NekoSakura/android_device_mediatek_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
android_device_mediatek_sep.../non_plat/untrusted_app.te
Bo Ye 5849c224e3 [ALPS03825066] P migration selinux build failed fix 
1. Mark polices which accessing proc/sysfs file system
    2. Add violator attribute to modules violate vendor/system rule.

MTK-Commit-Id: 3954cad7a1428cda694d8428c2235a78aa6e7cc8

Change-Id: I401ae5b87eb9a03f324bef83c6678149606b15a8
CR-Id: ALPS03825066
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
2020-01-18 09:29:36 +08:00

50 lines
2.0 KiB
Plaintext
Raw Blame History

# ==============================================
# MTK Policy Rule
# ==============================================
# TODO:: Security Issue.
# Date : 2014/09/09
# Operation : Development GMO Feature "Move OAT to SD Card"
# Purpose : for GMO ROM Size Slim
#allow untrusted_app dalvikcache_data_file:lnk_file read;
# Date: 2016/02/26
# Operation: Migration
# Purpose: Allow MTK modified ElephantStress and WhatsTemp to read thermal zone temperatures
# from MTK kernel modules for thermal tests at OEM/ODM.
allow untrusted_app proc_mtktz:dir search;
allow untrusted_app proc_mtktz:file r_file_perms;
# Date : 2017/08/01
# Operation: SQC
# Purpose : Allow Whatstemp, a MTK thermal logging tool, to log thermal related information
# properly for thermal tests at OEM/ODM.
allow untrusted_app_25 proc_mtktz:dir search;
allow untrusted_app_25 proc_mtktz:file { getattr open read };
allow untrusted_app_25 proc_stat:file { getattr open read };
allow untrusted_app_25 proc_thermal:dir search;
allow untrusted_app_25 proc_thermal:file { getattr open read };
allow untrusted_app_25 sysfs_fps:dir search;
allow untrusted_app_25 sysfs_fps:file { getattr open read };
allow untrusted_app_25 sysfs_power_supply:dir search;
allow untrusted_app_25 sysfs_power_supply:file { getattr open read };
allow untrusted_app_25 sysfs_therm:dir { open read search };
allow untrusted_app_25 sysfs_therm:file { getattr open read };
# Date : 2017/08/10
# Operation: Development RenderScript opt
# Purpose : Allow RenderScript Opt RS2CL to invoke standalone executable
# properly for thermal tests at OEM/ODM.
typeattribute untrusted_app_25 system_executes_vendor_violators;
allow untrusted_app_25 vendor_file:file execute_no_trans;
typeattribute untrusted_app system_executes_vendor_violators;
allow untrusted_app vendor_file:file execute_no_trans;
# Date : WK17.39
# Stage: O Migration, SQC
# Purpose: Allow to use HAL PQ
allow untrusted_app_25 mtk_hal_pq_hwservice:hwservice_manager find;
allow untrusted_app mtk_hal_pq_hwservice:hwservice_manager find;
Reference in New Issue View Git Blame Copy Permalink