diff options
author | Shanshan Guo <Shanshan.Guo@mediatek.com> | 2020-03-04 14:49:32 +0800 |
---|---|---|
committer | Shanshan Guo <Shanshan.Guo@mediatek.com> | 2020-03-05 11:44:44 +0800 |
commit | af794b428a2fb72cb4999b2ea611f95f5a2e9489 (patch) | |
tree | 4ea4d858f4c7438dde78026ad1650362a4c33e2f /plat_public/property.te | |
parent | 8c2ce28a36be318fd5ff2e224b2fb0dfc25f3d6e (diff) | |
download | wembley-sepolicy-af794b428a2fb72cb4999b2ea611f95f5a2e9489.tar.gz |
[ALPS05014766] SEPolicy: Modify property with new attributes
[Detail]
In AOSP/1097032 and AOSP/1128792, there are new attributes and neverallow
rules with property.
The MTK sepolicies of properties need some modification for them.
[Solution]
Modify MTK sepolicies of properties.
Change-Id: I0a78d4e974d57c6d328991a791918ffa6a12008b
CR-Id: ALPS05014766
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
Diffstat (limited to 'plat_public/property.te')
-rw-r--r-- | plat_public/property.te | 27 |
1 files changed, 19 insertions, 8 deletions
diff --git a/plat_public/property.te b/plat_public/property.te index 976018b..03e0d0e 100644 --- a/plat_public/property.te +++ b/plat_public/property.te @@ -1,9 +1,20 @@ -#=============allow ccci_mdinit to ctl. mdlogger============== -type ctl_mdlogger_prop, property_type; -type ctl_emdlogger1_prop, property_type; -type ctl_emdlogger2_prop, property_type; -type ctl_emdlogger3_prop, property_type; -type ctl_dualmdlogger_prop, property_type; +# ============================================== +# MTK Policy Rule +# ============================================== -type init_svc_emdlogger1_prop, property_type; -type init_svc_aee_aedv_prop, property_type;
\ No newline at end of file +# system_internal_prop -- Properties used only in /system +# system_restricted_prop -- Properties which can't be written outside system +# system_public_prop -- Properties with no restrictions +# system_vendor_config_prop -- Properties which can be written only by vendor_init +# vendor_internal_prop -- Properties used only in /vendor +# vendor_restricted_prop -- Properties which can't be written outside vendor +# vendor_public_prop -- Properties with no restrictions + +# TODO(b/131162102): uncomment these after assigning ownership attributes to all properties +#typeattribute vendor_default_prop vendor_property_type; +#neverallow domain { +# property_type +# -system_property_type +# -product_property_type +# -vendor_property_type +#}:file no_rw_file_perms; |