From dd648132049ed189451587837189f04ceeb75b2f Mon Sep 17 00:00:00 2001
From: Jack Yu <jackcwyu@google.com>
Date: Wed, 8 Jul 2020 17:09:49 +0800
Subject: [PATCH] Add sepolicy to allow read/write nfc snoop log data

Bug: 153704838
Test: nfc snoop log could be accessed
Change-Id: I694426ddb776114e5028b9e33455dd98fb502f0a
---
 private/compat/30.0/30.0.ignore.cil | 1 +
 private/file_contexts               | 1 +
 private/nfc.te                      | 2 ++
 public/dumpstate.te                 | 4 ++++
 public/file.te                      | 1 +
 5 files changed, 9 insertions(+)

diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index d26644f1c..94571a68f 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@@ -21,6 +21,7 @@
     location_time_zone_manager_service
     mediatranscoding_tmpfs
     music_recognition_service
+    nfc_logs_data_file
     people_service
     power_stats_service
     power_debug_prop
diff --git a/private/file_contexts b/private/file_contexts
index efb2c14b0..b5cd40c79 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -573,6 +573,7 @@
 /data/misc/media(/.*)?          u:object_r:media_data_file:s0
 /data/misc/net(/.*)?            u:object_r:net_data_file:s0
 /data/misc/network_watchlist(/.*)? u:object_r:network_watchlist_data_file:s0
+/data/misc/nfc/logs(/.*)?       u:object_r:nfc_logs_data_file:s0
 /data/misc/perfetto-traces(/.*)? u:object_r:perfetto_traces_data_file:s0
 /data/misc/prereboot(/.*)?      u:object_r:prereboot_data_file:s0
 /data/misc/profcollectd(/.*)?   u:object_r:profcollectd_data_file:s0
diff --git a/private/nfc.te b/private/nfc.te
index 315b09679..f1a08f7a4 100644
--- a/private/nfc.te
+++ b/private/nfc.te
@@ -11,6 +11,8 @@ hal_client_domain(nfc, hal_nfc)
 # Data file accesses.
 allow nfc nfc_data_file:dir create_dir_perms;
 allow nfc nfc_data_file:notdevfile_class_set create_file_perms;
+allow nfc nfc_logs_data_file:dir rw_dir_perms;
+allow nfc nfc_logs_data_file:file create_file_perms;
 
 # SoundPool loading and playback
 allow nfc audioserver_service:service_manager find;
diff --git a/public/dumpstate.te b/public/dumpstate.te
index 763467f8b..08d4b0cd6 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -172,6 +172,10 @@ allow dumpstate bluetooth_data_file:dir search;
 allow dumpstate bluetooth_logs_data_file:dir r_dir_perms;
 allow dumpstate bluetooth_logs_data_file:file r_file_perms;
 
+# For Nfc
+allow dumpstate nfc_logs_data_file:dir r_dir_perms;
+allow dumpstate nfc_logs_data_file:file r_file_perms;
+
 # Dumpstate calls screencap, which grabs a screenshot. Needs gpu access
 allow dumpstate gpu_device:chr_file rw_file_perms;
 
diff --git a/public/file.te b/public/file.te
index 3d10999b2..a24e15c19 100644
--- a/public/file.te
+++ b/public/file.te
@@ -383,6 +383,7 @@ type misc_user_data_file, file_type, data_file_type, core_data_file_type;
 type net_data_file, file_type, data_file_type, core_data_file_type;
 type network_watchlist_data_file, file_type, data_file_type, core_data_file_type;
 type nfc_data_file, file_type, data_file_type, core_data_file_type;
+type nfc_logs_data_file, file_type, data_file_type, core_data_file_type;
 type radio_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
 type recovery_data_file, file_type, data_file_type, core_data_file_type;
 type shared_relro_file, file_type, data_file_type, core_data_file_type;