typeattribute logd coredomain;

init_daemon_domain(logd)

# Access device logging gating property
get_prop(logd, device_logging_prop)

# logd is not allowed to write anywhere other than /data/misc/logd, and then
# only on userdebug or eng builds
neverallow logd {
  file_type
  -runtime_event_log_tags_file
  # shell_data_file access is needed to dump bugreports
  -shell_data_file
  userdebug_or_eng(`-coredump_file -misc_logd_file')
  with_native_coverage(`-method_trace_data_file')
}:file { create write append };

# protect the event-log-tags file
neverallow {
  domain
  -appdomain # covered below
  -bootstat
  -dumpstate
  -init
  -logd
  userdebug_or_eng(`-logpersist')
  -servicemanager
  -system_server
  -surfaceflinger
  -zygote
} runtime_event_log_tags_file:file no_rw_file_perms;

neverallow {
  appdomain
  -bluetooth
  -platform_app
  -priv_app
  -radio
  -shell
  userdebug_or_eng(`-su')
  -system_app
} runtime_event_log_tags_file:file no_rw_file_perms;

# Only binder communication between logd and system_server is allowed
binder_use(logd)
binder_service(logd)
binder_call(logd, system_server)

add_service(logd, logd_service)
allow logd logcat_service:service_manager find;