NekoSakura/android_device_mediatek_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
android_device_mediatek_sep.../non_plat/property.te
Lili Lin 8c75cd68e6 [ALPS03934986] Add mtk_default_prop 
1. We have too many config properties set by PRODUCT_PROPERTY_OVERRIDES,
and these properties usually are not sensitive and allow all processes to read.
2. Since Android P, properties should follow naming rule to add "vendor",
and then this will cause properties to be labeled as vendor_default_prop.
By default, coredomain is not granted to read vendor_default_prop.
Actually these properties are read widely from system/vendor processes.
3. So we introduce "mtk_default_prop" type that grant read access to
all processes, including system and vendor.

MTK-Commit-Id: 18077a2cb14b7b1ddadb7000e8abb565f0fd49e3

Change-Id: Ia378db3dbb9d0bf388139be3419e013228c79d6e
CR-Id: ALPS03934986
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
2020-01-18 09:59:13 +08:00

213 lines
8.4 KiB
Plaintext
Raw Blame History

# ==============================================
# MTK Policy Rule
# ==============================================
# MTK properties, allow all system/vendor processes to read.
type mtk_default_prop, property_type, mtk_core_property_type;
# Date: W14.32
# Operation: Migration
# Purpose: don't allow to use default_prop
### TBD
#neverallow { domain -init } default_prop:property_service set;
#neverallow { domain -init -system_server -recovery -system_app} ctl_default_prop:property_service set;
#=============allow ccci_mdinit to start gsm0710muxd==============
type ctl_gsm0710muxd_prop, property_type;
type ctl_gsm0710muxd-s_prop, property_type;
type ctl_gsm0710muxd-d_prop, property_type;
#=============allow ccci_mdinit to ctl. mdlogger==============
type ctl_mdlogger_prop, property_type;
type ctl_emdlogger1_prop, property_type;
type ctl_emdlogger2_prop, property_type;
type ctl_emdlogger3_prop, property_type;
type ctl_dualmdlogger_prop, property_type;
#=============allow viarild to start property==============
type ctl_viarild_prop, property_type;
#=============allow mtkrild to set persist.ril property==============
type persist_ril_prop, property_type, mtk_core_property_type;
type vendor_ril_ipo_prop, property_type, mtk_core_property_type;
#=============allow gsm0710muxd to set mux property==============
type gsm0710muxd_prop, property_type, mtk_core_property_type;
#=============allow netlog running==============
type debug_mtklog_prop, property_type, mtk_core_property_type;
type persist_mtklog_prop, property_type, mtk_core_property_type;
type debug_netlog_prop, property_type, mtk_core_property_type;
#=============allow netd to set mtk_wifi.*=========================
type mtk_wifi_prop, property_type, mtk_core_property_type;
#=============allow mdlogger==============
type debug_mdlogger_prop, property_type, mtk_core_property_type;
type vendor_mdl_prop, property_type, mtk_core_property_type;
type vendor_mdl_start_prop, property_type, mtk_core_property_type;
type vendor_usb_prop, property_type, mtk_core_property_type;
type persist_mdlog_prop, property_type, mtk_core_property_type;
type vendor_mdl_pulllog_prop, property_type, mtk_core_property_type;
#=============allow AEE==============
type persist_mtk_aee_prop, property_type, mtk_core_property_type;
type persist_aee_prop, property_type, mtk_core_property_type;
type debug_mtk_aee_prop, property_type, mtk_core_property_type;
type ro_mtk_aee_prop, property_type, mtk_core_property_type;
#=============allow aee_dumpstate==============
type debug_bq_dump_prop, property_type, mtk_core_property_type;
#=============allow ccci_mdinit to stop rild==============
type ctl_ril-daemon-mtk_prop, property_type;
type ctl_fusion_ril_mtk_prop, property_type;
type ctl_ril-daemon-s_prop, property_type;
type ctl_ril-daemon-d_prop, property_type;
type ctl_ril-proxy_prop, property_type;
#=============allow ccci_mdinit to start ccci_fsd==============
type ctl_ccci_fsd_prop, property_type;
type ctl_ccci2_fsd_prop, property_type;
type ctl_ccci3_fsd_prop, property_type;
#=============allow ccci_mdinit to set ril_active_md_prop==============
type ril_active_md_prop, property_type, mtk_core_property_type;
#=============allow ccci_mdinit to stop rild==============
type ril_mux_report_case_prop, property_type, mtk_core_property_type;
type ril_cdma_report_prop, property_type, mtk_core_property_type;
#=============allow ccci_mdinit to mtk_md_prop==============
type mtk_md_prop, property_type, mtk_core_property_type;
#=============allow mtkrild to start muxreport==============
type ctl_muxreport-daemon_prop, property_type;
#=============allow telephony modules to set tel_switch_prop==============
type tel_switch_prop, property_type, mtk_core_property_type;
#=============allow ppp to set pppoe.ppp0==============
type pppoe_ppp0_prop, property_type, mtk_core_property_type;
#=============allow bootanim==============
type bootani_prop, property_type, mtk_core_property_type;
#=============allow mnld_prop==============
type mnld_prop, property_type, mtk_core_property_type;
#=============allow audiohal==============
type audiohal_prop, property_type, mtk_core_property_type;
#=============allow wmt==============
type wmt_prop, property_type, mtk_core_property_type;
#=============allow sensor==============
type ctl_emcsmdlogger_prop, property_type;
type ctl_eemcs_fsd_prop, property_type;
#=============allow statusd==============
type net_cdma_mdmstat, property_type, mtk_core_property_type;
#=============allow bt==============
type bt_prop, property_type, mtk_core_property_type;
type persist_bt_prop, property_type, mtk_core_property_type;
#============= allow factory idle current prop ==============
type vendor_factory_idle_state_prop, property_type, mtk_core_property_type;
#============= allow mobile log property ===============
type mobile_log_prop, property_type, mtk_core_property_type;
#============= allow service.nvram_init property ===============
type service_nvram_init_prop, property_type, mtk_core_property_type;
#============= allow ro.wlan.mtk.wifi.5g property ===============
type wifi_5g_prop, property_type, mtk_core_property_type;
#=============allow em to set client.appmode ==============
type mtk_em_prop, property_type, mtk_core_property_type;
#=============allow mediatek_prop ==============
type mediatek_prop, property_type, mtk_core_property_type;
#============= allow em set property ===============
type mtk_em_auto_answer_prop, property_type, mtk_core_property_type;
#============= allow em set protocol ===============
type mtk_em_bt_sspdebug_prop, property_type, mtk_core_property_type;
#============= allow em set protocol ===============
type mtk_em_net_auto_tethering_prop, property_type, mtk_core_property_type;
#=============allow meta_tst to stop specific service ===============
type ctl_mobile_log_d_prop, property_type;
type ctl_mnld_prop, property_type;
type ctl_mobicore_prop, property_type;
#=============allow system server to set meta_connecttype property ==============
type meta_connecttype_prop, property_type;
#=============Telephony Sensitive property==============
type mtk_telephony_sensitive_prop, property_type;
#=============allow processes to change thermal config================
type mtk_thermal_config_prop, property_type;
#=============allow composer set property ============================
type graphics_hwc_pid_prop, property_type;
type graphics_debug_prop, property_type;
#============= mtkcam property ============================
type mtkcam_prop, property_type;
#============= allow em set UCE property ===============
type persist_uce_prop, property_type;
#============= atm modem mode property ==============
type atm_mdmode_prop, property_type;
#============= atm ip address property ==============
type atm_ipaddr_prop, property_type;
#=============allow consyslogger==============
type vendor_connsysfw_prop, property_type, mtk_core_property_type;
#=============radio group property=============
type vendor_radio_prop, property_type, mtk_core_property_type;
#=============allow bluetooth==============
type vendor_bluetooth_prop, property_type, mtk_core_property_type;
#=============allow EM to set modem reset delay property================
type mtk_debug_md_reset_prop, property_type, mtk_core_property_type;
#=============allow EM to set wifi log level property================
type mtk_debug_wifi_level_prop, property_type, mtk_core_property_type;
#=============allow EM to set BT ssp debug mode property================
type mtk_bt_sspdebug_prop, property_type, mtk_core_property_type;
#=============em camera property==============
type vendor_debug_prop, property_type, mtk_core_property_type;
#=============allow ccci_mdinit get ccci_fsd property===========
type mtk_ccci_fsd_prop, property_type, mtk_core_property_type;
#=============allow ct volte==============
type mtk_ct_volte_prop, property_type, mtk_core_property_type;
#=============mtk ril mode property=============
type mtk_ril_mode_prop, property_type, mtk_core_property_type;
#=============GPS support properties==============
type mtk_gps_support_prop, property_type, mtk_core_property_type;
#=============mtk rat config property=============
type mtk_rat_config_prop, property_type, mtk_core_property_type;
#=============mtk aal property=============
type mtk_aal_ro_prop, property_type, mtk_core_property_type;
#=============mtk pq property=============
type mtk_pq_ro_prop, property_type, mtk_core_property_type;
type mtk_pq_prop, property_type, mtk_core_property_type;
Reference in New Issue View Git Blame Copy Permalink