05f5d87b88
[Detail] Googles new commit
neverallow coredomain from writing vendor properties
cause build break
cdb1624c27
[Solution] Declare system_writes_vendor_properties_violators as workaround
MTK-Commit-Id: 2b19515d2d98945b0aadfbc9043352ae927497f3
Change-Id: I7be59b6811f6c75ea47da205be902417311fe1d0
CR-Id: ALPS03881723
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
65 lines
2.1 KiB
Plaintext
65 lines
2.1 KiB
Plaintext
# ==============================================
|
|
# Policy File of /system/bin/aee_aed Executable File
|
|
|
|
# ==============================================
|
|
# MTK Policy Rule
|
|
# ==============================================
|
|
|
|
# Date : WK14.32
|
|
# Operation : AEE UT
|
|
# Purpose : for AEE module
|
|
allow aee_aed aed_device:chr_file rw_file_perms;
|
|
allow aee_aed expdb_device:chr_file rw_file_perms;
|
|
allow aee_aed expdb_block_device:blk_file rw_file_perms;
|
|
allow aee_aed bootdevice_block_device:blk_file rw_file_perms;
|
|
allow aee_aed etb_device:chr_file rw_file_perms;
|
|
|
|
# open/dev/mtd/mtd12 failed(expdb)
|
|
allow aee_aed mtd_device:dir create_dir_perms;
|
|
allow aee_aed mtd_device:chr_file rw_file_perms;
|
|
|
|
# NE flow: /dev/RT_Monitor
|
|
allow aee_aed RT_Monitor_device:chr_file r_file_perms;
|
|
|
|
#data/aee_exp
|
|
allow aee_aed aee_exp_data_file:dir create_dir_perms;
|
|
allow aee_aed aee_exp_data_file:file create_file_perms;
|
|
|
|
#data/dumpsys
|
|
allow aee_aed aee_dumpsys_data_file:dir create_dir_perms;
|
|
allow aee_aed aee_dumpsys_data_file:file create_file_perms;
|
|
|
|
#/data/core
|
|
allow aee_aed aee_core_data_file:dir create_dir_perms;
|
|
allow aee_aed aee_core_data_file:file create_file_perms;
|
|
|
|
# /data/data_tmpfs_log
|
|
allow aee_aed data_tmpfs_log_file:dir create_dir_perms;
|
|
allow aee_aed data_tmpfs_log_file:file create_file_perms;
|
|
|
|
# Purpose: aee_aed set property
|
|
typeattribute aee_aed system_writes_vendor_properties_violators;
|
|
set_prop(aee_aed, persist_mtk_aee_prop);
|
|
set_prop(aee_aed, persist_aee_prop);
|
|
set_prop(aee_aed, debug_mtk_aee_prop);
|
|
|
|
# /proc/lk_env
|
|
allow aee_aed proc_lk_env:file rw_file_perms;
|
|
|
|
# Purpose: Allow aee_aed to read /proc/pid/exe
|
|
allow aee_aed exec_type:file r_file_perms;
|
|
|
|
# Purpose: Allow aee_aed to read /proc/cpu/alignment
|
|
allow aee_aed proc_cpu_alignment:file { write open };
|
|
|
|
# Purpose: Allow aee_aed to access /sys/devices/virtual/timed_output/vibrator/enable
|
|
allow aee_aed sysfs_vibrator_setting:dir search;
|
|
allow aee_aed sysfs_vibrator_setting:file w_file_perms;
|
|
allow aee_aed sysfs_vibrator:dir search;
|
|
|
|
# Purpose: Allow aee_aed to read /proc/kpageflags
|
|
allow aee_aed proc_kpageflags:file r_file_perms;
|
|
|
|
# temp solution
|
|
get_prop(aee_aed, vendor_default_prop)
|