summaryrefslogtreecommitdiffstats
path: root/non_plat/emdlogger.te
blob: a026832a1cc2920a46efdd179d35630668e7fcb1 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126

#allow emdlogger to set property
#allow emdlogger debug_prop:property_service set;
#allow emdlogger persist_mtklog_prop:property_service set;
#allow emdlogger system_radio_prop:property_service set;

# ccci device for internal modem
allow emdlogger ccci_device:chr_file { rw_file_perms };

# eemcs device for external modem
allow emdlogger eemcs_device:chr_file { rw_file_perms };

# C2K project SDIO device for external modem ttySDIO2 control port, ttySDIO8 log port
allow emdlogger ttySDIO_device:chr_file { rw_file_perms };

# C2K project modem device for external modem vmodem start/stop/ioctl modem
allow emdlogger vmodem_device:chr_file { rw_file_perms };

# usb device ttyGSx for modem logger usb logging
allow emdlogger ttyGS_device:chr_file { rw_file_perms};

# for modem logging sdcard access
allow emdlogger sdcard_type:dir { create_dir_perms };
allow emdlogger sdcard_type:file { create_file_perms };

# modem logger access on /data/mdlog
allow emdlogger mdlog_data_file:dir { create_dir_perms relabelto };
allow emdlogger mdlog_data_file:fifo_file { create_file_perms };
allow emdlogger mdlog_data_file:file { create_file_perms };

# modem logger control port access /dev/ttyC1
allow emdlogger mdlog_device:chr_file { rw_file_perms};

#modem logger SD logging in factory mode
allow emdlogger vfat:dir create_dir_perms;
allow emdlogger vfat:file create_file_perms;

#modem logger permission in storage in android M version
allow emdlogger mnt_user_file:dir search;
allow emdlogger mnt_user_file:lnk_file read;
allow emdlogger storage_file:lnk_file read;

#permission for storage link access in vzw Project
allow emdlogger mnt_media_rw_file:dir search;


#permission for use SELinux API
#avc: denied { read } for pid=576 comm="emdlogger1" name="selinux_version" dev="rootfs"
allow emdlogger rootfs:file r_file_perms;

#permission for storage access storage
allow emdlogger storage_file:dir { create_dir_perms };
allow emdlogger tmpfs:lnk_file read;
allow emdlogger storage_file:file { create_file_perms };

#permission for read boot mode
#avc: denied { open }  path="/sys/devices/virtual/BOOT/BOOT/boot/boot_mode" dev="sysfs"
allow emdlogger sysfs_boot_mode:file { read open };

# Allow read to sys/kernel/ccci/* files
allow emdlogger sysfs_ccci:dir search;
allow emdlogger sysfs_ccci:file r_file_perms;

allow emdlogger sysfs_mdinfo:file r_file_perms;
allow emdlogger sysfs_mdinfo:dir search;

# Allow read avc: denied { read } for name="mddb" dev="mmcblk0p25" ino=681
# scontext=u:r:emdlogger:s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=0
allow emdlogger system_file:dir read;


# purpose: allow emdlogger to access storage in N version
allow emdlogger media_rw_data_file:file  { create_file_perms };
allow emdlogger media_rw_data_file:dir { create_dir_perms };

#avc: denied { connectto } for path=006165653A72747464 scontext=u:r:emdlogger:s0
#tcontext=u:object_r:aee_aed_socket:s0 tclass=unix_stream_socket permissive=0
#security issue control
allow emdlogger aee_aed:unix_stream_socket connectto;

# For dynamic CCB buffer feature
#avc: denied { read write } for name="lk_env" dev="proc" ino=4026532192
#scontext=u:r:emdlogger:s0 tcontext=u:object_r:proc_lk_env:s0 tclass=file permissive=0
#avc: denied { read } for name="mmcblk0p3" dev="tmpfs" ino=8493 scontext=u:r:emdlogger:s0
# tcontext=u:object_r:para_block_device:s0 tclass=blk_file permissive=0
allow emdlogger para_block_device:blk_file { read open write };
allow emdlogger proc_lk_env:file { read write ioctl open };

## purpose: avc: denied { read } for name="plat_file_contexts"
#allow emdlogger file_contexts_file:file { read getattr open map};

allow emdlogger block_device:dir search;
allow emdlogger md_block_device:blk_file { read open };
allow emdlogger self:capability { chown };


# purpose: allow emdlogger to access persist.meta.connecttype
get_prop(emdlogger, meta_connecttype_prop);

# purpose: allow emdlogger to create socket
allow emdlogger port:tcp_socket { name_connect name_bind };
allow emdlogger emdlogger:tcp_socket { create connect setopt bind };
allow emdlogger emdlogger:tcp_socket { bind setopt listen accept read write };
allow emdlogger node:tcp_socket node_bind;

# Android P migration
set_prop(emdlogger, persist_mtklog_prop)
set_prop(emdlogger, vendor_mdl_prop)
set_prop(emdlogger, vendor_mdl_start_prop)
set_prop(emdlogger, debug_mdlogger_prop)
get_prop(emdlogger, vendor_usb_prop)
set_prop(emdlogger, persist_mdlog_prop)
set_prop(emdlogger, vendor_mdl_pulllog_prop)
set_prop(emdlogger, exported_system_radio_prop)
set_prop(emdlogger, debug_prop)
set_prop(emdlogger, system_radio_prop)

allow emdlogger vendor_configs_file:file map;
allow emdlogger vendor_default_prop:file map;

# Date : WK19.12
# Operation: add permission to catch logs
# Purpose : get kernel and radio logs when modem exception
allow emdlogger kernel:system syslog_read;
allow emdlogger logcat_exec:file {rx_file_perms};
allow emdlogger logdr_socket:sock_file write;
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-14 22:16:55 +0000