From 59fd67288475d0eaae14a729a3addb83e92a07dd Mon Sep 17 00:00:00 2001
From: xiaohuin <xiaohuin@codeaurora.org>
Date: Sun, 22 Aug 2021 20:17:03 +0800
Subject: [PATCH] sepolicy: rename hang_guard to qguard

change hang_guard to qguard

Change-Id: I6a11a7fbb0ab8d9682e89750bb111ebe9fc618fd
CRs-Fixed: 3005281
---
 generic/vendor/test/file_contexts             |  4 +--
 .../vendor/test/{hang_guard.te => qguard.te}  | 29 +++++++++++--------
 2 files changed, 19 insertions(+), 14 deletions(-)
 rename generic/vendor/test/{hang_guard.te => qguard.te} (68%)

diff --git a/generic/vendor/test/file_contexts b/generic/vendor/test/file_contexts
index 201b2646..bd923cd2 100644
--- a/generic/vendor/test/file_contexts
+++ b/generic/vendor/test/file_contexts
@@ -78,8 +78,8 @@
 /(vendor|system/vendor)/bin/test-fake-ap                        u:object_r:vendor_location_exec:s0
 /(vendor|system/vendor)/bin/test-fdal                           u:object_r:vendor_location_exec:s0
 
-#### Context for hang_guard
-/(vendor|system/vendor)/bin/hang_guard        u:object_r:vendor_hang_guard_exec:s0
+#### Context for qguard
+/(vendor|system/vendor)/bin/qguard        u:object_r:vendor_qguard_exec:s0
 
 #For debug script
 /(vendor|system/vendor)/bin/init\.qti\.kernel\.debug\.sh        u:object_r:vendor_qti_init_shell_exec:s0
diff --git a/generic/vendor/test/hang_guard.te b/generic/vendor/test/qguard.te
similarity index 68%
rename from generic/vendor/test/hang_guard.te
rename to generic/vendor/test/qguard.te
index efa3cd67..053bafe5 100644
--- a/generic/vendor/test/hang_guard.te
+++ b/generic/vendor/test/qguard.te
@@ -25,27 +25,32 @@
 # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-type vendor_hang_guard, domain, mlstrustedsubject;
-type vendor_hang_guard_exec, exec_type, vendor_file_type, file_type;
+type vendor_qguard, domain, mlstrustedsubject;
+type vendor_qguard_exec, exec_type, vendor_file_type, file_type;
 
-init_daemon_domain(vendor_hang_guard)
+init_daemon_domain(vendor_qguard)
 
 userdebug_or_eng(`
-  allow vendor_hang_guard self:global_capability_class_set kill;
-  allow vendor_hang_guard kmsg_device:chr_file w_file_perms;
-  allow vendor_hang_guard domain:process { signal sigstop sigkill };
+  allow vendor_qguard self:global_capability_class_set kill;
+  allow vendor_qguard kmsg_device:chr_file w_file_perms;
+  allow vendor_qguard domain:process { signal sigstop sigkill };
 
   # sh
-  allow vendor_hang_guard { vendor_shell_exec vendor_toolbox_exec }:file rx_file_perms;
+  allow vendor_qguard { vendor_shell_exec vendor_toolbox_exec }:file rx_file_perms;
 
   # look through /proc
-  allow vendor_hang_guard domain:dir r_dir_perms;
-  allow vendor_hang_guard domain:file r_file_perms;
-  allow vendor_hang_guard domain:lnk_file read;
+  allow vendor_qguard domain:dir r_dir_perms;
+  allow vendor_qguard domain:file r_file_perms;
+  allow vendor_qguard domain:lnk_file read;
+
+  # write into hung_task_enh
+  allow vendor_qguard proc:file { write open };
 
   # write into sysrq
-  allow vendor_hang_guard proc_sysrq:file w_file_perms;
+  allow vendor_qguard proc_sysrq:file w_file_perms;
 
   # reboot
-  set_prop(vendor_hang_guard, powerctl_prop)
+  set_prop(vendor_qguard, powerctl_prop)
+
+  dontaudit vendor_qguard default_prop:file read;
 ')