Gitiles
Code Review Sign In
review.blissroms.org / platform_device_qcom_sepolicy-legacy / refs/heads/t / . / common / qlogd.te
blob: 157ab485e333bea0d94afd927aaaa89ffbf97ad0 [file] [log] [blame]
jinwuf1e16bf2014-10-14 18:36:18 +0800[diff] [blame]1# qlogd
Biswajit Paul6786a922017-03-16 11:53:53 -0700[diff] [blame]2type qlogd, domain;
Ravi Kumar Siddojigaric7def122017-06-13 00:49:19 +0530[diff] [blame]3type qlogd_exec, exec_type, vendor_file_type, file_type;
jinwuf1e16bf2014-10-14 18:36:18 +0800[diff] [blame]4
5# make transition from init to its domain
6init_daemon_domain(qlogd)
7
8# need to access sharemem log device for smem logs
jinwu8d099a32014-11-25 16:35:47 +0800[diff] [blame]9allow qlogd smem_log_device:chr_file rw_file_perms;
jinwuf1e16bf2014-10-14 18:36:18 +0800[diff] [blame]10
11# need to add more capabilities for qlogd
Avijit Kanti Das441bad42015-05-12 14:07:41 -0700[diff] [blame]12allow qlogd self:capability {
13 setuid
14 setgid
15 dac_override
16 dac_read_search
17 sys_admin
18 net_raw
19 net_admin
20 fowner
21 fsetid
22 kill
23 sys_module
24};
25allow qlogd self:capability2 syslog;
Biswajit Paul2d35d982017-02-01 17:40:10 -0800[diff] [blame]26allow qlogd self:packet_socket { create bind getopt setopt };
jinwuf1e16bf2014-10-14 18:36:18 +0800[diff] [blame]27
28# need to access system_data partitions for configration files
jinwu8d099a32014-11-25 16:35:47 +0800[diff] [blame]29allow qlogd qlogd_data_file:dir rw_dir_perms;
30allow qlogd qlogd_data_file:file create_file_perms;
Avijit Kanti Das441bad42015-05-12 14:07:41 -0700[diff] [blame]31allow qlogd system_file:file x_file_perms;
jinwuf1e16bf2014-10-14 18:36:18 +0800[diff] [blame]32
33# need to create and listen socket
jinwu8d099a32014-11-25 16:35:47 +0800[diff] [blame]34allow qlogd qlogd_socket:sock_file create_file_perms;
jinwuf1e16bf2014-10-14 18:36:18 +0800[diff] [blame]35
36# need to start shell execute files
Ravi Kumar Siddojigaric7def122017-06-13 00:49:19 +0530[diff] [blame]37allow qlogd vendor_shell_exec:file rx_file_perms;
jinwuf1e16bf2014-10-14 18:36:18 +0800[diff] [blame]38
39# need to create and write files in fuse partition
jinwu8d099a32014-11-25 16:35:47 +0800[diff] [blame]40allow qlogd fuse:dir create_dir_perms;
41allow qlogd fuse:file create_file_perms;
jinwuf1e16bf2014-10-14 18:36:18 +0800[diff] [blame]42
jinwu8d099a32014-11-25 16:35:47 +0800[diff] [blame]43# need to capture kmsg
jinwuf1e16bf2014-10-14 18:36:18 +0800[diff] [blame]44allow qlogd kernel:system syslog_mod;
45
Mohit Aggarwal4602e032015-09-01 17:58:00 +0530[diff] [blame]46# need for qdss log and odl from UI
jinwu8d099a32014-11-25 16:35:47 +0800[diff] [blame]47userdebug_or_eng(`
Ravi Kumar Siddojigari92eed182017-06-27 00:25:03 +0530[diff] [blame]48 allow qlogd { debugfs_tracing qdss_device }:file r_file_perms;
David Ng14a42d62016-03-07 15:35:02 -0800[diff] [blame]49 allow qlogd { qdss_device }:file r_file_perms;
Avijit Kanti Das441bad42015-05-12 14:07:41 -0700[diff] [blame]50 allow qlogd sysfs:file w_file_perms;
Mohit Aggarwal4602e032015-09-01 17:58:00 +0530[diff] [blame]51 r_dir_file(qlogd, storage_file)
52 r_dir_file(qlogd, mnt_user_file)
Biswajit Paul277acbb2016-07-20 12:02:14 -0700[diff] [blame]53 diag_use(qlogd)
jinwu8d099a32014-11-25 16:35:47 +0800[diff] [blame]54')
55
jinwuf1e16bf2014-10-14 18:36:18 +0800[diff] [blame]56# need for capture adb logs
jinwu8d099a32014-11-25 16:35:47 +0800[diff] [blame]57unix_socket_connect(qlogd, logdr, logd)
58
59# need for subsystem ramdump
60allow qlogd device:dir r_dir_perms;
61allow qlogd ramdump_device:chr_file { setattr rw_file_perms };
62
63# need for qxdm log
64allow qlogd diag_exec:file rx_file_perms;
Avijit Kanti Das441bad42015-05-12 14:07:41 -0700[diff] [blame]65wakelock_use(qlogd)