Merge "Allow snapuserd to write log files to /data/misc" am: 5ab4239bfb
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2573077 Change-Id: I6f4393fbbb695a2da4897de36fa96cca3bc49fb9 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
commit
caced74f2c
5 changed files with 13 additions and 0 deletions
|
@ -60,6 +60,7 @@
|
||||||
rkpdapp
|
rkpdapp
|
||||||
servicemanager_prop
|
servicemanager_prop
|
||||||
shutdown_checkpoints_system_data_file
|
shutdown_checkpoints_system_data_file
|
||||||
|
snapuserd_log_data_file
|
||||||
stats_config_data_file
|
stats_config_data_file
|
||||||
sysfs_fs_fuse_features
|
sysfs_fs_fuse_features
|
||||||
system_net_netd_service
|
system_net_netd_service
|
||||||
|
|
|
@ -664,6 +664,7 @@
|
||||||
/data/misc/vold(/.*)? u:object_r:vold_data_file:s0
|
/data/misc/vold(/.*)? u:object_r:vold_data_file:s0
|
||||||
/data/misc/update_engine(/.*)? u:object_r:update_engine_data_file:s0
|
/data/misc/update_engine(/.*)? u:object_r:update_engine_data_file:s0
|
||||||
/data/misc/update_engine_log(/.*)? u:object_r:update_engine_log_data_file:s0
|
/data/misc/update_engine_log(/.*)? u:object_r:update_engine_log_data_file:s0
|
||||||
|
/data/misc/snapuserd_log(/.*)? u:object_r:snapuserd_log_data_file:s0
|
||||||
/data/system/dropbox(/.*)? u:object_r:dropbox_data_file:s0
|
/data/system/dropbox(/.*)? u:object_r:dropbox_data_file:s0
|
||||||
/data/system/heapdump(/.*)? u:object_r:heapdump_data_file:s0
|
/data/system/heapdump(/.*)? u:object_r:heapdump_data_file:s0
|
||||||
/data/misc/trace(/.*)? u:object_r:method_trace_data_file:s0
|
/data/misc/trace(/.*)? u:object_r:method_trace_data_file:s0
|
||||||
|
|
|
@ -57,6 +57,13 @@ allow snapuserd metadata_file:dir search;
|
||||||
allow snapuserd ota_metadata_file:dir rw_dir_perms;
|
allow snapuserd ota_metadata_file:dir rw_dir_perms;
|
||||||
allow snapuserd ota_metadata_file:file create_file_perms;
|
allow snapuserd ota_metadata_file:file create_file_perms;
|
||||||
|
|
||||||
|
# write to /data/misc/snapuserd_log
|
||||||
|
allow snapuserd snapuserd_log_data_file:dir create_dir_perms;
|
||||||
|
allow snapuserd snapuserd_log_data_file:file create_file_perms;
|
||||||
|
|
||||||
|
# Read /proc/stat to determine boot time
|
||||||
|
allow snapuserd proc_stat:file r_file_perms;
|
||||||
|
|
||||||
# This capability allows snapuserd to circumvent memlock rlimits while using
|
# This capability allows snapuserd to circumvent memlock rlimits while using
|
||||||
# io_uring. An Alternative would be to up the memlock rlimit for the snapuserd service.
|
# io_uring. An Alternative would be to up the memlock rlimit for the snapuserd service.
|
||||||
allow snapuserd self:capability ipc_lock;
|
allow snapuserd self:capability ipc_lock;
|
||||||
|
|
|
@ -259,6 +259,9 @@ allow dumpstate recovery_data_file:file r_file_perms;
|
||||||
# Access /data/misc/update_engine & /data/misc/update_engine_log
|
# Access /data/misc/update_engine & /data/misc/update_engine_log
|
||||||
allow dumpstate { update_engine_data_file update_engine_log_data_file }:dir r_dir_perms;
|
allow dumpstate { update_engine_data_file update_engine_log_data_file }:dir r_dir_perms;
|
||||||
allow dumpstate { update_engine_data_file update_engine_log_data_file }:file r_file_perms;
|
allow dumpstate { update_engine_data_file update_engine_log_data_file }:file r_file_perms;
|
||||||
|
# Access /data/misc/snapuserd_log
|
||||||
|
allow dumpstate snapuserd_log_data_file:dir r_dir_perms;
|
||||||
|
allow dumpstate snapuserd_log_data_file:file r_file_perms;
|
||||||
|
|
||||||
# Access /data/misc/profiles/{cur,ref}/
|
# Access /data/misc/profiles/{cur,ref}/
|
||||||
userdebug_or_eng(`
|
userdebug_or_eng(`
|
||||||
|
|
|
@ -460,6 +460,7 @@ type vold_data_file, file_type, data_file_type, core_data_file_type;
|
||||||
type tee_data_file, file_type, data_file_type;
|
type tee_data_file, file_type, data_file_type;
|
||||||
type update_engine_data_file, file_type, data_file_type, core_data_file_type;
|
type update_engine_data_file, file_type, data_file_type, core_data_file_type;
|
||||||
type update_engine_log_data_file, file_type, data_file_type, core_data_file_type;
|
type update_engine_log_data_file, file_type, data_file_type, core_data_file_type;
|
||||||
|
type snapuserd_log_data_file, file_type, data_file_type, core_data_file_type;
|
||||||
# /data/misc/trace for method traces on userdebug / eng builds
|
# /data/misc/trace for method traces on userdebug / eng builds
|
||||||
type method_trace_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
|
type method_trace_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
|
||||||
type gsi_data_file, file_type, data_file_type, core_data_file_type;
|
type gsi_data_file, file_type, data_file_type, core_data_file_type;
|
||||||
|
|
Loading…
Reference in a new issue