5849c224e3
1. Mark polices which accessing proc/sysfs file system
2. Add violator attribute to modules violate vendor/system rule.
MTK-Commit-Id: 3954cad7a1428cda694d8428c2235a78aa6e7cc8
Change-Id: I401ae5b87eb9a03f324bef83c6678149606b15a8
CR-Id: ALPS03825066
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
31 lines
1.1 KiB
Plaintext
31 lines
1.1 KiB
Plaintext
# ==============================================
|
|
# MTK Policy Rule
|
|
# ==============================================
|
|
|
|
# volume manager
|
|
|
|
# Date : WK16.19
|
|
# Operation : Migration
|
|
# Purpose : unmount /mnt/cd-rom. It causes by unmountAll() when VolumeManager starts
|
|
allow vold iso9660:filesystem unmount;
|
|
|
|
# Date : WK16.19
|
|
# Operation : Migration
|
|
# Purpose : dotrim for the mountpoints in fstab
|
|
typeattribute vold data_between_core_and_vendor_violators;
|
|
allow vold nvdata_file:dir r_dir_perms;
|
|
allow vold protect_f_data_file:dir r_dir_perms;
|
|
allow vold protect_s_data_file:dir r_dir_perms;
|
|
|
|
# Date : WK16.19
|
|
# Operation : Migration
|
|
# Purpose : vold will traverse /proc when remountUid().
|
|
# It will trigger violation if mtk customize some label in /proc.
|
|
# However, we should ignore the violation if the processes never access the storage.
|
|
dontaudit vold proc_battery_cmd:dir { read open };
|
|
dontaudit vold proc_mtkcooler:dir { read open };
|
|
dontaudit vold proc_mtktz:dir { read open };
|
|
dontaudit vold proc_thermal:dir { read open };
|
|
|
|
allow vold mtd_device:blk_file rw_file_perms;
|