tequilaOS/platform_device_qcom_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "mdm-helper: Add rule for probing ramdump access path"

Browse source
This commit is contained in:
qctecmdr 2020-04-22 04:38:29 -07:00 committed by Gerrit - the friendly Code Review server
commit 9419b1e8cf
1 changed files with 13 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
qva/vendor/common/mdm_helper.te → generic/vendor/common/mdm_helper.te vendored
View file

@ -45,11 +45,23 @@ allow vendor_mdm_helper vendor_esoc_device:chr_file rw_file_perms;
allow vendor_mdm_helper vendor_shell_exec:file rx_file_perms;
allow vendor_mdm_helper vendor_mdm_helper_exec :file x_file_perms;
#Rampdump config
#
# User variant
# Probe for write access to vendor tombstones as the
# presense of tombstones on subsystem does not correlate
# to Android user/userdebug config
allow vendor_mdm_helper vendor_tombstone_data_file:dir r_dir_perms;
dontaudit vendor_mdm_helper vendor_tombstone_data_file:dir write;
# Userdebug/eng variant
userdebug_or_eng(`
#Needed for ram dump storage
allow vendor_mdm_helper vendor_tombstone_data_file:dir create_dir_perms;
allow vendor_mdm_helper vendor_tombstone_data_file:file create_file_perms;
')
#Ramdump config END
#Needed to kill its own forked process on efs sync
allow vendor_mdm_helper self:capability kill;
#Needed by ks in order to access the efs sync partitions.
allow vendor_mdm_helper block_device:dir r_dir_perms;