c7ac9f171a
[Detail] 1.Google add new neverallow rule for untrusted apps 2.The file/dir in /proc must associate with proc_type [Solution] 1.Remove rules which violate google neverallow rules about untrusted apps 2.Add proc_type attribute for file/dir on /proc MTK-Commit-Id: b94412725e3a7b18db9573056c2fb43367989ed5 Change-Id: I89de16a65f05d052969c794604b9c372ed1ce7e1 CR-Id: ALPS03825066 Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
49 lines
1.9 KiB
Plaintext
49 lines
1.9 KiB
Plaintext
# ==============================================
|
|
# MTK Policy Rule
|
|
# ==============================================
|
|
|
|
# TODO:: Security Issue.
|
|
|
|
# Date : 2014/09/09
|
|
# Operation : Development GMO Feature "Move OAT to SD Card"
|
|
# Purpose : for GMO ROM Size Slim
|
|
#allow untrusted_app dalvikcache_data_file:lnk_file read;
|
|
|
|
# Date: 2016/02/26
|
|
# Operation: Migration
|
|
# Purpose: Allow MTK modified ElephantStress and WhatsTemp to read thermal zone temperatures
|
|
# from MTK kernel modules for thermal tests at OEM/ODM.
|
|
allow untrusted_app proc_mtktz:dir search;
|
|
allow untrusted_app proc_mtktz:file r_file_perms;
|
|
|
|
# Date : 2017/08/01
|
|
# Operation: SQC
|
|
# Purpose : Allow Whatstemp, a MTK thermal logging tool, to log thermal related information
|
|
# properly for thermal tests at OEM/ODM.
|
|
allow untrusted_app_25 proc_mtktz:dir search;
|
|
allow untrusted_app_25 proc_mtktz:file { getattr open read };
|
|
allow untrusted_app_25 proc_thermal:dir search;
|
|
allow untrusted_app_25 proc_thermal:file { getattr open read };
|
|
|
|
allow untrusted_app_25 sysfs_fps:dir search;
|
|
allow untrusted_app_25 sysfs_fps:file { getattr open read };
|
|
allow untrusted_app_25 sysfs_batteryinfo:dir search;
|
|
allow untrusted_app_25 sysfs_batteryinfo:file { getattr open read };
|
|
allow untrusted_app_25 sysfs_therm:dir { open read search };
|
|
allow untrusted_app_25 sysfs_therm:file { getattr open read };
|
|
|
|
# Date : 2017/08/10
|
|
# Operation: Development RenderScript opt
|
|
# Purpose : Allow RenderScript Opt RS2CL to invoke standalone executable
|
|
# properly for thermal tests at OEM/ODM.
|
|
typeattribute untrusted_app_25 system_executes_vendor_violators;
|
|
allow untrusted_app_25 vendor_file:file execute_no_trans;
|
|
typeattribute untrusted_app system_executes_vendor_violators;
|
|
allow untrusted_app vendor_file:file execute_no_trans;
|
|
|
|
# Date : WK17.39
|
|
# Stage: O Migration, SQC
|
|
# Purpose: Allow to use HAL PQ
|
|
allow untrusted_app_25 mtk_hal_pq_hwservice:hwservice_manager find;
|
|
allow untrusted_app mtk_hal_pq_hwservice:hwservice_manager find;
|