From 239ef9d5022aa27ea44c148deb4eea30e3bcd2d9 Mon Sep 17 00:00:00 2001 From: Mark Salyzyn Date: Wed, 26 Oct 2016 14:19:32 -0700 Subject: [PATCH] logpersist: introduce split to logcat and logpersist domains logcat_exec transition to logpersist from init with perms Test: compile Bug: 30566487 Change-Id: I0cea55f71be011e921841ef9d3e1283f11606f36 --- target/board/generic/sepolicy/logd.te | 11 ----------- target/board/generic/sepolicy/logpersist.te | 12 ++++++++++++ 2 files changed, 12 insertions(+), 11 deletions(-) delete mode 100644 target/board/generic/sepolicy/logd.te create mode 100644 target/board/generic/sepolicy/logpersist.te diff --git a/target/board/generic/sepolicy/logd.te b/target/board/generic/sepolicy/logd.te deleted file mode 100644 index b3e60d78df..0000000000 --- a/target/board/generic/sepolicy/logd.te +++ /dev/null @@ -1,11 +0,0 @@ -# goldfish logcat service: runs logcat -Q in logd domain - -# See global logd.te, these only set for eng & userdebug, allow for all builds - -domain_auto_trans(init, logcat_exec, logd) - -# Read from logd. -read_logd(logd) - -# Write to /dev/ttyS2 and /dev/ttyGF2. -allow logd serial_device:chr_file { write open }; diff --git a/target/board/generic/sepolicy/logpersist.te b/target/board/generic/sepolicy/logpersist.te new file mode 100644 index 0000000000..0c529868ea --- /dev/null +++ b/target/board/generic/sepolicy/logpersist.te @@ -0,0 +1,12 @@ +# goldfish logcat service: runs logcat -Q in logpersist domain + +# See global logcat.te/logpersist.te, only set for eng & userdebug, +# allow for all builds in a non-conflicting manner. + +domain_auto_trans(init, logcat_exec, logpersist) + +# Read from logd. +unix_socket_connect(logpersist, logdr, logd) + +# Write to /dev/ttyS2 and /dev/ttyGF2. +allow logpersist serial_device:chr_file { write open };