tequilaOS/platform_system_core
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Relax permissions on /data/misc/logd

Browse source 
Incidentd needs to access /data/misc/logd to get persisted logs for
debugging purposes. Relax permissions on /data/misc/logd to allow
group (log) to access the dir and read its files. Effectively change
to:
drwxr-x--- logd log /data/misc/logd
-rw-r----- logd log /data/misc/logd/logcat*

Since this dir stores the past output of logcat, anyone that can run
logcat can be granted access to this dir. Access to this dir is further
guarded by SELinux. So it is safe.

Bug: 147924172
Test: Build, flash, reboot. Verify that the files have the right
      permissions.

Change-Id: I4d2aa9d5883d1ef14411b2b3902f0ca7c641dd7e
This commit is contained in:
Mike Ma 2020-01-17 18:01:03 -08:00
parent d6289bdf13
commit a7fb095207
4 changed files with 8 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
logcat/logcat.cpp
View file

@ -110,7 +110,7 @@ class Logcat {
#endif
static int openLogFile(const char* pathname, size_t sizeKB) {
int fd = open(pathname, O_WRONLY | O_APPEND | O_CREAT | O_CLOEXEC, S_IRUSR | S_IWUSR);
int fd = open(pathname, O_WRONLY | O_APPEND | O_CREAT | O_CLOEXEC, S_IRUSR | S_IWUSR | S_IRGRP);
if (fd < 0) {
return fd;
}

4
logcat/logcatd
View file

@ -4,6 +4,10 @@
# first reads the 'last' logcat to persistent storage with `-L` then run logcat again without
# `-L` to read the current logcat buffers to persistent storage.
# init sets the umask to 077 for forked processes. logpersist needs to create files that are group
# readable. So relax the umask to only disallow group wx and world rwx.
umask 037
has_last="false"
for arg in "$@"; do
if [ "$arg" == "-L" -o "$arg" == "--last" ]; then

4
logcat/logcatd.rc
View file

@ -30,8 +30,8 @@ on load_persist_props_action
setprop logd.logpersistd.enable true
on property:logd.logpersistd.enable=true && property:logd.logpersistd=logcatd
# all exec/services are called with umask(077), so no gain beyond 0700
mkdir /data/misc/logd 0700 logd log
# log group should be able to read persisted logs
mkdir /data/misc/logd 0750 logd log
start logcatd
# stop logcatd service and clear data

2
logd/logtagd.rc
View file

@ -2,7 +2,7 @@
# logtagd event log tag service (debug only)
#
on post-fs-data
mkdir /data/misc/logd 0700 logd log
mkdir /data/misc/logd 0750 logd log
write /data/misc/logd/event-log-tags ""
chown logd log /data/misc/logd/event-log-tags
chmod 0600 /data/misc/logd/event-log-tags