp_socket ioctl {SIOCGIFFLAGS SIOCGIWNWID};
allow factory self:process execmem;
allow factory self:tcp_socket create_stream_socket_perms;
allow factory self:udp_socket create_socket_perms;
#allow factory sysfs_wake_lock:file rw_file_perms;
allow factory system_data_file:dir w_dir_perms;
allow factory system_data_file:sock_file create_file_perms;
allow factory system_file:file x_file_perms;
Reference in New Issue View Git Blame Copy Permalink