diff options
author | Shanshan Guo <Shanshan.Guo@mediatek.com> | 2020-01-10 16:22:03 +0800 |
---|---|---|
committer | Shanshan Guo <Shanshan.Guo@mediatek.com> | 2020-01-10 17:40:44 +0800 |
commit | 86296cf74da59aa881bb2ae8ad868195b67079d5 (patch) | |
tree | 74f3d7b383742c40b0869b9702ceabd94f227258 /r_non_plat/hal_mms.te | |
parent | 053b034ad55c86133fa7d13d4d65016e2e4bd480 (diff) | |
download | wembley-sepolicy-86296cf74da59aa881bb2ae8ad868195b67079d5.tar.gz |
[ALPS04967419] SEPolicy: Add neverallow rule for sysfs
[Detail]
Do not allow access to the generic sysfs label. This is too broad.
Instead, if access to part of sysfs is desired, it should have a
more specific label.
TODO: Remove hal_usb/mtk_hal_usb and so on once there are no violations.
EX.
allow hal_usb sysfs:file write;
hal_server_domain(mtk_hal_usb, hal_usb)
r_dir_file(hal_wifi, sysfs_type)
hal_server_domain(mtk_hal_wifi, hal_wifi)
[Solution]
1.Add neverallow rule for sysfs.
2.Remove the conflicting SEPolicies.
Change-Id: I304a1a87b23623e320ff7346da9d10a09264152b
CR-Id: ALPS04967419
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
Diffstat (limited to 'r_non_plat/hal_mms.te')
0 files changed, 0 insertions, 0 deletions