tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Selinux setup for /data/misc/odsign/metrics/

Browse source 
odsign will be writing(metrics) to file
/data/misc/odsign/metrics/odsign-metrics.txt & system_server needs from it.

Test: adb pull /data/misc/odsign/metrics/odsign-metrics.txt after reboot
Bug: 202926606
Change-Id: I020efcee8ca7f5b81f1aa3374bbf2b3a7403186d
This commit is contained in:
Shikha Panwar 2022-02-24 11:50:35 +00:00
parent 295d74b9e0
commit 36daf98e45
4 changed files with 15 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
private/file.te
View file

@ -76,6 +76,9 @@ type odrefresh_data_file, file_type, data_file_type, core_data_file_type;
# /data/misc/odsign
type odsign_data_file, file_type, data_file_type, core_data_file_type;
# /data/misc/odsign_metrics
type odsign_metrics_file, file_type, data_file_type, core_data_file_type;
# /data/misc/virtualizationservice
type virtualizationservice_data_file, file_type, data_file_type, core_data_file_type;

1
private/file_contexts
View file

@ -623,6 +623,7 @@
/data/misc/nfc/logs(/.*)? u:object_r:nfc_logs_data_file:s0
/data/misc/odrefresh(/.*)? u:object_r:odrefresh_data_file:s0
/data/misc/odsign(/.*)? u:object_r:odsign_data_file:s0
/data/misc/odsign/metrics(/.*)? u:object_r:odsign_metrics_file:s0
/data/misc/perfetto-traces/bugreport(.*)? u:object_r:perfetto_traces_bugreport_data_file:s0
/data/misc/perfetto-traces(/.*)? u:object_r:perfetto_traces_data_file:s0
/data/misc/perfetto-configs(/.*)? u:object_r:perfetto_configs_data_file:s0

8
private/odsign.te
View file

@ -13,6 +13,10 @@ init_daemon_domain(odsign)
allow odsign odsign_data_file:dir create_dir_perms;
allow odsign odsign_data_file:file create_file_perms;
# Allow using persistent storage in /data/odsign/metrics - to add metrics related files
allow odsign odsign_metrics_file:dir rw_dir_perms;
allow odsign odsign_metrics_file:file create_file_perms;
# Create and use pty created by android_fork_execvp().
create_pty(odsign)
@ -61,5 +65,5 @@ neverallow { domain -odsign -init } odsign_prop:property_service set;
set_prop(odsign, ctl_odsign_prop)
# Neverallows
neverallow { domain -odsign -init -fsverity_init } odsign_data_file:dir *;
neverallow { domain -odsign -init -fsverity_init } odsign_data_file:file *;
neverallow { domain -odsign -init -fsverity_init} odsign_data_file:dir ~search;
neverallow { domain -odsign -init -fsverity_init} odsign_data_file:file *;

5
private/system_server.te
View file

@ -221,6 +221,11 @@ allow system_server proc_sysrq:file rw_file_perms;
allow system_server stats_data_file:dir { open read remove_name search write };
allow system_server stats_data_file:file unlink;
# Read metric file & upload to statsd
allow system_server odsign_data_file:dir search;
allow system_server odsign_metrics_file:dir { r_dir_perms write remove_name };
allow system_server odsign_metrics_file:file { r_file_perms unlink };
# Read /sys/kernel/debug/wakeup_sources.
no_debugfs_restriction(`
allow system_server debugfs_wakeup_sources:file r_file_perms;