Merge "Allow incidentd to read LAST_KMSG only for userdebug builds" into pi-dev

am: 941cc9c8d2

Change-Id: I5fa2ede7234c3c2180ca89a547e15c8dac2d12b1
This commit is contained in:
Yi Jin 2018-03-30 17:26:54 +00:00 committed by android-build-merger
commit 7312abeb37
3 changed files with 6 additions and 0 deletions

View file

@ -83,6 +83,7 @@ full_treble_only(`
-charger
-dumpstate
-healthd
userdebug_or_eng(`-incidentd')
-init
-logd
-logpersist

View file

@ -8,6 +8,7 @@ domain_auto_trans(incidentd, incident_helper_exec, incident_helper)
# use pipe to transmit data from/to incidentd/incident_helper for parsing
allow incident_helper { shell incident incidentd }:fd use;
allow incident_helper { shell incident incidentd }:fifo_file { getattr read write };
allow incident_helper incidentd:unix_stream_socket { read write };
# only allow incidentd and shell to call incident_helper
neverallow { domain -incidentd -incident_helper -shell } incident_helper_exec:file { execute execute_no_trans };

View file

@ -38,6 +38,10 @@ allow incidentd domain:process getattr;
allow incidentd sysfs_batteryinfo:dir { search };
allow incidentd sysfs_batteryinfo:file r_file_perms;
# section id 2007, allow reading LAST_KMSG /sys/fs/pstore/console-ramoops
userdebug_or_eng(`allow incidentd pstorefs:dir search');
userdebug_or_eng(`allow incidentd pstorefs:file r_file_perms');
# Create and write into /data/misc/incidents
allow incidentd incident_data_file:dir rw_dir_perms;
allow incidentd incident_data_file:file create_file_perms;