logd: allow access to system files
- allow access for /data/system/packages.xml. - deprecate access to /dev/logd_debug (can use /dev/kmsg for debugging) - allow access to /dev/socket/logd for 'logd --reinit' Bug: 19681572 Change-Id: Iac57fff1aabc3b061ad2cc27969017797f8bef54
This commit is contained in:
parent
5434a8a913
commit
61d665af16
4 changed files with 3 additions and 12 deletions
1
file.te
1
file.te
|
@ -142,7 +142,6 @@ type fwmarkd_socket, file_type, mlstrustedobject;
|
||||||
type gps_socket, file_type;
|
type gps_socket, file_type;
|
||||||
type installd_socket, file_type;
|
type installd_socket, file_type;
|
||||||
type lmkd_socket, file_type;
|
type lmkd_socket, file_type;
|
||||||
type logd_debug, file_type, mlstrustedobject;
|
|
||||||
type logd_socket, file_type, mlstrustedobject;
|
type logd_socket, file_type, mlstrustedobject;
|
||||||
type logdr_socket, file_type, mlstrustedobject;
|
type logdr_socket, file_type, mlstrustedobject;
|
||||||
type logdw_socket, file_type, mlstrustedobject;
|
type logdw_socket, file_type, mlstrustedobject;
|
||||||
|
|
|
@ -86,7 +86,6 @@
|
||||||
/dev/socket/gps u:object_r:gps_socket:s0
|
/dev/socket/gps u:object_r:gps_socket:s0
|
||||||
/dev/socket/installd u:object_r:installd_socket:s0
|
/dev/socket/installd u:object_r:installd_socket:s0
|
||||||
/dev/socket/lmkd u:object_r:lmkd_socket:s0
|
/dev/socket/lmkd u:object_r:lmkd_socket:s0
|
||||||
/dev/logd_debug u:object_r:logd_debug:s0
|
|
||||||
/dev/socket/logd u:object_r:logd_socket:s0
|
/dev/socket/logd u:object_r:logd_socket:s0
|
||||||
/dev/socket/logdr u:object_r:logdr_socket:s0
|
/dev/socket/logdr u:object_r:logdr_socket:s0
|
||||||
/dev/socket/logdw u:object_r:logdw_socket:s0
|
/dev/socket/logdw u:object_r:logdw_socket:s0
|
||||||
|
|
10
logd.te
10
logd.te
|
@ -9,18 +9,14 @@ allow logd self:capability2 syslog;
|
||||||
allow logd self:netlink_audit_socket { create_socket_perms nlmsg_write };
|
allow logd self:netlink_audit_socket { create_socket_perms nlmsg_write };
|
||||||
allow logd kernel:system syslog_read;
|
allow logd kernel:system syslog_read;
|
||||||
allow logd kmsg_device:chr_file w_file_perms;
|
allow logd kmsg_device:chr_file w_file_perms;
|
||||||
|
allow logd system_data_file:file r_file_perms;
|
||||||
|
|
||||||
r_dir_file(logd, domain)
|
r_dir_file(logd, domain)
|
||||||
|
|
||||||
userdebug_or_eng(`
|
|
||||||
# Debug output
|
|
||||||
type_transition logd device:file logd_debug;
|
|
||||||
allow logd device:dir rw_dir_perms;
|
|
||||||
allow logd logd_debug:file create_file_perms;
|
|
||||||
')
|
|
||||||
|
|
||||||
allow logd kernel:system syslog_mod;
|
allow logd kernel:system syslog_mod;
|
||||||
|
|
||||||
|
control_logd(logd)
|
||||||
|
|
||||||
###
|
###
|
||||||
### Neverallow rules
|
### Neverallow rules
|
||||||
###
|
###
|
||||||
|
|
|
@ -301,9 +301,6 @@ define(`userdebug_or_eng', ifelse(target_build_variant, `eng', $1, ifelse(target
|
||||||
# Ability to write to android log
|
# Ability to write to android log
|
||||||
# daemon via sockets
|
# daemon via sockets
|
||||||
define(`write_logd', `
|
define(`write_logd', `
|
||||||
userdebug_or_eng(`
|
|
||||||
allow $1 logd_debug:file w_file_perms;
|
|
||||||
')
|
|
||||||
unix_socket_send($1, logdw, logd)
|
unix_socket_send($1, logdw, logd)
|
||||||
allow $1 pmsg_device:chr_file w_file_perms;
|
allow $1 pmsg_device:chr_file w_file_perms;
|
||||||
')
|
')
|
||||||
|
|
Loading…
Reference in a new issue