8c75cd68e6
1. We have too many config properties set by PRODUCT_PROPERTY_OVERRIDES, and these properties usually are not sensitive and allow all processes to read. 2. Since Android P, properties should follow naming rule to add "vendor", and then this will cause properties to be labeled as vendor_default_prop. By default, coredomain is not granted to read vendor_default_prop. Actually these properties are read widely from system/vendor processes. 3. So we introduce "mtk_default_prop" type that grant read access to all processes, including system and vendor. MTK-Commit-Id: 18077a2cb14b7b1ddadb7000e8abb565f0fd49e3 Change-Id: Ia378db3dbb9d0bf388139be3419e013228c79d6e CR-Id: ALPS03934986 Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
34 lines
1.3 KiB
Plaintext
34 lines
1.3 KiB
Plaintext
allow vendor_init exported3_system_prop:property_service set;
|
|
allow vendor_init bt_prop:property_service set;
|
|
allow vendor_init dalvik_prop:property_service set;
|
|
|
|
allow vendor_init ffs_prop:property_service set;
|
|
allow vendor_init mediatek_prop:property_service set;
|
|
allow vendor_init mtk_md_version_prop:property_service set;
|
|
allow vendor_init mtk_volte_prop:property_service set;
|
|
allow vendor_init usp_prop:property_service set;
|
|
allow vendor_init vendor_radio_prop:property_service set;
|
|
allow vendor_init mtk_ril_mode_prop:property_service set;
|
|
allow vendor_init wmt_prop:property_service set;
|
|
|
|
allow vendor_init proc:file write;
|
|
allow vendor_init proc_bootprof:file write;
|
|
allow vendor_init rootfs:dir { write add_name setattr };
|
|
allow vendor_init self:capability sys_module;
|
|
|
|
allow vendor_init tmpfs:dir { write create add_name };
|
|
allow vendor_init unlabeled:dir { relabelfrom getattr setattr search };
|
|
allow vendor_init vendor_file:system module_load;
|
|
|
|
allow vendor_init kmsg_device:chr_file unlink;
|
|
set_prop(vendor_init, persist_mtk_aee_prop)
|
|
set_prop(vendor_init, ro_mtk_aee_prop)
|
|
set_prop(vendor_init, vendor_usb_prop)
|
|
set_prop(vendor_init, mtk_ct_volte_prop)
|
|
set_prop(vendor_init, mtk_gps_support_prop)
|
|
set_prop(vendor_init, mtk_rat_config_prop)
|
|
set_prop(vendor_init, mtk_aal_ro_prop)
|
|
set_prop(vendor_init, mtk_pq_ro_prop)
|
|
set_prop(vendor_init, mtk_default_prop)
|
|
|