Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9e3bb7a2 authored Jan 26, 2023 by Jackeagle

GS290: Enforce Selinux



Change-Id: I4caab324ec18fc0d6fb1066ae4764ee362baf5d8
Signed-off-by: Jackeagle <jackeagle102@gmail.com>

parent a42921f2

BoardConfig.mk

+1 −0

Original line number	Original line	Diff line number	Diff line
	@@ -126,6 +126,7 @@ VENDOR_SECURITY_PATCH := 2021-12-05
	# SELinux		# SELinux
	include device/mediatek/sepolicy_vndr/SEPolicy.mk		include device/mediatek/sepolicy_vndr/SEPolicy.mk
	BOARD_SEPOLICY_DIRS += $(DEVICE_PATH)/sepolicy/vendor		BOARD_SEPOLICY_DIRS += $(DEVICE_PATH)/sepolicy/vendor
			BOARD_PLAT_PRIVATE_SEPOLICY_DIR += $(DEVICE_PATH)/sepolicy/private

	# Android Verified Boot		# Android Verified Boot
	BOARD_AVB_ENABLE := true		BOARD_AVB_ENABLE := true

sepolicy/private/system_app.te

0 → 100644

+1 −0

Original line number	Original line	Diff line number	Diff line
			binder_call(system_app, storaged)

sepolicy/private/uncrypt.te

0 → 100644

+1 −0

Original line number	Original line	Diff line number	Diff line
			allow uncrypt self:capability { sys_admin };

sepolicy/vendor/cameraserver.te

0 → 100644

+9 −0

Original line number	Original line	Diff line number	Diff line
			allow cameraserver init:unix_stream_socket connectto;
			allow cameraserver property_socket:sock_file write;

			# Prop policies
			get_prop(cameraserver, mtk_camera_prop)
			get_prop(cameraserver, exported_default_prop)
			get_prop(cameraserver, vendor_audio_prop)
			get_prop(cameraserver, vendor_default_prop)
			set_prop(cameraserver, system_prop)

sepolicy/vendor/device.te

0 → 100644

+1 −0

Original line number	Original line	Diff line number	Diff line
			type fp_device, dev_type;