diff options
author | mtk11285 <weiwei.zhang@mediatek.com> | 2020-01-18 09:52:43 +0800 |
---|---|---|
committer | mtk11285 <weiwei.zhang@mediatek.com> | 2020-01-18 09:52:43 +0800 |
commit | c058e72a5b80c519f36308b7362bee8758cb0b61 (patch) | |
tree | 22b8eeb65838eed2b09342b47783b9d6c9bf8b1e | |
parent | 38f6afbf146371cfd3c922e7d07ae4d6adfd933b (diff) | |
download | device_mediatek_wembley-sepolicy-c058e72a5b80c519f36308b7362bee8758cb0b61.tar.gz device_mediatek_wembley-sepolicy-c058e72a5b80c519f36308b7362bee8758cb0b61.tar.bz2 device_mediatek_wembley-sepolicy-c058e72a5b80c519f36308b7362bee8758cb0b61.zip |
[ALPS03841705] AEE porting on Android P about selinux
[Detail] add some rules
MTK-Commit-Id: 350fa2869fe9390bcb7ca562af5230a2ad711640
Change-Id: Ib4966ae42233270eb7a65ab036903791767b5ec8
CR-Id: ALPS03841705
Feature: Android Exception Engine(AEE)
-rw-r--r-- | non_plat/aee_aedv.te | 4 | ||||
-rw-r--r-- | plat_private/aee_aed.te | 7 |
2 files changed, 7 insertions, 4 deletions
diff --git a/non_plat/aee_aedv.te b/non_plat/aee_aedv.te index 9254d66..00e6c9e 100644 --- a/non_plat/aee_aedv.te +++ b/non_plat/aee_aedv.te @@ -357,8 +357,8 @@ allow aee_aedv sysfs_lowmemorykiller:file r_file_perms; allow aee_aedv sysfs_scp:dir r_dir_perms; allow aee_aedv sysfs_scp:file r_file_perms; -# Purpose: allow aee_aedv self to fsetid/sys_nice/chown/fowner -allow aee_aedv self:capability { fsetid sys_nice chown fowner }; +# Purpose: allow aee_aedv self to fsetid/sys_nice/chown/fowner/kill +allow aee_aedv self:capability { fsetid sys_nice chown fowner kill }; # Purpose: allow aee_aedv to read /proc/buddyinfo allow aee_aedv proc_buddyinfo:file r_file_perms; diff --git a/plat_private/aee_aed.te b/plat_private/aee_aed.te index 104a4fd..5c43cad 100644 --- a/plat_private/aee_aed.te +++ b/plat_private/aee_aed.te @@ -138,8 +138,8 @@ allow aee_aed crash_dump:file r_file_perms; # Purpose : allow aee_aed to read /proc/version allow aee_aed proc_version:file { read open }; -# Purpose : allow aee_aed self to sys_nice/chown -allow aee_aed self:capability { sys_nice chown fowner}; +# Purpose : allow aee_aed self to sys_nice/chown/kill +allow aee_aed self:capability { sys_nice chown fowner kill }; # Purpose: Allow aee_aed to write /sys/kernel/debug/tracing/snapshot userdebug_or_eng(`allow aee_aed debugfs_tracing_debug:file { write open };') @@ -148,3 +148,6 @@ userdebug_or_eng(`allow aee_aed debugfs_tracing_debug:file { write open };') userdebug_or_eng(` allow aee_aed self:capability { sys_ptrace dac_override dac_read_search }; ') + +# Purpose: Allow aee_aed to read/write /sys/kernel/debug/tracing/tracing_on +userdebug_or_eng(` allow aee_aed debugfs_tracing:file { r_file_perms write };') |