From 19278eadb7862ede48c1f9f441bcba4cdb350bfe Mon Sep 17 00:00:00 2001 From: Freddy Hsin Date: Sat, 18 Jan 2020 10:22:40 +0800 Subject: [ALPS04961200] recovery: replace sysfs_mmcblk selinux label with sysfs_mmcblk_block replace sysfs_mmcblk selinux label with sysfs_mmcblk_block to prevent volds permission denied warning message MTK-Commit-Id: bfb3be5049a1216d5363f99c8bedc77158125f06 Change-Id: Ib17a830434ae72de2bf40445415dad98464b1372 CR-Id: ALPS04961200 Feature: [Android Default] SIU (SD Image Update) --- non_plat/atcid.te | 4 ++-- non_plat/ccci_fsd.te | 4 ++-- non_plat/factory.te | 4 ++-- non_plat/genfs_contexts | 12 ++++++------ non_plat/mtk_hal_power.te | 4 ++-- non_plat/recovery.te | 6 +++--- 6 files changed, 17 insertions(+), 17 deletions(-) diff --git a/non_plat/atcid.te b/non_plat/atcid.te index 12ea05c..9503a4f 100644 --- a/non_plat/atcid.te +++ b/non_plat/atcid.te @@ -63,8 +63,8 @@ allow atcid nvdata_file:file { open read write create getattr setattr }; allow atcid nvram_device:blk_file { open read write }; allow atcid proc_meminfo:file { open read }; allow atcid sysfs_batteryinfo:dir search; -allow atcid sysfs_mmcblk:dir search; -allow atcid sysfs_mmcblk:file { read open }; +allow atcid sysfs_devices_block:dir search; +allow atcid sysfs_devices_block:file { read open }; # Date : WK18.35 # Purpose: Add socket for TelephonyWare ATCI diff --git a/non_plat/ccci_fsd.te b/non_plat/ccci_fsd.te index 1adab51..a3cf5eb 100644 --- a/non_plat/ccci_fsd.te +++ b/non_plat/ccci_fsd.te @@ -64,5 +64,5 @@ allow ccci_fsd proc_lk_env:file rw_file_perms; #============= ccci_fsd MD Low Power Monitor Related ============== allow ccci_fsd ccci_data_md1_file:dir create_dir_perms; allow ccci_fsd ccci_data_md1_file:file create_file_perms; -allow ccci_fsd sysfs_mmcblk:dir search; -allow ccci_fsd sysfs_mmcblk:file { read getattr open }; +allow ccci_fsd sysfs_devices_block:dir search; +allow ccci_fsd sysfs_devices_block:file { read getattr open }; diff --git a/non_plat/factory.te b/non_plat/factory.te index 065e5a8..e788f8b 100644 --- a/non_plat/factory.te +++ b/non_plat/factory.te @@ -370,8 +370,8 @@ allow factory vendor_data_file:file { create read write open }; # Date : WK18.31 # Operation: P migration # Purpose : Refine policy -allow factory sysfs_mmcblk:dir { search }; -allow factory sysfs_mmcblk:file { read getattr open }; +allow factory sysfs_devices_block:dir { search }; +allow factory sysfs_devices_block:file { read getattr open }; # Date : WK18.37 # Operation: P migration diff --git a/non_plat/genfs_contexts b/non_plat/genfs_contexts index bcc6d94..86453af 100644 --- a/non_plat/genfs_contexts +++ b/non_plat/genfs_contexts @@ -155,12 +155,12 @@ genfscon sysfs /devices/platform/battery/disable_nafg u:object_r:sysfs_dis_nafg: # Date : 2019/07/03 # Purpose: SIU update mmcblk access -genfscon sysfs /devices/platform/bootdevice/mmc_host/mmc0/mmc0:0001/block/mmcblk0 u:object_r:sysfs_mmcblk:s0 -genfscon sysfs /devices/bootdevice/mmc_host/mmc0/mmc0:0001/block/mmcblk0 u:object_r:sysfs_mmcblk:s0 -#genfscon sysfs /devices/platform/mtk-msdc.0/11230000.msdc0/mmc_host/mmc0/mmc0:0001/block/mmcblk0 u:object_r:sysfs_mmcblk:s0 -genfscon sysfs /devices/platform/bootdevice/host0/target0:0:0/0:0:0:0/block/sda u:object_r:sysfs_mmcblk:s0 -genfscon sysfs /devices/platform/bootdevice/host0/target0:0:0/0:0:0:1/block/sdb u:object_r:sysfs_mmcblk:s0 -genfscon sysfs /devices/platform/bootdevice/host0/target0:0:0/0:0:0:2/block/sdc u:object_r:sysfs_mmcblk:s0 +genfscon sysfs /devices/platform/bootdevice/mmc_host/mmc0/mmc0:0001/block/mmcblk0 u:object_r:sysfs_devices_block:s0 +genfscon sysfs /devices/mtk-msdc.0/11230000.msdc0/mmc_host/mmc0/mmc0:0001/block/mmcblk0 u:object_r:sysfs_devices_block:s0 +genfscon sysfs /devices/platform/mtk-msdc.0/11230000.msdc0/mmc_host/mmc0/mmc0:0001/block/mmcblk0 u:object_r:sysfs_devices_block:s0 +genfscon sysfs /devices/platform/bootdevice/host0/target0:0:0/0:0:0:0/block/sda u:object_r:sysfs_devices_block:s0 +genfscon sysfs /devices/platform/bootdevice/host0/target0:0:0/0:0:0:1/block/sdb u:object_r:sysfs_devices_block:s0 +genfscon sysfs /devices/platform/bootdevice/host0/target0:0:0/0:0:0:2/block/sdc u:object_r:sysfs_devices_block:s0 # Date : 2019/07/12 # Purpose:dumpstate mmcblk1 access diff --git a/non_plat/mtk_hal_power.te b/non_plat/mtk_hal_power.te index 9689a14..d6de04d 100644 --- a/non_plat/mtk_hal_power.te +++ b/non_plat/mtk_hal_power.te @@ -118,8 +118,8 @@ allow mtk_hal_power rild:unix_stream_socket connectto; # Purpose : Allow powerHAL to access block read ahead allow mtk_hal_power sysfs_dm:dir r_dir_perms; allow mtk_hal_power sysfs_dm:file rw_file_perms; -allow mtk_hal_power sysfs_mmcblk:dir r_dir_perms; -allow mtk_hal_power sysfs_mmcblk:file rw_file_perms; +allow mtk_hal_power sysfs_devices_block:dir r_dir_perms; +allow mtk_hal_power sysfs_devices_block:file rw_file_perms; allow mtk_hal_power debugfs_eara_thermal:dir search; allow mtk_hal_power debugfs_eara_thermal:file { getattr open write read }; diff --git a/non_plat/recovery.te b/non_plat/recovery.te index a130f89..4d807ec 100644 --- a/non_plat/recovery.te +++ b/non_plat/recovery.te @@ -16,9 +16,9 @@ allow recovery self:capability sys_resource; allow recovery misc_sd_device:chr_file rw_file_perms; allow recovery vfat:dir r_dir_perms; allow recovery vfat:file r_file_perms; -allow recovery sysfs_mmcblk:dir r_dir_perms; -allow recovery sysfs_mmcblk:file rw_file_perms; -allow recovery sysfs_mmcblk:lnk_file r_file_perms; +allow recovery sysfs_devices_block:dir r_dir_perms; +allow recovery sysfs_devices_block:file rw_file_perms; +allow recovery sysfs_devices_block:lnk_file r_file_perms; # Date : WK18.25 # Operation : UT -- cgit v1.2.3