diff options
author | Shanshan Guo <shanshan.guo@mediatek.com> | 2020-03-05 13:51:30 +0800 |
---|---|---|
committer | Gerrit Code Review <gerrit@mediatek.com> | 2020-03-05 13:51:30 +0800 |
commit | 8083c1bc4d1d91cced3561ea1b455678e085bae4 (patch) | |
tree | b7daaf18c7418b680c60c542485f155894268648 | |
parent | 136d2bd7f268f16962e4cea70cda37a3563c604a (diff) | |
parent | af794b428a2fb72cb4999b2ea611f95f5a2e9489 (diff) | |
download | wembley-sepolicy-8083c1bc4d1d91cced3561ea1b455678e085bae4.tar.gz |
Merge "[ALPS05014766] SEPolicy: Modify property with new attributes" into alps-trunk-r0.mssi
-rw-r--r-- | non_plat/property.te | 569 | ||||
-rw-r--r-- | non_plat/property_contexts | 41 | ||||
-rw-r--r-- | non_plat/vendor_init.te | 27 | ||||
-rw-r--r-- | plat_private/property_contexts | 14 | ||||
-rw-r--r-- | plat_public/property.te | 27 |
5 files changed, 306 insertions, 372 deletions
diff --git a/non_plat/property.te b/non_plat/property.te index 3abf8df..5a920c3 100644 --- a/non_plat/property.te +++ b/non_plat/property.te @@ -2,323 +2,252 @@ # MTK Policy Rule # ============================================== -# MTK properties, allow all system/vendor processes to read. -type mtk_default_prop, property_type, mtk_core_property_type; - -# Date: W14.32 -# Operation: Migration -# Purpose: don't allow to use default_prop -### TBD -#neverallow { domain -init } default_prop:property_service set; -#neverallow { domain -init -system_server -recovery -system_app} ctl_default_prop:property_service set; - -#=============allow ccci_mdinit to start gsm0710muxd============== -type ctl_gsm0710muxd_prop, property_type; -type ctl_gsm0710muxd-s_prop, property_type; -type ctl_gsm0710muxd-d_prop, property_type; - -#=============allow viarild to start property============== -type ctl_viarild_prop, property_type; -#=============allow mtkrild to set persist.ril property============== -type vendor_ril_ipo_prop, property_type, mtk_core_property_type; - -#=============allow gsm0710muxd to set mux property============== -type gsm0710muxd_prop, property_type, mtk_core_property_type; - -#=============allow netlog running============== -type debug_mtklog_prop, property_type, extended_core_property_type; -type persist_mtklog_prop, property_type, extended_core_property_type; -type debug_netlog_prop, property_type, extended_core_property_type; - -#=============allow netd to set mtk_wifi.*========================= -type mtk_wifi_prop, property_type, mtk_core_property_type; - -#=============allow mdlogger============== -type debug_mdlogger_prop, property_type, extended_core_property_type; -type vendor_mdl_prop, property_type, extended_core_property_type; -type vendor_mdl_start_prop, property_type, extended_core_property_type; -type vendor_usb_prop, property_type; -type persist_mdlog_prop, property_type, extended_core_property_type; -type vendor_mdl_pulllog_prop, property_type, extended_core_property_type; - -#=============allow AEE============== -type persist_mtk_aee_prop, property_type, extended_core_property_type; -type persist_aee_prop, property_type, extended_core_property_type; -type debug_mtk_aee_prop, property_type, extended_core_property_type; - -type persist_mtk_aeev_prop, property_type, mtk_core_property_type; -type persist_aeev_prop, property_type, mtk_core_property_type; -type debug_mtk_aeev_prop, property_type, mtk_core_property_type; -type ro_mtk_aee_prop, property_type, mtk_core_property_type; - -#=============allow aee_dumpstate============== -type debug_bq_dump_prop, property_type, extended_core_property_type; - -#=============allow ccci_mdinit to stop rild============== -type ctl_ril-daemon-mtk_prop, property_type; -type ctl_fusion_ril_mtk_prop, property_type; -type ctl_ril-daemon-s_prop, property_type; -type ctl_ril-daemon-d_prop, property_type; -type ctl_ril-proxy_prop, property_type; - -#=============allow ccci_mdinit to start ccci_fsd============== -type ctl_ccci_fsd_prop, property_type; -type ctl_ccci2_fsd_prop, property_type; -type ctl_ccci3_fsd_prop, property_type; - -#=============allow ccci_mdinit to set ril_active_md_prop============== -type ril_active_md_prop, property_type, mtk_core_property_type; - -#=============allow ccci_mdinit to stop rild============== -type ril_mux_report_case_prop, property_type, mtk_core_property_type; -type ril_cdma_report_prop, property_type, mtk_core_property_type; - -#=============allow ccci_mdinit to mtk_md_prop============== -type mtk_md_prop, property_type, mtk_core_property_type; - -#=============allow mtkrild to start muxreport============== -type ctl_muxreport-daemon_prop, property_type; - -#=============allow telephony modules to set tel_switch_prop============== -type tel_switch_prop, property_type, mtk_core_property_type; - -#=============allow bootanim============== -type bootani_prop, property_type, extended_core_property_type; - -#=============allow mnld_prop============== -type mnld_prop, property_type, mtk_core_property_type; - -#=============allow audiohal============== -type audiohal_prop, property_type, mtk_core_property_type; - -#=============allow wmt============== -type wmt_prop, property_type, mtk_core_property_type; -type coredump_prop, property_type, mtk_core_property_type; - -#=============allow sensor============== -type ctl_emcsmdlogger_prop, property_type; -type ctl_eemcs_fsd_prop, property_type; - -#=============allow statusd============== -type net_cdma_mdmstat, property_type, mtk_core_property_type; - -#=============allow bt============== -type persist_bt_prop, property_type, mtk_core_property_type; - -#============= allow factory idle current prop ============== -type vendor_factory_idle_state_prop, property_type, mtk_core_property_type; - -#============= allow mobile log property =============== -type mobile_log_prop, property_type, extended_core_property_type; - -#============= allow service.nvram_init property =============== -type service_nvram_init_prop, property_type, mtk_core_property_type; - -#============= allow ro.wlan.mtk.wifi.5g property =============== -type wifi_5g_prop, property_type, mtk_core_property_type; - -#=============allow em to set client.appmode ============== -type mtk_em_prop, property_type, mtk_core_property_type; - -#=============allow mediatek_prop ============== -type mediatek_prop, property_type, mtk_core_property_type; - -#=============Property set by EM, for test/debug purpose========= -type mtk_em_sys_prop, property_type, extended_core_property_type; -type mtk_em_hidl_prop, property_type, mtk_core_property_type; - -#============= allow em set protocol =============== -type mtk_em_net_auto_tethering_prop, property_type, extended_core_property_type; - -#=============allow em set property============= -type mtk_operator_id_prop, property_type, mtk_core_property_type; - -#=============allow em set testsim.cardtype property=========== -type mtk_simswitch_emmode_prop, property_type, mtk_core_property_type; - -#=============allow em set property============= -type mtk_dsbp_support_prop, property_type, mtk_core_property_type; - -#=============allow em set property============= -type mtk_imstestmode_prop, property_type, mtk_core_property_type; - -#=============allow em set property============= -type mtk_smsformat_prop, property_type, mtk_core_property_type; - -#=============allow em set property============= -type mtk_gprs_prefer_prop, property_type, mtk_core_property_type; - -#=============allow em set property============= -type mtk_testsim_cardtype_prop, property_type, mtk_core_property_type; - -#=============allow em set property============= -type mtk_ct_ir_engmode_prop, property_type, mtk_core_property_type; - -#=============allow em set property============= -type mtk_disable_c2k_cap_prop, property_type, mtk_core_property_type; - -#=============allow em to set modem reset delay property================ -type mtk_debug_md_reset_prop, property_type, mtk_core_property_type; - -#=============allow em to set video log omx.* property================ -type mtk_omx_log_prop, property_type, mtk_core_property_type; - -#=============allow em to set vdec log property================ -type mtk_vdec_log_prop, property_type, mtk_core_property_type; - -#=============allow em to set vdectlc log property================ -type mtk_vdectlc_log_prop, property_type, mtk_core_property_type; - -#=============allow em to set venc h264 showlog property================ -type mtk_venc_h264_showlog_prop, property_type, mtk_core_property_type; - -#=============allow em to set modem warning_prop property================ -type mtk_modem_warning_prop, property_type, mtk_core_property_type; - -#=============allow em to set bgdata disabled property================ -type mtk_bgdata_disabled, property_type, extended_core_property_type; - -#=============allow em to set telecom vibrate property================ -type mtk_telecom_vibrate, property_type, extended_core_property_type; - -#=============allow em to set gprs attach type property================ -type mtk_gprs_attach_type, property_type, extended_core_property_type; - -#=============allow em to set poweroffmd property================ -type mtk_power_off_md_type, property_type, extended_core_property_type; - -#=============allow meta_tst to stop specific service =============== -type ctl_mobile_log_d_prop, property_type; -type ctl_mnld_prop, property_type; -type ctl_mobicore_prop, property_type; - -#=============allow system server to set meta_connecttype property ============== -type meta_connecttype_prop, property_type; - -#=============Telephony Sensitive property============== -type mtk_telephony_sensitive_prop, property_type; - -#=============allow processes to change thermal config================ -type mtk_thermal_config_prop, property_type; - -#=============allow composer set property ============================ -type graphics_hwc_pid_prop, property_type; -type graphics_hwc_latch_unsignaled_prop, property_type; -type graphics_hwc_hdr_prop, property_type; - -#============= mtkcam property ============================ -type mtkcam_prop, property_type; - -#============= atm modem mode property ============== -type atm_mdmode_prop, property_type; - -#============= atm ip address property ============== -type atm_ipaddr_prop, property_type; - -#=============allow consyslogger============== -type vendor_connsysfw_prop, property_type, extended_core_property_type; - -#=============radio group property============= -type vendor_radio_prop, property_type, mtk_core_property_type; - -#=============allow bluetooth============== -type vendor_bluetooth_prop, property_type, extended_core_property_type; - -#=============allow ct volte============== -type mtk_ct_volte_prop, property_type, mtk_core_property_type; - -#=============mtk ril mode property============= -type mtk_ril_mode_prop, property_type, mtk_core_property_type; -type mtk_ss_vendor_prop, property_type, mtk_core_property_type; - -#=============GPS support properties============== -type mtk_gps_support_prop, property_type, mtk_core_property_type; - -#=============mtk rat config property============= -type mtk_rat_config_prop, property_type, mtk_core_property_type; - -#=============mtk aal property============= -type mtk_aal_ro_prop, property_type, mtk_core_property_type; - -#=============mtk pq property============= -type mtk_pq_ro_prop, property_type, mtk_core_property_type; -type mtk_pq_prop, property_type, mtk_core_property_type; - -#=============mtk emmc property============= -type mtk_emmc_support_prop, property_type, mtk_core_property_type; - -#=============sim system property============= -type vendor_sim_system_prop, property_type, extended_core_property_type; - -#=============em usb property============== -type vendor_em_usb_prop, property_type, mtk_core_property_type; - -#=============allow em to set usb otg enable property ============== -type vendor_usb_otg_switch, property_type, mtk_core_property_type; - -#=============mtk anr property============= -type mtk_anr_support_prop, property_type, mtk_core_property_type; - -#=============mtk app resolution tuner property============= -type mtk_appresolutiontuner_prop, property_type, mtk_core_property_type; - -#=============mtk fullscreen switch============= -type mtk_fullscreenswitch_prop, property_type, mtk_core_property_type; - -# MTK Antutu feature -type mtk_antutu_prop, property_type, mtk_core_property_type; - -#=============mtk malloc debug switch unwind backtrace property============= -type mtk_malloc_debug_backtrace_prop, property_type, mtk_core_property_type; - -#=============MTK Voice Recognize property=========== -type mtk_voicerecgnize_prop, property_type, mtk_core_property_type; - -#=============allow radio to set/get xcap rawurl config================ -type persist_xcap_rawurl_prop, property_type, extended_core_property_type; - -#=============allow atcid============== -type persist_service_atci_prop, property_type, mtk_core_property_type; -type mtk_atci_prop, property_type, mtk_core_property_type; - -#=============allow Netd property============== -type mtk_net_ipv6_prop, property_type, mtk_core_property_type; - -#============= allow carrier express (cxp) ============== -type usp_prop, property_type, mtk_core_property_type; -type usp_srv_prop, property_type, extended_core_property_type; -type mtk_cxp_vendor_prop, property_type, mtk_core_property_type; - -#=============allow MD to set mtk_md_version_prop============== -type mtk_md_version_prop, property_type, mtk_core_property_type; - -#=============allow radio to set mtk_volte_enable property============== -type mtk_volte_prop, property_type, mtk_core_property_type; - -#=============allow AMS dynamic enable log property=========== -type mtk_amslog_prop, property_type, extended_core_property_type; - -#=============allow android log much property============== -type logmuch_prop, property_type, extended_core_property_type; - -#=============mtk bt enable SAP profile property============= -type mtk_bt_sap_enable_prop, property_type, mtk_core_property_type; - -#=============MTK powerhal property================ -type mtk_powerhal_prop, property_type; - -#=============MTK Wifi wlan_assistant property============= -type mtk_nvram_ready_prop, property_type, mtk_core_property_type; - -#=============allow wifi hotspot to read property=========== -type mtk_wifi_hotspot_prop, property_type, mtk_core_property_type; - -#=============mtk hdmi property============= -type mtk_hdmi_prop, property_type, mtk_core_property_type; - -#=============mtk nn option property============= -type mtk_nn_option_prop, property_type; - -#============system wfc service property=========== -type mtk_wfc_serv_prop, property_type; - +# system_internal_prop -- Properties used only in /system +# system_restricted_prop -- Properties which can't be written outside system +# system_public_prop -- Properties with no restrictions +# system_vendor_config_prop -- Properties which can be written only by vendor_init +# vendor_internal_prop -- Properties used only in /vendor +# vendor_restricted_prop -- Properties which can't be written outside vendor +# vendor_public_prop -- Properties with no restrictions + +# Properties used only in /vendor +vendor_internal_prop(ctl_gsm0710muxd_prop) +vendor_internal_prop(ctl_gsm0710muxd-s_prop) +vendor_internal_prop(ctl_gsm0710muxd-d_prop) +vendor_internal_prop(ctl_viarild_prop) +vendor_internal_prop(ctl_ril-daemon-mtk_prop) +vendor_internal_prop(ctl_fusion_ril_mtk_prop) +vendor_internal_prop(ctl_ril-daemon-s_prop) +vendor_internal_prop(ctl_ril-daemon-d_prop) +vendor_internal_prop(ctl_ril-proxy_prop) +vendor_internal_prop(ctl_ccci_fsd_prop) +vendor_internal_prop(ctl_ccci2_fsd_prop) +vendor_internal_prop(ctl_ccci3_fsd_prop) +vendor_internal_prop(ctl_muxreport-daemon_prop) +vendor_internal_prop(ctl_emcsmdlogger_prop) +vendor_internal_prop(ctl_eemcs_fsd_prop) +vendor_internal_prop(mtk_powerhal_prop) +vendor_internal_prop(mtk_wfc_serv_prop) +vendor_internal_prop(ctl_mdlogger_prop) +vendor_internal_prop(ctl_emdlogger1_prop) +vendor_internal_prop(ctl_emdlogger2_prop) +vendor_internal_prop(ctl_emdlogger3_prop) +vendor_internal_prop(ctl_dualmdlogger_prop) +vendor_internal_prop(init_svc_emdlogger1_prop) +vendor_internal_prop(init_svc_aee_aedv_prop) + +# Properties which can't be written outside vendor +vendor_restricted_prop(mtk_nn_option_prop) +vendor_restricted_prop(mtk_volte_prop) +vendor_restricted_prop(mtk_cxp_vendor_prop) +vendor_restricted_prop(mtk_antutu_prop) +vendor_restricted_prop(mtk_ss_vendor_prop) +vendor_restricted_prop(atm_ipaddr_prop) +vendor_restricted_prop(mtkcam_prop) +vendor_restricted_prop(graphics_hwc_hdr_prop) +vendor_restricted_prop(graphics_hwc_latch_unsignaled_prop) +vendor_restricted_prop(graphics_hwc_pid_prop) +vendor_restricted_prop(mtk_thermal_config_prop) +vendor_restricted_prop(mtk_telephony_sensitive_prop) +vendor_restricted_prop(meta_connecttype_prop) +vendor_restricted_prop(mtk_debug_md_reset_prop) +vendor_restricted_prop(wmt_prop) +vendor_restricted_prop(ril_active_md_prop) +vendor_restricted_prop(vendor_usb_prop) +vendor_restricted_prop(tel_switch_prop) +vendor_restricted_prop(mtk_nvram_ready_prop) +vendor_restricted_prop(mtk_wifi_hotspot_prop) +vendor_restricted_prop(mtk_hdmi_prop) +vendor_restricted_prop(mtk_default_prop) +vendor_restricted_prop(vendor_ril_ipo_prop) +vendor_restricted_prop(gsm0710muxd_prop) +vendor_restricted_prop(mtk_wifi_prop) +vendor_restricted_prop(persist_mtk_aeev_prop) +vendor_restricted_prop(persist_aeev_prop) +vendor_restricted_prop(debug_mtk_aeev_prop) +vendor_restricted_prop(ro_mtk_aee_prop) +vendor_restricted_prop(ril_mux_report_case_prop) +vendor_restricted_prop(ril_cdma_report_prop) +vendor_restricted_prop(mtk_md_prop) +vendor_restricted_prop(mnld_prop) +vendor_restricted_prop(audiohal_prop) +vendor_restricted_prop(coredump_prop) +vendor_restricted_prop(net_cdma_mdmstat) +vendor_restricted_prop(persist_bt_prop) +vendor_restricted_prop(vendor_factory_idle_state_prop) +vendor_restricted_prop(service_nvram_init_prop) +vendor_restricted_prop(wifi_5g_prop) +vendor_restricted_prop(mtk_em_prop) +vendor_restricted_prop(mediatek_prop) +vendor_restricted_prop(mtk_em_hidl_prop) +vendor_restricted_prop(mtk_operator_id_prop) +vendor_restricted_prop(mtk_simswitch_emmode_prop) +vendor_restricted_prop(mtk_dsbp_support_prop) +vendor_restricted_prop(mtk_imstestmode_prop) +vendor_restricted_prop(mtk_smsformat_prop) +vendor_restricted_prop(mtk_gprs_prefer_prop) +vendor_restricted_prop(mtk_testsim_cardtype_prop) +vendor_restricted_prop(mtk_ct_ir_engmode_prop) +vendor_restricted_prop(mtk_disable_c2k_cap_prop) +vendor_restricted_prop(mtk_omx_log_prop) +vendor_restricted_prop(mtk_vdec_log_prop) +vendor_restricted_prop(mtk_vdectlc_log_prop) +vendor_restricted_prop(mtk_venc_h264_showlog_prop) +vendor_restricted_prop(mtk_modem_warning_prop) +vendor_restricted_prop(ctl_mobile_log_d_prop) +vendor_restricted_prop(ctl_mnld_prop) +vendor_restricted_prop(ctl_mobicore_prop) +vendor_restricted_prop(atm_mdmode_prop) +vendor_restricted_prop(vendor_radio_prop) +vendor_restricted_prop(mtk_ct_volte_prop) +vendor_restricted_prop(mtk_ril_mode_prop) +vendor_restricted_prop(mtk_gps_support_prop) +vendor_restricted_prop(mtk_rat_config_prop) +vendor_restricted_prop(mtk_aal_ro_prop) +vendor_restricted_prop(mtk_pq_ro_prop) +vendor_restricted_prop(mtk_pq_prop) +vendor_restricted_prop(mtk_emmc_support_prop) +vendor_restricted_prop(vendor_em_usb_prop) +vendor_restricted_prop(vendor_usb_otg_switch) +vendor_restricted_prop(mtk_anr_support_prop) +vendor_restricted_prop(mtk_appresolutiontuner_prop) +vendor_restricted_prop(mtk_fullscreenswitch_prop) +vendor_restricted_prop(mtk_malloc_debug_backtrace_prop) +vendor_restricted_prop(mtk_voicerecgnize_prop) +vendor_restricted_prop(persist_service_atci_prop) +vendor_restricted_prop(mtk_atci_prop) +vendor_restricted_prop(mtk_net_ipv6_prop) +vendor_restricted_prop(usp_prop) +vendor_restricted_prop(mtk_md_version_prop) +vendor_restricted_prop(mtk_bt_sap_enable_prop) + +# Properties used only in /system +system_internal_prop(debug_mtklog_prop) +system_internal_prop(persist_mtklog_prop) +system_internal_prop(debug_netlog_prop) +system_internal_prop(debug_mdlogger_prop) +system_internal_prop(vendor_mdl_prop) +system_internal_prop(vendor_mdl_start_prop) +system_internal_prop(persist_mdlog_prop) +system_internal_prop(vendor_mdl_pulllog_prop) +system_internal_prop(persist_aee_prop) +system_internal_prop(debug_mtk_aee_prop) +system_internal_prop(debug_bq_dump_prop) +system_internal_prop(bootani_prop) +system_internal_prop(mobile_log_prop) +system_internal_prop(mtk_em_sys_prop) +system_internal_prop(mtk_em_net_auto_tethering_prop) +system_internal_prop(mtk_bgdata_disabled) +system_internal_prop(mtk_telecom_vibrate) +system_internal_prop(mtk_gprs_attach_type) +system_internal_prop(mtk_power_off_md_type) +system_internal_prop(vendor_connsysfw_prop) +system_internal_prop(vendor_bluetooth_prop) +system_internal_prop(vendor_sim_system_prop) +system_internal_prop(persist_xcap_rawurl_prop) +system_internal_prop(usp_srv_prop) +system_internal_prop(logmuch_prop) + +# Properties with no restrictions +system_public_prop(persist_mtk_aee_prop) +system_public_prop(mtk_amslog_prop) + +# Properties with can be read by all domains +typeattribute mtk_default_prop mtk_core_property_type; +typeattribute vendor_ril_ipo_prop mtk_core_property_type; +typeattribute gsm0710muxd_prop mtk_core_property_type; +typeattribute mtk_wifi_prop mtk_core_property_type; +typeattribute persist_mtk_aeev_prop mtk_core_property_type; +typeattribute persist_aeev_prop mtk_core_property_type; +typeattribute debug_mtk_aeev_prop mtk_core_property_type; +typeattribute ro_mtk_aee_prop mtk_core_property_type; +typeattribute ril_active_md_prop mtk_core_property_type; +typeattribute ril_mux_report_case_prop mtk_core_property_type; +typeattribute ril_cdma_report_prop mtk_core_property_type; +typeattribute mtk_md_prop mtk_core_property_type; +typeattribute tel_switch_prop mtk_core_property_type; +typeattribute mnld_prop mtk_core_property_type; +typeattribute audiohal_prop mtk_core_property_type; +typeattribute wmt_prop mtk_core_property_type; +typeattribute coredump_prop mtk_core_property_type; +typeattribute net_cdma_mdmstat mtk_core_property_type; +typeattribute persist_bt_prop mtk_core_property_type; +typeattribute vendor_factory_idle_state_prop mtk_core_property_type; +typeattribute service_nvram_init_prop mtk_core_property_type; +typeattribute wifi_5g_prop mtk_core_property_type; +typeattribute mtk_em_prop mtk_core_property_type; +typeattribute mediatek_prop mtk_core_property_type; +typeattribute mtk_em_hidl_prop mtk_core_property_type; +typeattribute mtk_operator_id_prop mtk_core_property_type; +typeattribute mtk_simswitch_emmode_prop mtk_core_property_type; +typeattribute mtk_dsbp_support_prop mtk_core_property_type; +typeattribute mtk_imstestmode_prop mtk_core_property_type; +typeattribute mtk_smsformat_prop mtk_core_property_type; +typeattribute mtk_gprs_prefer_prop mtk_core_property_type; +typeattribute mtk_testsim_cardtype_prop mtk_core_property_type; +typeattribute mtk_ct_ir_engmode_prop mtk_core_property_type; +typeattribute mtk_disable_c2k_cap_prop mtk_core_property_type; +typeattribute mtk_debug_md_reset_prop mtk_core_property_type; +typeattribute mtk_omx_log_prop mtk_core_property_type; +typeattribute mtk_vdec_log_prop mtk_core_property_type; +typeattribute mtk_vdectlc_log_prop mtk_core_property_type; +typeattribute mtk_venc_h264_showlog_prop mtk_core_property_type; +typeattribute mtk_modem_warning_prop mtk_core_property_type; +typeattribute vendor_radio_prop mtk_core_property_type; +typeattribute mtk_ct_volte_prop mtk_core_property_type; +typeattribute mtk_ril_mode_prop mtk_core_property_type; +typeattribute mtk_ss_vendor_prop mtk_core_property_type; +typeattribute mtk_gps_support_prop mtk_core_property_type; +typeattribute mtk_rat_config_prop mtk_core_property_type; +typeattribute mtk_aal_ro_prop mtk_core_property_type; +typeattribute mtk_pq_ro_prop mtk_core_property_type; +typeattribute mtk_pq_prop mtk_core_property_type; +typeattribute mtk_emmc_support_prop mtk_core_property_type; +typeattribute vendor_em_usb_prop mtk_core_property_type; +typeattribute vendor_usb_otg_switch mtk_core_property_type; +typeattribute mtk_anr_support_prop mtk_core_property_type; +typeattribute mtk_appresolutiontuner_prop mtk_core_property_type; +typeattribute mtk_fullscreenswitch_prop mtk_core_property_type; +typeattribute mtk_antutu_prop mtk_core_property_type; +typeattribute mtk_malloc_debug_backtrace_prop mtk_core_property_type; +typeattribute mtk_voicerecgnize_prop mtk_core_property_type; +typeattribute persist_service_atci_prop mtk_core_property_type; +typeattribute mtk_atci_prop mtk_core_property_type; +typeattribute mtk_net_ipv6_prop mtk_core_property_type; +typeattribute usp_prop mtk_core_property_type; +typeattribute mtk_cxp_vendor_prop mtk_core_property_type; +typeattribute mtk_md_version_prop mtk_core_property_type; +typeattribute mtk_volte_prop mtk_core_property_type; +typeattribute mtk_bt_sap_enable_prop mtk_core_property_type; +typeattribute mtk_nvram_ready_prop mtk_core_property_type; +typeattribute mtk_wifi_hotspot_prop mtk_core_property_type; +typeattribute mtk_hdmi_prop mtk_core_property_type; + +# Properties with can't be accessed by device-sepcific domains +typeattribute debug_mtklog_prop extended_core_property_type; +typeattribute persist_mtklog_prop extended_core_property_type; +typeattribute debug_netlog_prop extended_core_property_type; +typeattribute debug_mdlogger_prop extended_core_property_type; +typeattribute vendor_mdl_prop extended_core_property_type; +typeattribute vendor_mdl_start_prop extended_core_property_type; +typeattribute persist_mdlog_prop extended_core_property_type; +typeattribute vendor_mdl_pulllog_prop extended_core_property_type; +typeattribute persist_mtk_aee_prop extended_core_property_type; +typeattribute persist_aee_prop extended_core_property_type; +typeattribute debug_mtk_aee_prop extended_core_property_type; +typeattribute debug_bq_dump_prop extended_core_property_type; +typeattribute bootani_prop extended_core_property_type; +typeattribute mobile_log_prop extended_core_property_type; +typeattribute mtk_em_sys_prop extended_core_property_type; +typeattribute mtk_em_net_auto_tethering_prop extended_core_property_type; +typeattribute mtk_bgdata_disabled extended_core_property_type; +typeattribute mtk_telecom_vibrate extended_core_property_type; +typeattribute mtk_gprs_attach_type extended_core_property_type; +typeattribute mtk_power_off_md_type extended_core_property_type; +typeattribute vendor_connsysfw_prop extended_core_property_type; +typeattribute vendor_bluetooth_prop extended_core_property_type; +typeattribute vendor_sim_system_prop extended_core_property_type; +typeattribute persist_xcap_rawurl_prop extended_core_property_type; +typeattribute usp_srv_prop extended_core_property_type; +typeattribute mtk_amslog_prop extended_core_property_type; +typeattribute logmuch_prop extended_core_property_type; diff --git a/non_plat/property_contexts b/non_plat/property_contexts index aec00cb..60e8c63 100644 --- a/non_plat/property_contexts +++ b/non_plat/property_contexts @@ -1,10 +1,10 @@ # ============================================== # MTK Policy Rule # ============================================== + #=============allow ccci_mdinit to start gsm0710muxd============== ctl.vendor.gsm0710muxd u:object_r:ctl_gsm0710muxd_prop:s0 - #=============allow mtkrild to set persist.ril property============== vendor.ril.ipo u:object_r:vendor_ril_ipo_prop:s0 @@ -22,7 +22,6 @@ persist.vendor.usb. u:object_r:vendor_usb_prop:s0 persist.vendor.mdl u:object_r:persist_mdlog_prop:s0 vendor.pullmdlog u:object_r:vendor_mdl_pulllog_prop:s0 - #=============allow AEE============== # persist.vendor.mtk.aee.mode && persist.vendor.mtk.aee.dal persist.vendor.mtk.aee. u:object_r:persist_mtk_aee_prop:s0 @@ -104,11 +103,9 @@ persist.vendor.connsys.coredump.mode u:object_r:coredump_prop:s0 persist.vendor.connsys. u:object_r:wmt_prop:s0 vendor.connsys. u:object_r:wmt_prop:s0 - #=============allow c2k_prop ============== vendor.net.cdma.mdmstat u:object_r:net_cdma_mdmstat:s0 - #=============allow ccci_mdinit md status ============== vendor.mtk.md u:object_r:mtk_md_prop:s0 #============= allow factory idle current prop ============== @@ -120,7 +117,6 @@ vendor.MB. u:object_r:mobile_log_prop:s0 #=============allow service.nvram_init property================ vendor.service.nvram_init u:object_r:service_nvram_init_prop:s0 - #=============Allow EM To Set Camera APP Mode ============== vendor.client. u:object_r:mtk_em_prop:s0 @@ -192,7 +188,6 @@ persist.vendor.radio.gprs.attach.type u:object_r:mtk_gprs_attach_type:s0 vendor.ril.test.poweroffmd u:object_r:mtk_power_off_md_type:s0 vendor.ril.testmode u:object_r:mtk_power_off_md_type:s0 - #=============allow system server to set meta_connecttype property ============== persist.vendor.meta.connecttype u:object_r:meta_connecttype_prop:s0 @@ -235,7 +230,7 @@ ro.boot.atm u:object_r:mtk_default_prop:s0 #=============allow consyslogger============== vendor.connsysfw u:object_r:vendor_connsysfw_prop:s0 -#============Label telephony property=======# +#============Label telephony property======= vendor.ril. u:object_r:vendor_radio_prop:s0 ro.vendor.ril. u:object_r:vendor_radio_prop:s0 vendor.gsm. u:object_r:vendor_radio_prop:s0 @@ -247,7 +242,7 @@ vendor.bthcisnoop u:object_r:vendor_bluetooth_prop:s0 #=============allow ct volte============== persist.vendor.mtk_ct_volte_support u:object_r:mtk_ct_volte_prop:s0 -#============Label mtk ril mode=======# +#============Label mtk ril mode======= ro.vendor.mtk_ril_mode u:object_r:mtk_ril_mode_prop:s0 #=============GPS support properties============== @@ -256,15 +251,15 @@ ro.vendor.mtk_agps_app u:object_r:mtk_gps_support_prop:s0 ro.vendor.mtk_log_hide_gps u:object_r:mtk_gps_support_prop:s0 ro.vendor.mtk_hidl_consolidation u:object_r:mtk_gps_support_prop:s0 -#============allow rat config=======# +#============allow rat config======= ro.vendor.mtk_protocol1_rat_config u:object_r:mtk_rat_config_prop:s0 -#=============allow mtk aal==============# +#=============allow mtk aal============== ro.vendor.mtk_aal_support u:object_r:mtk_aal_ro_prop:s0 ro.vendor.mtk_ultra_dimming_support u:object_r:mtk_aal_ro_prop:s0 ro.vendor.mtk_dre30_support u:object_r:mtk_aal_ro_prop:s0 -#=============allow mtk pq==============# +#=============allow mtk pq============== persist.vendor.sys.pq. u:object_r:mtk_pq_prop:s0 vendor.debug.pq. u:object_r:mtk_pq_prop:s0 persist.vendor.sys.isp. u:object_r:mtk_pq_prop:s0 @@ -292,7 +287,7 @@ ro.vendor.mtk_disable_cap_switch u:object_r:mtk_default_prop:s0 ro.vendor.mtk_sim_card_onoff u:object_r:mtk_default_prop:s0 ro.vendor.mtk_perf_plus u:object_r:mtk_default_prop:s0 -#============mtk emmc=======# +#============mtk emmc======= ro.vendor.mtk_emmc_support u:object_r:mtk_emmc_support_prop:s0 # MTK connsys log feature @@ -305,7 +300,7 @@ vendor.em.usb. u:object_r:vendor_em_usb_prop:s0 #=============allow em to set usb otg switch property ============== persist.vendor.usb.otg.switch u:object_r:vendor_usb_otg_switch:s0 -#============mtk rsc========# +#============mtk rsc======== ro.boot.rsc u:object_r:mtk_default_prop:s0 #=============mtk anr property============= @@ -326,15 +321,15 @@ persist.vendor.ss. u:object_r:mtk_ss_vendor_prop:s0 # MTK Antutu feature ro.vendor.net.upload.benchmark.default u:object_r:mtk_antutu_prop:s0 -#=============malloc debug unwind backtrace switch property==============# +#=============malloc debug unwind backtrace switch property============== vendor.debug.malloc.bt.switch u:object_r:mtk_malloc_debug_backtrace_prop:s0 -#=============allow gmo====================# +#=============allow gmo==================== ro.vendor.gmo.ram_optimize u:object_r:mtk_default_prop:s0 ro.vendor.gmo.rom_optimize u:object_r:mtk_default_prop:s0 ro.vendor.mtk_config_max_dram_size u:object_r:mtk_default_prop:s0 -#=============MTK Voice Recognize property===========# +#=============MTK Voice Recognize property=========== vendor.voicerecognize.raw u:object_r:mtk_voicerecgnize_prop:s0 vendor.voicerecognize_data.raw u:object_r:mtk_voicerecgnize_prop:s0 vendor.voicerecognize.noDL u:object_r:mtk_voicerecgnize_prop:s0 @@ -342,7 +337,7 @@ vendor.voicerecognize.noDL u:object_r:mtk_voicerecgnize_prop:s0 #=============allow radio to set/get xcap rawurl config================ persist.vendor.mtk.xcap.rawurl u:object_r:persist_xcap_rawurl_prop:s0 -#=============mtk bt enable SAP profile property=============# +#=============mtk bt enable SAP profile property============= ro.vendor.mtk.bt_sap_enable u:object_r:mtk_bt_sap_enable_prop:s0 #=============allow processes to change powerhal config================ @@ -355,12 +350,20 @@ vendor.mtk.nvram.ready u:object_r:mtk_nvram_ready_prop:s0 #=============Wi-Fi Hotspot============== ro.vendor.wifi.sap.interface u:object_r:mtk_wifi_hotspot_prop:s0 -#=============allow mtk hdmi==============# +#=============allow mtk hdmi============== persist.vendor.sys.hdmi_hidl. u:object_r:mtk_hdmi_prop:s0 -#=============mtk nn option==============# +#=============mtk nn option============== ro.vendor.mtk_nn.option u:object_r:mtk_nn_option_prop:s0 #============system wfc service property=========== persist.vendor.wfc. u:object_r:mtk_wfc_serv_prop:s0 +#=============allow ccci_mdinit to ctl. mdlogger============== +ctl.mdlogger u:object_r:ctl_mdlogger_prop:s0 +ctl.emdlogger1 u:object_r:ctl_emdlogger1_prop:s0 +ctl.emdlogger2 u:object_r:ctl_emdlogger2_prop:s0 +ctl.emdlogger3 u:object_r:ctl_emdlogger3_prop:s0 + +init.svc.emdlogger1 u:object_r:init_svc_emdlogger1_prop:s0 +init.svc.aee_aedv u:object_r:init_svc_aee_aedv_prop:s0 diff --git a/non_plat/vendor_init.te b/non_plat/vendor_init.te index 3121190..783f6c9 100644 --- a/non_plat/vendor_init.te +++ b/non_plat/vendor_init.te @@ -1,16 +1,16 @@ -#allow vendor_init exported3_system_prop:property_service set; -#allow vendor_init dalvik_prop:property_service set; - -#allow vendor_init ffs_prop:property_service set; -allow vendor_init mediatek_prop:property_service set; -allow vendor_init mtk_md_version_prop:property_service set; -allow vendor_init mtk_volte_prop:property_service set; -allow vendor_init vendor_radio_prop:property_service set; -allow vendor_init mtk_ril_mode_prop:property_service set; -allow vendor_init wmt_prop:property_service set; -allow vendor_init coredump_prop:property_service set; +# ============================================== +# MTK Policy Rule +# ============================================== + +set_prop(vendor_init, mediatek_prop) +set_prop(vendor_init, mtk_md_version_prop) +set_prop(vendor_init, mtk_volte_prop) +set_prop(vendor_init, vendor_radio_prop) +set_prop(vendor_init, mtk_ril_mode_prop) +set_prop(vendor_init, wmt_prop) +set_prop(vendor_init, coredump_prop) + allow vendor_init proc_wmtdbg:file w_file_perms; -#allow vendor_init vold_prop:property_service set; allow vendor_init proc_cpufreq:file w_file_perms; allow vendor_init proc_bootprof:file write; @@ -33,7 +33,6 @@ set_prop(vendor_init, mtk_aal_ro_prop) set_prop(vendor_init, mtk_pq_ro_prop) set_prop(vendor_init, mtk_default_prop) set_prop(vendor_init, mtk_nn_option_prop) - set_prop(vendor_init, mtk_emmc_support_prop) set_prop(vendor_init, mtk_anr_support_prop) set_prop(vendor_init, mtk_antutu_prop) @@ -70,9 +69,7 @@ allow vendor_init kernel:key search; allow vendor_init expdb_block_device:blk_file rw_file_perms; set_prop(vendor_init, mtk_wifi_hotspot_prop) - set_prop(vendor_init, persist_aeev_prop) - set_prop(vendor_init, mtk_powerhal_prop) # mmstat tracer diff --git a/plat_private/property_contexts b/plat_private/property_contexts index b85131f..e5bb3c3 100644 --- a/plat_private/property_contexts +++ b/plat_private/property_contexts @@ -1,11 +1,6 @@ -#=============allow ccci_mdinit to ctl. mdlogger============== -ctl.mdlogger u:object_r:ctl_mdlogger_prop:s0 -ctl.emdlogger1 u:object_r:ctl_emdlogger1_prop:s0 -ctl.emdlogger2 u:object_r:ctl_emdlogger2_prop:s0 -ctl.emdlogger3 u:object_r:ctl_emdlogger3_prop:s0 - -init.svc.emdlogger1 u:object_r:init_svc_emdlogger1_prop:s0 -init.svc.aee_aedv u:object_r:init_svc_aee_aedv_prop:s0 +# ============================================== +# MTK Policy Rule +# ============================================== #allow mtk audio hidl service to read "ro.audio.usb.period_us" ro.audio.usb.period_us u:object_r:exported_default_prop:s0 exact int @@ -13,6 +8,5 @@ ro.audio.usb.period_us u:object_r:exported_default_prop:s0 exact int #allow adb daemon to read "persist.adb.nonblocking_ffs" persist.adb.nonblocking_ffs u:object_r:exported_default_prop:s0 exact int -#============system fingerprint property===========# +#============system fingerprint property=========== ro.system.build.fingerprint u:object_r:exported_fingerprint_prop:s0 exact string - diff --git a/plat_public/property.te b/plat_public/property.te index 976018b..03e0d0e 100644 --- a/plat_public/property.te +++ b/plat_public/property.te @@ -1,9 +1,20 @@ -#=============allow ccci_mdinit to ctl. mdlogger============== -type ctl_mdlogger_prop, property_type; -type ctl_emdlogger1_prop, property_type; -type ctl_emdlogger2_prop, property_type; -type ctl_emdlogger3_prop, property_type; -type ctl_dualmdlogger_prop, property_type; +# ============================================== +# MTK Policy Rule +# ============================================== -type init_svc_emdlogger1_prop, property_type; -type init_svc_aee_aedv_prop, property_type;
\ No newline at end of file +# system_internal_prop -- Properties used only in /system +# system_restricted_prop -- Properties which can't be written outside system +# system_public_prop -- Properties with no restrictions +# system_vendor_config_prop -- Properties which can be written only by vendor_init +# vendor_internal_prop -- Properties used only in /vendor +# vendor_restricted_prop -- Properties which can't be written outside vendor +# vendor_public_prop -- Properties with no restrictions + +# TODO(b/131162102): uncomment these after assigning ownership attributes to all properties +#typeattribute vendor_default_prop vendor_property_type; +#neverallow domain { +# property_type +# -system_property_type +# -product_property_type +# -vendor_property_type +#}:file no_rw_file_perms; |