Merge "logd: add getEventTag command and service"
am: 542a46267f
Change-Id: I169dbd05d71939e6a337e20a131caa7cbad3a977
This commit is contained in:
commit
2cf8777fe5
4 changed files with 22 additions and 6 deletions
|
@ -9,7 +9,7 @@ neverallow logd {
|
|||
file_type
|
||||
-logd_tmpfs
|
||||
-runtime_event_log_tags_file
|
||||
userdebug_or_eng(`-coredump_file')
|
||||
userdebug_or_eng(`-coredump_file -misc_logd_file')
|
||||
}:file { create write append };
|
||||
|
||||
# protect the event-log-tags file
|
||||
|
@ -18,6 +18,7 @@ neverallow {
|
|||
-appdomain # covered below
|
||||
-bootstat
|
||||
-dumpstate
|
||||
-init
|
||||
-logd
|
||||
userdebug_or_eng(`-logpersist')
|
||||
-servicemanager
|
||||
|
|
|
@ -18,5 +18,5 @@ userdebug_or_eng(`
|
|||
|
||||
# logpersist is allowed to write to /data/misc/log for userdebug and eng builds
|
||||
neverallow logpersist { file_type userdebug_or_eng(`-misc_logd_file -coredump_file') }:file { create write append };
|
||||
neverallow { domain userdebug_or_eng(`-logpersist -dumpstate') } misc_logd_file:file no_rw_file_perms;
|
||||
neverallow { domain userdebug_or_eng(`-logpersist') } misc_logd_file:dir { add_name link relabelfrom remove_name rename reparent rmdir write };
|
||||
neverallow { domain -init userdebug_or_eng(`-logpersist -logd -dumpstate') } misc_logd_file:file no_rw_file_perms;
|
||||
neverallow { domain -init userdebug_or_eng(`-logpersist -logd') } misc_logd_file:dir { add_name link relabelfrom remove_name rename reparent rmdir write };
|
||||
|
|
|
@ -17,6 +17,9 @@ allow init kmsg_device:chr_file { write relabelto };
|
|||
allow init properties_device:dir relabelto;
|
||||
allow init properties_serial:file { write relabelto };
|
||||
allow init property_type:file { create_file_perms relabelto };
|
||||
# /dev/event-log-tags
|
||||
allow init device:file relabelfrom;
|
||||
allow init runtime_event_log_tags_file:file { open write setattr relabelto };
|
||||
# /dev/socket
|
||||
allow init { device socket_device }:dir relabelto;
|
||||
# /dev/random, /dev/urandom
|
||||
|
@ -233,8 +236,8 @@ allow init sysfs_type:file rw_file_perms;
|
|||
|
||||
# Init will create /data/misc/logd when the property persist.logd.logpersistd is "logcatd".
|
||||
# Init will also walk through the directory as part of a recursive restorecon.
|
||||
allow init misc_logd_file:dir { open create read getattr setattr search };
|
||||
allow init misc_logd_file:file { getattr };
|
||||
allow init misc_logd_file:dir { add_name open create read getattr setattr search write };
|
||||
allow init misc_logd_file:file { open create getattr setattr write };
|
||||
|
||||
# Support "adb shell stop"
|
||||
allow init self:capability kill;
|
||||
|
|
|
@ -14,6 +14,14 @@ allow logd self:netlink_audit_socket { create_socket_perms_no_ioctl nlmsg_write
|
|||
allow logd kernel:system syslog_read;
|
||||
allow logd kmsg_device:chr_file w_file_perms;
|
||||
allow logd system_data_file:{ file lnk_file } r_file_perms;
|
||||
allow logd pstorefs:dir search;
|
||||
allow logd pstorefs:file r_file_perms;
|
||||
userdebug_or_eng(`
|
||||
# Access to /data/misc/logd/event-log-tags
|
||||
allow logd misc_logd_file:dir r_dir_perms;
|
||||
allow logd misc_logd_file:file rw_file_perms;
|
||||
')
|
||||
allow logd runtime_event_log_tags_file:file rw_file_perms;
|
||||
|
||||
# Access device logging gating property
|
||||
get_prop(logd, device_logging_prop)
|
||||
|
@ -58,4 +66,8 @@ neverallow { domain -init } logd:process transition;
|
|||
neverallow * logd:process dyntransition;
|
||||
|
||||
# protect the event-log-tags file
|
||||
neverallow * runtime_event_log_tags_file:file no_w_file_perms;
|
||||
neverallow {
|
||||
domain
|
||||
-init
|
||||
-logd
|
||||
} runtime_event_log_tags_file:file no_w_file_perms;
|
||||
|
|
Loading…
Reference in a new issue