| Mathew Winn | 1be1195 | 2015-10-20 11:37:33 -0700 | [diff] [blame] | 1 | # Copyright (c) 2015-2016, The Linux Foundation. All rights reserved. |
| 2 | # |
| 3 | # Redistribution and use in source and binary forms, with or without |
| 4 | # modification, are permitted provided that the following conditions are |
| 5 | # met: |
| 6 | # * Redistributions of source code must retain the above copyright |
| 7 | # notice, this list of conditions and the following disclaimer. |
| 8 | # * Redistributions in binary form must reproduce the above |
| 9 | # copyright notice, this list of conditions and the following |
| 10 | # disclaimer in the documentation and/or other materials provided |
| 11 | # with the distribution. |
| 12 | # * Neither the name of The Linux Foundation nor the names of its |
| 13 | # contributors may be used to endorse or promote products derived |
| 14 | # from this software without specific prior written permission. |
| 15 | # |
| 16 | # THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED |
| 17 | # WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF |
| 18 | # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT |
| 19 | # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS |
| 20 | # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
| 21 | # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
| 22 | # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR |
| 23 | # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, |
| 24 | # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE |
| 25 | # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN |
| 26 | # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 27 | |
| 28 | # qti_logkit |
| Biswajit Paul | 6786a92 | 2017-03-16 11:53:53 -0700 | [diff] [blame] | 29 | type qti_logkit, domain, mlstrustedsubject; |
| Mathew Winn | 1be1195 | 2015-10-20 11:37:33 -0700 | [diff] [blame] | 30 | init_daemon_domain(qti_logkit) |
| Ravi Kumar Siddojigari | c7def12 | 2017-06-13 00:49:19 +0530 | [diff] [blame] | 31 | type qti_logkit_exec, exec_type, vendor_file_type, file_type; |
| Mathew Winn | 1be1195 | 2015-10-20 11:37:33 -0700 | [diff] [blame] | 32 | |
| 33 | # self file access |
| 34 | allow qti_logkit qti_logkit_priv_data_file:dir create_dir_perms; |
| 35 | allow qti_logkit qti_logkit_priv_data_file:file create_file_perms; |
| 36 | allow qti_logkit qti_logkit_pub_data_file:dir create_dir_perms; |
| 37 | allow qti_logkit qti_logkit_pub_data_file:file create_file_perms; |
| 38 | |
| 39 | # self socket access |
| 40 | allow qti_logkit qti_logkit_priv_socket:sock_file create_file_perms; |
| Mathew Winn | c213db7 | 2016-02-11 11:18:01 -0800 | [diff] [blame] | 41 | allow qti_logkit qti_logkit_pub_socket:sock_file create_file_perms; |
| 42 | allow qti_logkit qti_logkit_pub_socket:dir create_dir_perms; |
| Mathew Winn | 1be1195 | 2015-10-20 11:37:33 -0700 | [diff] [blame] | 43 | allow qti_logkit qti_logkit_priv_socket:dir create_dir_perms; |
| 44 | |
| 45 | # allow socket connections to us |
| 46 | net_domain(qti_logkit) |
| 47 | |
| 48 | # ver_info.txt |
| 49 | r_dir_file(qti_logkit, firmware_file) |
| 50 | |
| 51 | # dmesg |
| 52 | allow qti_logkit kernel:system syslog_read; |
| 53 | |
| 54 | # QMUX |
| 55 | qmux_socket(qti_logkit) |
| 56 | |
| 57 | userdebug_or_eng(` |
| 58 | # ramdumps |
| 59 | allow qti_logkit ramdump_device:chr_file rw_file_perms; |
| Mathew Winn | c213db7 | 2016-02-11 11:18:01 -0800 | [diff] [blame] | 60 | |
| 61 | # drop root privs |
| 62 | allow qti_logkit self:capability { setuid setgid }; |
| Mark Lindner | a558590 | 2016-04-27 11:45:23 -0700 | [diff] [blame] | 63 | |
| 64 | # tcpdump |
| Biswajit Paul | 2d35d98 | 2017-02-01 17:40:10 -0800 | [diff] [blame] | 65 | allow qti_logkit self:packet_socket create_socket_perms_no_ioctl; |
| Mark Lindner | a558590 | 2016-04-27 11:45:23 -0700 | [diff] [blame] | 66 | allow qti_logkit self:capability net_raw; |
| Biswajit Paul | 277acbb | 2016-07-20 12:02:14 -0700 | [diff] [blame] | 67 | diag_use(qti_logkit) |
| Mathew Winn | 1be1195 | 2015-10-20 11:37:33 -0700 | [diff] [blame] | 68 | ') |
| 69 | |
| Ravi Kumar Siddojigari | c7def12 | 2017-06-13 00:49:19 +0530 | [diff] [blame] | 70 | #binder_use(qti_logkit) |
| 71 | allow qti_logkit vendor_shell_exec:file { rx_file_perms }; |
| Mathew Winn | 1be1195 | 2015-10-20 11:37:33 -0700 | [diff] [blame] | 72 | allow qti_logkit sysfs:file write; |
| 73 | allow qti_logkit system_file:file x_file_perms; |
| 74 | binder_call(qti_logkit, system_server) |
| 75 | |
| 76 | # allow logcat access |
| Ravi Kumar Siddojigari | c7def12 | 2017-06-13 00:49:19 +0530 | [diff] [blame] | 77 | #read_logd( qti_logkit ); |
| Clarence Wong | d79aea3 | 2016-10-07 14:41:04 -0700 | [diff] [blame] | 78 | |
| 79 | # allow access to recovery directory |
| 80 | allow qti_logkit cache_recovery_file:dir rw_dir_perms; |
| 81 | allow qti_logkit cache_recovery_file:file create_file_perms; |
| Clarence Wong | 703956a | 2018-01-17 19:55:38 -0800 | [diff] [blame] | 82 | |
| 83 | # allow qti_logkit for rawdump partition |
| 84 | allow qti_logkit block_device:dir r_dir_perms; |
| 85 | allow qti_logkit rawdump_block_device:blk_file rw_file_perms; |
| 86 | |
| 87 | # allow qti_logkit for sysfs emmc dload node |
| 88 | allow qti_logkit sysfs_emmc_dload:file rw_file_perms; |