diff options
| author | Shanshan Guo <Shanshan.Guo@mediatek.com> | 2019-10-25 09:09:47 +0800 |
|---|---|---|
| committer | Shanshan Guo <shanshan.guo@mediatek.com> | 2019-10-28 09:26:41 +0800 |
| commit | b727ba4e2b59c1dbe59f5e1d9f6b9c5d94c5ffad (patch) | |
| tree | c9d094c32f01daece97e4a72ec644a7c4843a9a8 | |
| parent | b9c316d9b87f36e958f56273ffec3d6556639bdd (diff) | |
| download | device_mediatek_wembley-sepolicy-b727ba4e2b59c1dbe59f5e1d9f6b9c5d94c5ffad.tar.gz device_mediatek_wembley-sepolicy-b727ba4e2b59c1dbe59f5e1d9f6b9c5d94c5ffad.tar.bz2 device_mediatek_wembley-sepolicy-b727ba4e2b59c1dbe59f5e1d9f6b9c5d94c5ffad.zip | |
[ALPS04833608] SEPolicy: Add specail SELabel for atag,chipid
[Detail]
It has risk for allow process to get permission of atag,chipid
by using u:object_rsysfs:s0
To avoid that, need to add specail SELabel for atag,chipid
[Solution]
Add specail SELabel for atag,chipid
Change-Id: Ibaf69f387015790c657783bb1234e584e56f67aa
CR-Id: ALPS04833608
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
| -rw-r--r-- | non_plat/file.te | 5 | ||||
| -rw-r--r-- | non_plat/genfs_contexts | 5 |
2 files changed, 10 insertions, 0 deletions
diff --git a/non_plat/file.te b/non_plat/file.te index ab973a7..6ca32cb 100644 --- a/non_plat/file.te +++ b/non_plat/file.te @@ -431,3 +431,8 @@ type sysfs_pages_volatile, fs_type, sysfs_type; # Date : 2019/10/22 # Purpose : allow aee_aedv write /sys/module/mrdump/parameters/lbaooo type sysfs_mrdump_lbaooo, fs_type, sysfs_type; + +# Date : 2019/10/25 +# Purpose : To avoid using the SELabel of u:object_r:proc:s0 or u:object_r:sysfs:s0 +# to access /proc/device-tree/chosen/atag,chipid or /sysfs/firmware/devicetree/base/chosen/atag,chipid +type sysfs_chipid, fs_type, sysfs_type; diff --git a/non_plat/genfs_contexts b/non_plat/genfs_contexts index edf72ff..cb30065 100644 --- a/non_plat/genfs_contexts +++ b/non_plat/genfs_contexts @@ -263,3 +263,8 @@ genfscon sysfs /kernel/mm/ksm/pages_shared u:object_r:sysfs_pages_shared:s0 genfscon sysfs /kernel/mm/ksm/pages_sharing u:object_r:sysfs_pages_sharing:s0 genfscon sysfs /kernel/mm/ksm/pages_unshared u:object_r:sysfs_pages_unshared:s0 genfscon sysfs /kernel/mm/ksm/pages_volatile u:object_r:sysfs_pages_volatile:s0 + +# Date : 2019/10/25 +# Purpose : To avoid using the SELabel of u:object_r:proc:s0 or u:object_r:sysfs:s0 +# to access /proc/device-tree/chosen/atag,chipid or /sysfs/firmware/devicetree/base/chosen/atag,chipid +genfscon sysfs /firmware/devicetree/base/chosen/atag,chipid u:object_r:sysfs_chipid:s0 |