diff options
| author | Bo Ye <bo.ye@mediatek.com> | 2018-03-19 14:09:26 +0800 |
|---|---|---|
| committer | Bo Ye <bo.ye@mediatek.com> | 2018-03-19 16:34:20 +0800 |
| commit | 3954cad7a1428cda694d8428c2235a78aa6e7cc8 (patch) | |
| tree | 419c8aa4c6bac615639c85cc9d89d0223a7caf6e /non_plat/system_server.te | |
| parent | ff683b4eee0a6dd95ff25fbb6c7d1fc3a79c604d (diff) | |
| download | device_mediatek_wembley-sepolicy-3954cad7a1428cda694d8428c2235a78aa6e7cc8.tar.gz device_mediatek_wembley-sepolicy-3954cad7a1428cda694d8428c2235a78aa6e7cc8.tar.bz2 device_mediatek_wembley-sepolicy-3954cad7a1428cda694d8428c2235a78aa6e7cc8.zip | |
[ALPS03825066] P migration selinux build failed fix
1. Mark polices which accessing proc/sysfs file system
2. Add violator attribute to modules violate vendor/system rule.
Change-Id: I401ae5b87eb9a03f324bef83c6678149606b15a8
CR-Id: ALPS03825066
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
Diffstat (limited to 'non_plat/system_server.te')
| -rw-r--r-- | non_plat/system_server.te | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/non_plat/system_server.te b/non_plat/system_server.te index 4cac41f..0ff426a 100644 --- a/non_plat/system_server.te +++ b/non_plat/system_server.te @@ -14,9 +14,10 @@ allow system_server wmtWifi_device:chr_file w_file_perms; #allow system_server gps_data_file:dir rw_dir_perms; # /proc access. -allow system_server proc:file w_file_perms; +#allow system_server proc:file w_file_perms; # /data/dontpanic access. +typeattribute system_server data_between_core_and_vendor_violators; allow system_server dontpanic_data_file:dir search; # /data/agps_supl access. @@ -35,7 +36,7 @@ allow system_server zygote:binder impersonate; allow system_server ctl_bootanim_prop:property_service set; # After connected to DHCPv6, enabled 6to4 IPv6 AP to get property. -allow system_server proc_net:file w_file_perms; +#allow system_server proc_net:file w_file_perms; r_dir_file(system_server, wide_dhcpv6_data_file) # For dumpsys. @@ -72,7 +73,7 @@ allow system_server sysfs_dcm:file rw_file_perms; # Date : WK16.33 # Purpose: Allow to access ged for gralloc_extra functions -allow system_server proc_ged:file {open read write ioctl getattr}; +#allow system_server proc_ged:file {open read write ioctl getattr}; # Date : WK16.36 # Purpose: Allow to set property log.tag.WifiHW to control log level of WifiHW @@ -106,7 +107,7 @@ allow system_server ttyMT_device:chr_file rw_file_perms; # Operation : thermal hal Feature developing # Purpose : thermal hal interface permission allow system_server proc_mtktz:dir search; -allow system_server proc_mtktz:file r_file_perms; +#allow system_server proc_mtktz:file r_file_perms; # Date : WK16.46 # Operation: PowerManager set persist.meta.connecttype property @@ -204,7 +205,6 @@ allow system_server dhcp_data_file:file create_file_perms; # Purpose : lbs hidl interface permission hal_client_domain(system_server, mtk_hal_lbs) - # Date : WK17.12 # Operation : MT6799 SQC # Purpose : Change thermal config @@ -215,4 +215,4 @@ allow system_server mtk_thermal_config_prop:property_service set; # Operation : Migration # Purpose : perfmgr permission allow system_server proc_perfmgr:dir {read search}; -allow system_server proc_perfmgr:file {open read ioctl}; +#allow system_server proc_perfmgr:file {open read ioctl}; |