platform_system_sepolicy/private/servicemanager.te
Mark Salyzyn d33a9a194b logd: restrict access to /dev/event-log-tags
Create an event_log_tags_file label and use it for
/dev/event-log-tags.  Only trusted system log readers are allowed
direct read access to this file, no write access.  Untrusted domain
requests lack direct access, and are thus checked for credentials via
the "plan b" long path socket to the event log tag service.

Test: gTest logd-unit-tests, liblog-unit-tests and logcat-unit-tests
Bug: 31456426
Bug: 30566487
Change-Id: Ib9b71ca225d4436d764c9bc340ff7b1c9c252a9e
2017-01-31 15:50:15 +00:00

5 lines
196 B
Text

# type_transition must be private policy the domain_trans rules could stay
# public, but conceptually should go with this
init_daemon_domain(servicemanager)
read_runtime_log_tags(servicemanager)