Simplify /dev/kmsg SELinux policy.

Bug: http://b/30317429 Change-Id: I5c499c48d5e321ebdf588a162d29e949935ad8ee Test: adb shell dmesg | grep ueventd
2016-07-26 09:46:20 -07:00 · 2016-07-26 09:46:20 -07:00 · 63b33dc2db
commit 63b33dc2db
parent 23d703eee3
4 changed files with 3 additions and 8 deletions
--- a/device.te
+++ b/device.te
@ -51,7 +51,6 @@ type uio_device, dev_type;
 type tun_device, dev_type, mlstrustedobject;
 type usbaccessory_device, dev_type, mlstrustedobject;
 type usb_device, dev_type, mlstrustedobject;
-type klog_device, dev_type;
 type properties_device, dev_type;
 type properties_serial, dev_type;
 type i2c_device, dev_type;
--- a/1
+++ b/1
@ -136,7 +136,6 @@
 /dev/watchdog		u:object_r:watchdog_device:s0
 /dev/xt_qtaguid	u:object_r:qtaguid_device:s0
 /dev/zero		u:object_r:zero_device:s0
-/dev/__kmsg__		u:object_r:klog_device:s0
 /dev/__properties__ u:object_r:properties_device:s0
 #############################
 # System files
--- a/kernel.te
+++ b/kernel.te
@ -41,8 +41,7 @@ allow kernel self:capability sys_resource;
 allow kernel self:capability sys_boot;
 allow kernel proc_sysrq:file w_file_perms;

-# Allow writing to /dev/__kmsg__ which was created prior to
-# loading policy
+# Allow writing to /dev/kmsg which was created prior to loading policy.
 allow kernel tmpfs:chr_file write;

 # Set checkreqprot by init.rc prior to switching to init domain.
--- a/ueventd.te
+++ b/ueventd.te
@ -3,10 +3,8 @@
 type ueventd, domain, domain_deprecated;
 tmpfs_domain(ueventd)

-# TODO: why is ueventd using __kmsg__ when it should just create
-# and use /dev/kmsg instead?
-type_transition ueventd device:chr_file klog_device "__kmsg__";
-allow ueventd klog_device:chr_file { create open write unlink };
+# Write to /dev/kmsg.
+allow ueventd kmsg_device:chr_file rw_file_perms;

 allow ueventd self:capability { chown mknod net_admin setgid fsetid sys_rawio dac_override fowner };
 allow ueventd device:file create_file_perms;