PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow update_engine to access /data/misc/update_engine_log

Browse Source 
Add label update_engine_log_data_file for log files created by
update engine in directory /data/misc/update_engine_log.

Bug: 65568605
Test: manual
Change-Id: I379db82a0ea540e41cb3b8e03f93d9ce64fac7c9
This commit is contained in:
Hakan Kvist 2017-11-06 12:56:00 +01:00 committed by Tianjie Xu
parent aa93dad669
commit 6fe014f8cb
4 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
private/compat/26.0/26.0.ignore.cil
View File

@ -34,6 +34,7 @@
thermalserviced_tmpfs
timezone_service
tombstoned_java_trace_socket
update_engine_log_data_file
vendor_init
vold_prepare_subdirs
vold_prepare_subdirs_exec

1
private/file_contexts
View File

@ -387,6 +387,7 @@
/data/misc/vold(/.*)? u:object_r:vold_data_file:s0
/data/misc/perfprofd(/.*)? u:object_r:perfprofd_data_file:s0
/data/misc/update_engine(/.*)? u:object_r:update_engine_data_file:s0
/data/misc/update_engine_log(/.*)? u:object_r:update_engine_log_data_file:s0
/data/system/heapdump(/.*)? u:object_r:heapdump_data_file:s0
/data/misc/trace(/.*)? u:object_r:method_trace_data_file:s0
# TODO(calin) label profile reference differently so that only

1
public/file.te
View File

@ -240,6 +240,7 @@ type vold_data_file, file_type, data_file_type, core_data_file_type;
type perfprofd_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
type tee_data_file, file_type, data_file_type;
type update_engine_data_file, file_type, data_file_type, core_data_file_type;
type update_engine_log_data_file, file_type, data_file_type, core_data_file_type;
# /data/misc/trace for method traces on userdebug / eng builds
type method_trace_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;

8
public/update_engine.te
View File

@ -20,8 +20,12 @@ wakelock_use(update_engine);
dontaudit update_engine kernel:process setsched;
# Allow using persistent storage in /data/misc/update_engine.
allow update_engine update_engine_data_file:dir { create_dir_perms };
allow update_engine update_engine_data_file:file { create_file_perms };
allow update_engine update_engine_data_file:dir create_dir_perms;
allow update_engine update_engine_data_file:file create_file_perms;
# Allow using persistent storage in /data/misc/update_engine_log.
allow update_engine update_engine_log_data_file:dir create_dir_perms;
allow update_engine update_engine_log_data_file:file create_file_perms;
# Don't allow kernel module loading, just silence the logs.
dontaudit update_engine kernel:system module_request;