d33a9a194b
Create an event_log_tags_file label and use it for /dev/event-log-tags. Only trusted system log readers are allowed direct read access to this file, no write access. Untrusted domain requests lack direct access, and are thus checked for credentials via the "plan b" long path socket to the event log tag service. Test: gTest logd-unit-tests, liblog-unit-tests and logcat-unit-tests Bug: 31456426 Bug: 30566487 Change-Id: Ib9b71ca225d4436d764c9bc340ff7b1c9c252a9e
38 lines
905 B
Text
38 lines
905 B
Text
# type_transition must be private policy the domain_trans rules could stay
|
|
# public, but conceptually should go with this
|
|
init_daemon_domain(logd)
|
|
|
|
# logd is not allowed to write anywhere other than /data/misc/logd, and then
|
|
# only on userdebug or eng builds
|
|
# TODO: deal with tmpfs_domain pub/priv split properly
|
|
neverallow logd {
|
|
file_type
|
|
-logd_tmpfs
|
|
-runtime_event_log_tags_file
|
|
userdebug_or_eng(`-coredump_file')
|
|
}:file { create write append };
|
|
|
|
# protect the event-log-tags file
|
|
neverallow {
|
|
domain
|
|
-appdomain # covered below
|
|
-bootstat
|
|
-dumpstate
|
|
-logd
|
|
userdebug_or_eng(`-logpersist')
|
|
-servicemanager
|
|
-system_server
|
|
-surfaceflinger
|
|
-zygote
|
|
} runtime_event_log_tags_file:file no_rw_file_perms;
|
|
|
|
neverallow {
|
|
appdomain
|
|
-bluetooth
|
|
-platform_app
|
|
-priv_app
|
|
-radio
|
|
-shell
|
|
userdebug_or_eng(`-su')
|
|
-system_app
|
|
} runtime_event_log_tags_file:file no_rw_file_perms;
|