[ALPS04961644] SEPolicy: Fix build error for Android R

[Detail]
Some restrictions have been added in Android R by Google,
need to modify the conflicting SEPolicies of MTK.

[Solution]
Remove the conflicting SEPolicies.

CR-Id: ALPS04961644
Change-Id: Ic3c27729f8d21929be74b62b353cc2db376c75d7
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK

10 files changed, 21 insertions, 20 deletions

diff --git a/non_plat/ccci_mdinit.te b/non_plat/ccci_mdinit.te
index 6617aab..eb1e6ef 100644
--- a/non_plat/ccci_mdinit.te
+++ b/non_plat/ccci_mdinit.te
@@ -27,7 +27,7 @@ set_prop(ccci_mdinit, ctl_dualmdlogger_prop)
 set_prop(ccci_mdinit, ctl_gsm0710muxd_prop)
 set_prop(ccci_mdinit, ctl_gsm0710muxd-s_prop)
 set_prop(ccci_mdinit, ctl_gsm0710muxd-d_prop)
-set_prop(ccci_mdinit, ctl_rildaemon_prop)
+#set_prop(ccci_mdinit, ctl_rildaemon_prop)
 set_prop(ccci_mdinit, ctl_ril-daemon-mtk_prop)
 set_prop(ccci_mdinit, ctl_fusion_ril_mtk_prop)
 set_prop(ccci_mdinit, ctl_ril-daemon-s_prop)
diff --git a/non_plat/file.te b/non_plat/file.te
index 607199e..5c12bb3 100644
--- a/non_plat/file.te
+++ b/non_plat/file.te
@@ -71,7 +71,7 @@ type proc_pl_lk, fs_type, proc_type;
 type proc_msdc_debug, fs_type, proc_type;
 type proc_ufs_debug, fs_type, proc_type;
 type proc_pidmap, fs_type, proc_type;
-type proc_kpageflags, fs_type, proc_type;
+#type proc_kpageflags, fs_type, proc_type;
 type proc_slabtrace, fs_type, proc_type;
 type proc_cmdq_debug, fs_type, proc_type;
 type proc_isp_p2, fs_type, proc_type;
diff --git a/non_plat/genfs_contexts b/non_plat/genfs_contexts
index 0af1fc5..3979e1b 100644
--- a/non_plat/genfs_contexts
+++ b/non_plat/genfs_contexts
@@ -37,7 +37,7 @@ genfscon proc /pl_lk u:object_r:proc_pl_lk:s0
 genfscon proc /msdc_debug u:object_r:proc_msdc_debug:s0
 genfscon proc /ufs_debug u:object_r:proc_ufs_debug:s0
 genfscon proc /pidmap u:object_r:proc_pidmap:s0
-genfscon proc /kpageflags u:object_r:proc_kpageflags:s0
+#genfscon proc /kpageflags u:object_r:proc_kpageflags:s0
 genfscon proc /mtk_memcfg/slabtrace u:object_r:proc_slabtrace:s0
 genfscon proc /mtk_cmdq_debug/status u:object_r:proc_cmdq_debug:s0
 genfscon proc /cpuhvfs/dbg_repo u:object_r:proc_dbg_repo:s0
diff --git a/non_plat/gsm0710muxd.te b/non_plat/gsm0710muxd.te
index 5afcd84..8dbc795 100644
--- a/non_plat/gsm0710muxd.te
+++ b/non_plat/gsm0710muxd.te
@@ -17,7 +17,7 @@ allow gsm0710muxd self:capability { chown fowner setuid };
 
 # Property service
 # Set ctl.ril-daemon property
-set_prop(gsm0710muxd, ctl_rildaemon_prop)
+#set_prop(gsm0710muxd, ctl_rildaemon_prop)
 set_prop(gsm0710muxd, ctl_ril-daemon-mtk_prop)
 set_prop(gsm0710muxd, ctl_fusion_ril_mtk_prop)
 set_prop(gsm0710muxd, gsm0710muxd_prop)
diff --git a/non_plat/init.te b/non_plat/init.te
index b93dcbf..9844687 100644
--- a/non_plat/init.te
+++ b/non_plat/init.te
@@ -41,9 +41,9 @@ allow init para_block_device:blk_file w_file_perms;
 # Date : WK15.32
 # Operation : Migration
 # Purpose : disable AT_SECURE for LD_PRELOAD
-userdebug_or_eng(`
-  allow init { domain -lmkd -crash_dump -llkd -mediaswcodec }:process noatsecure;
-')
+#userdebug_or_eng(`
+#  allow init { domain -lmkd -crash_dump -llkd -mediaswcodec }:process noatsecure;
+#')
 
 # Date : WK16.26
 # Operation : Access dynamic_debug control file
diff --git a/non_plat/nvram_agent_binder.te b/non_plat/nvram_agent_binder.te
index 4d798b6..5dc888a 100644
--- a/non_plat/nvram_agent_binder.te
+++ b/non_plat/nvram_agent_binder.te
@@ -15,7 +15,7 @@ init_daemon_domain(nvram_agent_binder)
 # Date : WK14.35
 # Operation : access nvram by binder 
 # Purpose : ensure nvram user can access nvram file normally. 
-allow nvram_agent_binder nvram_agent_service:service_manager add;
+#allow nvram_agent_binder nvram_agent_service:service_manager add;
 
 # Date : WK14.43
 # Operation : 2rd Selinux Migration 
diff --git a/non_plat/vendor_init.te b/non_plat/vendor_init.te
index cccd114..6c3afb7 100644
--- a/non_plat/vendor_init.te
+++ b/non_plat/vendor_init.te
@@ -1,7 +1,7 @@
-allow vendor_init exported3_system_prop:property_service set;
-allow vendor_init dalvik_prop:property_service set;
+#allow vendor_init exported3_system_prop:property_service set;
+#allow vendor_init dalvik_prop:property_service set;
 
-allow vendor_init ffs_prop:property_service set;
+#allow vendor_init ffs_prop:property_service set;
 allow vendor_init mediatek_prop:property_service set;
 allow vendor_init mtk_md_version_prop:property_service set;
 allow vendor_init mtk_volte_prop:property_service set;
@@ -10,7 +10,7 @@ allow vendor_init mtk_ril_mode_prop:property_service set;
 allow vendor_init wmt_prop:property_service set;
 allow vendor_init coredump_prop:property_service set;
 allow vendor_init proc_wmtdbg:file w_file_perms;
-allow vendor_init vold_prop:property_service set;
+#allow vendor_init vold_prop:property_service set;
 
 allow vendor_init proc:file write;
 allow vendor_init proc_cpufreq:file w_file_perms;
@@ -74,4 +74,4 @@ set_prop(vendor_init, mtk_wifi_hotspot_prop)
 
 set_prop(vendor_init, persist_aeev_prop)
 
-set_prop(vendor_init, mtk_powerhal_prop)
\ No newline at end of file
+set_prop(vendor_init, mtk_powerhal_prop)
diff --git a/plat_private/service_contexts b/plat_private/service_contexts
index 814ca69..03dbfe3 100644
--- a/plat_private/service_contexts
+++ b/plat_private/service_contexts
@@ -9,4 +9,5 @@ NvRAMAgent                              u:object_r:nvram_agent_service:s0
 memory_dumper                           u:object_r:mediaserver_service:s0
 imsa                                    u:object_r:radio_service:s0
 mtkIms                                  u:object_r:radio_service:s0
-GbaService                              u:object_r:radio_service:s0
\ No newline at end of file
+GbaService                              u:object_r:radio_service:s0
+
diff --git a/r_non_plat/gsm0710muxd.te b/r_non_plat/gsm0710muxd.te
index 5afcd84..65ed983 100644
--- a/r_non_plat/gsm0710muxd.te
+++ b/r_non_plat/gsm0710muxd.te
@@ -20,7 +20,7 @@ allow gsm0710muxd self:capability { chown fowner setuid };
 set_prop(gsm0710muxd, ctl_rildaemon_prop)
 set_prop(gsm0710muxd, ctl_ril-daemon-mtk_prop)
 set_prop(gsm0710muxd, ctl_fusion_ril_mtk_prop)
-set_prop(gsm0710muxd, gsm0710muxd_prop)
+#set_prop(gsm0710muxd, gsm0710muxd_prop)
 set_prop(gsm0710muxd, vendor_radio_prop)
 # allow set muxreport control properties
 set_prop(gsm0710muxd, ril_mux_report_case_prop)
diff --git a/r_non_plat/vendor_init.te b/r_non_plat/vendor_init.te
index 5df8e27..bba9daf 100644
--- a/r_non_plat/vendor_init.te
+++ b/r_non_plat/vendor_init.te
@@ -1,7 +1,7 @@
-allow vendor_init exported3_system_prop:property_service set;
-allow vendor_init dalvik_prop:property_service set;
+#allow vendor_init exported3_system_prop:property_service set;
+#allow vendor_init dalvik_prop:property_service set;
 
-allow vendor_init ffs_prop:property_service set;
+#allow vendor_init ffs_prop:property_service set;
 allow vendor_init mediatek_prop:property_service set;
 allow vendor_init mtk_md_version_prop:property_service set;
 allow vendor_init mtk_volte_prop:property_service set;
@@ -10,7 +10,7 @@ allow vendor_init mtk_ril_mode_prop:property_service set;
 allow vendor_init wmt_prop:property_service set;
 allow vendor_init coredump_prop:property_service set;
 allow vendor_init proc_wmtdbg:file w_file_perms;
-allow vendor_init vold_prop:property_service set;
+#allow vendor_init vold_prop:property_service set;
 
 allow vendor_init proc:file write;
 allow vendor_init proc_bootprof:file write;
@@ -69,4 +69,4 @@ allow vendor_init kernel:key search;
 # Purpose: /dev/block/mmcblk0p10
 allow vendor_init expdb_block_device:blk_file rw_file_perms;
 
-set_prop(vendor_init, mtk_wifi_hotspot_prop)
\ No newline at end of file
+set_prop(vendor_init, mtk_wifi_hotspot_prop)