SELINUX 018

To list

1. access vector binder receive 삭제

2. unconfined domain 추가

• Adbd

• Platform_app
• Media_app
• Shared_app
• Release_app
• Isolated_app
• Untrusted_app

• Bluetooth
• Dbusd
• Deburged
• Dhcp
• Drmserver
• Gpsd
• Installd
• Keystore
• Media_server
• Mtp
• Netd
• Qemud

3. 타입 추가

• Sensors
• Owntty_device
• Iio_device
• Ion_device
• Watchdog_device
• Uhid_device
• Tun_device
• Usbaccessory_device
• Klog_device
• Properties_device
•  

4. Domain.te 삭제
5. File_context 변경

• 추가

/                        u:object_r:rootfs:s0

# Data files

/adb_keys                u:object_r:rootfs:s0

/default.prop                u:object_r:rootfs:s0

/fstab\..*                u:object_r:rootfs:s0

/init\..*                u:object_r:rootfs:s0

/res(/.*)?                u:object_r:rootfs:s0

/ueventd\..*                u:object_r:rootfs:s0

# Executables

/charger                u:object_r:rootfs:s0

/init                        u:object_r:rootfs:s0

/sbin(/.*)?                u:object_r:rootfs:s0

# Empty directories

/lost\+found                u:object_r:rootfs:s0

/proc                        u:object_r:rootfs:s0

/sys                        u:object_r:rootfs:s0

# SELinux policy files

/file_contexts                u:object_r:rootfs:s0

/property_contexts        u:object_r:rootfs:s0

/seapp_contexts                u:object_r:rootfs:s0

/sepolicy                u:object_r:rootfs:s0

/dev/bus/usb(.*)?       u:object_r:usb_device:s0

/dev/iio:device[0-9]+   u:object_r:iio_device:s0

/dev/mpu                u:object_r:gps_device:s0

/dev/mpuirq                u:object_r:gps_device:s0

/dev/socket/adbd        u:object_r:adbd_socket:s0

/dev/socket/racoon        u:object_r:racoon_socket:s0

/dev/tty                u:object_r:owntty_device:s0

/dev/tun                u:object_r:tun_device:s0

/dev/uhid                u:object_r:uhid_device:s0

/dev/usb_accessory        u:object_r:usbaccessory_device:s0

/dev/watchdog                u:object_r:watchdog_device:s0

/dev/__kmsg__                u:object_r:klog_device:s0

/dev/__properties__ u:object_r:properties_device:s0

/system/bin/run-as        --        u:object_r:runas_exec:s0

/system/bin/bluetoothd        u:object_r:bluetoothd_exec:s0

/system/bin/racoon        u:object_r:racoon_exec:s0

/system/bin/ping    u:object_r:ping_exec:s0

/vendor(/.*)?                u:object_r:system_file:s0

/vendor/bin/gpsd        u:object_r:gpsd_exec:s0

/data/backup(/.*)?                u:object_r:backup_data_file:s0

/data/secure/backup(/.*)?        u:object_r:backup_data_file:s0

/data/security(/.*)?        u:object_r:security_file:s0

/data/app-private(/.*)?                u:object_r:apk_private_data_file:s0

/data/app-private/vmdl.*\.tmp        u:object_r:apk_private_tmp_file:s0

/data/local/tmp(/.*)?        u:object_r:shell_data_file:s0

/data/local/tmp/selinux(/.*)?   u:object_r:tombstone_data_file:s0

/data/misc/bluetoothd(/.*)?        u:object_r:bluetoothd_data_file:s0

/data/misc/bluedroid(/.*)?        u:object_r:bluetooth_data_file:s0

# Wallpaper file for other users

/data/system/users/[0-9]+/wallpaper                u:object_r:wallpaper_file:s0

# Downloaded files

/data/data/com.android.providers.downloads/cache u:object_r:download_file:s0

/cache/.*\.data        u:object_r:cache_backup_file:s0

/cache/.*\.restore        u:object_r:cache_backup_file:s0

# LocalTransport (backup) uses this directory

/cache/backup(/.*)?        u:object_r:cache_backup_file:s0

/sys/class/rfkill/rfkill[0-9]*/state -- u:object_r:sysfs_bluetooth_writable:s0

/sys/class/rfkill/rfkill[0-9]*/type -- u:object_r:sysfs_bluetooth_writable:s0

/mnt/asec(/.*)?         u:object_r:asec_apk_file:s0

/data/app-asec(/.*)?    u:object_r:asec_image_file:s0

6. Permissive keyword 추가
7. Keys.conf 추가