78d7f51370
[Detail] System processes have no permission to access vendor_default_prop [Solution] Add get vendor_default_prop rule for system processes MTK-Commit-Id: 412119fb578fc32e9f046c09a13817cf3c755515 Change-Id: I791997e6bb44c61b69d32c6da0cc80c6f2a9759e CR-Id: ALPS03825066 Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
28 lines
936 B
Plaintext
28 lines
936 B
Plaintext
# ==============================================
|
|
# MTK Policy Rule
|
|
# ==============================================
|
|
|
|
# volume manager
|
|
|
|
# Date : WK16.19
|
|
# Operation : Migration
|
|
# Purpose : unmount /mnt/cd-rom. It causes by unmountAll() when VolumeManager starts
|
|
allow vold iso9660:filesystem unmount;
|
|
|
|
# Date : WK16.19
|
|
# Operation : Migration
|
|
# Purpose : vold will traverse /proc when remountUid().
|
|
# It will trigger violation if mtk customize some label in /proc.
|
|
# However, we should ignore the violation if the processes never access the storage.
|
|
dontaudit vold proc_battery_cmd:dir { read open };
|
|
dontaudit vold proc_mtkcooler:dir { read open };
|
|
dontaudit vold proc_mtktz:dir { read open };
|
|
dontaudit vold proc_thermal:dir { read open };
|
|
|
|
allow vold mtd_device:blk_file rw_file_perms;
|
|
|
|
# Date : WK18.20
|
|
# Operation : Migration
|
|
# Purpose : no permission for vendor_default_prop
|
|
get_prop(vold, vendor_default_prop)
|