tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/private/compat/202404/202404.ignore.cil
Steven Moreland 248f0e069a Update transaction log permissions. 
I locked down binderfs in Android V (this release still), but
part of it was opened up too much, so transactions restricted
to userdebug.

transaction_log and failed_transaction_log are not used in AOSP,
but they are requested by partners.

Bug: 316970771 for transactions
Bug: 336711420 for request to open up transaction history logs
Test: boot, bugreport, also:

:) adb shell ls -Z /dev/binderfs/binder_logs
u:object_r:binderfs_logs_transaction_history:s0 failed_transaction_log
u:object_r:binderfs_logs_proc:s0                proc
u:object_r:binderfs_logs:s0                     state
u:object_r:binderfs_logs_stats:s0               stats
u:object_r:binderfs_logs_transaction_history:s0 transaction_log
u:object_r:binderfs_logs_transactions:s0        transactions
:) adb shell cat /dev/binderfs/binder_logs/transaction_log
10058502: reply from 6450:8668 to 6766:6766 context binder node 0 handle -1 size 36:0 ret 0/0 l=0
10058503: call  from 6766:6766 to 6450:0 context binder node 199747 handle 23 size 116:0 ret 0/0 l=0
10058504: reply from 6450:8668 to 6766:6766 context binder node 0 handle -1 size 12:0 ret 0/0 l=0
10058505: call  from 6766:6766 to 6450:0 context binder node 199747 handle 23 size 84:0 ret 0/0 l=0
...
:) adb shell cat /dev/binderfs/binder_logs/failed_transaction_log
26418: reply from 584:1568 to 0:0 context binder node 0 handle -1 size 20:0 ret 29189/0 l=3194
57265: async from 2978:4304 to 3039:0 context binder node 40111 handle 6 size 96:0 ret 29189/-3 l=3465
57269: call  from 4437:4613 to 670:0 context binder node 57183 handle 44 size 116:0 ret 29189/-3 l=3465
57288: async from 4252:4450 to 3039:0 context binder node 34895 handle 1 size 92:0 ret 29189/-3 l=3465
...

Change-Id: I73e570dee8e59e76acaf0def615701e0e85e207f
2024-05-17 22:35:55 +00:00

15 lines
528 B
Text
Raw Blame History

;; new_objects - a collection of types that have been introduced with ToT policy
;; that have no analogue in 202404 policy. Thus, we do not need to map these types to
;; previous ones. Add here to pass checkapi tests.
(type new_objects)
(typeattribute new_objects)
(typeattributeset new_objects
( new_objects
profcollectd_etr_prop
fs_bpf_lmkd_memevents_rb
fs_bpf_lmkd_memevents_prog
binderfs_logs_transactions
binderfs_logs_transaction_history
proc_compaction_proactiveness
proc_cgroups
))
Reference in a new issue View git blame Copy permalink