203b3d02de
[Detail] For Andorid Q, there is a more stringent restriction for ioctl, app need some permissions to access proc_ged by ioctlcmd. [Solution] Group existing sepolicies for different types app to access proc_ged by ioctlcmd together in appdomain. MTK-Commit-Id: e9ba9a00dbbc063388c8120048a72fd8f7ce497c Change-Id: I24a4671259a68a0fda756d37c16b7e61801e6cc8 CR-Id: ALPS04428389 Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
29 lines
1.1 KiB
Plaintext
29 lines
1.1 KiB
Plaintext
# ==============================================
|
|
# MTK Policy Rule
|
|
# ==============================================
|
|
|
|
# TODO:: Security Issue.
|
|
|
|
# Date: 2016/02/26
|
|
# Operation: Migration
|
|
# Purpose: Allow MTK modified ElephantStress and WhatsTemp to read thermal zone temperatures
|
|
# from MTK kernel modules for thermal tests at OEM/ODM.
|
|
allow untrusted_app proc_mtktz:dir search;
|
|
allow untrusted_app proc_mtktz:file r_file_perms;
|
|
|
|
# Date : 2017/08/01
|
|
# Operation: SQC
|
|
# Purpose : Allow Whatstemp, a MTK thermal logging tool, to log thermal related information
|
|
# properly for thermal tests at OEM/ODM.
|
|
allow untrusted_app_25 proc_mtktz:dir search;
|
|
allow untrusted_app_25 proc_mtktz:file { getattr open read };
|
|
allow untrusted_app_25 proc_thermal:dir search;
|
|
allow untrusted_app_25 proc_thermal:file { getattr open read };
|
|
|
|
allow untrusted_app_25 sysfs_fps:dir search;
|
|
allow untrusted_app_25 sysfs_fps:file { getattr open read };
|
|
allow untrusted_app_25 sysfs_batteryinfo:dir search;
|
|
#allow untrusted_app_25 sysfs_batteryinfo:file { getattr open read };
|
|
allow untrusted_app_25 sysfs_therm:dir { open read search };
|
|
allow untrusted_app_25 sysfs_therm:file { getattr open read };
|