android_device_mediatek_sep.../non_plat/connsyslogger.te


# Policy File of /vendor/bin/connsyslogger Executable File

# ==============================================
# Type Declaration
# ==============================================
type connsyslogger,domain;
type connsyslogger_exec, exec_type, file_type, vendor_file_type;
typeattribute connsyslogger mlstrustedsubject;

# ==============================================
# MTK Policy Rule
# ==============================================
init_daemon_domain(connsyslogger)


#allow connsyslogger to set property
allow connsyslogger vendor_consyslogger_prop:property_service set;
#allow connsyslogger debug_prop:property_service set;
allow connsyslogger persist_mtklog_prop:property_service set;
#allow connsyslogger system_radio_prop:property_service set;

#stpwmt device for connsyslogger
allow connsyslogger stpwmt_device:chr_file { rw_file_perms };


#for logging sdcard access
allow connsyslogger fuse:dir { create_dir_perms };
allow connsyslogger fuse:file { create_file_perms };

#consys logger access on /data/consyslog
allow connsyslogger consyslog_data_file:dir { create_dir_perms relabelto };
allow connsyslogger consyslog_data_file:fifo_file { create_file_perms };
allow connsyslogger consyslog_data_file:file { create_file_perms };
#allow connsyslogger system_data_file:dir { create_dir_perms relabelfrom};

#file_type_auto_trans(connsyslogger, system_data_file, consyslog_data_file)

#consys logger socket access
allow connsyslogger property_socket:sock_file write;
allow connsyslogger init:unix_stream_socket connectto;
#allow connsyslogger platform_app:unix_stream_socket connectto;
#allow connsyslogger shell_exec:file { rx_file_perms };
#allow connsyslogger system_file:file execute_no_trans;
#allow connsyslogger zygote_exec:file { rx_file_perms };

allow connsyslogger tmpfs:lnk_file { create_file_perms };

# purpose: avc: denied { read } for name="plat_file_contexts"
allow connsyslogger file_contexts_file:file { read getattr open };

#logger SD logging in factory mode
allow connsyslogger vfat:dir create_dir_perms;
allow connsyslogger vfat:file create_file_perms;

#logger permission in storage in android M version
allow connsyslogger mnt_user_file:dir search;
allow connsyslogger mnt_user_file:lnk_file read;
allow connsyslogger storage_file:lnk_file read;
#allow connsyslogger self:capability { chown dac_override };
allow connsyslogger proc:file {setattr write read open};

#permission for use SELinux API
allow connsyslogger rootfs:file r_file_perms;

#permission for storage access storage
allow connsyslogger storage_file:dir { create_dir_perms };
allow connsyslogger storage_file:file { create_file_perms };

#permission for read boot mode
allow connsyslogger sysfs_boot:file { read open };

allow connsyslogger fw_log_wifi_device:chr_file {read write open ioctl};
allow connsyslogger fw_log_bt_device:chr_file {read write open ioctl};
allow connsyslogger fw_log_gps_device:chr_file {read write open ioctl};
allow connsyslogger fw_log_wmt_device:chr_file {read write open ioctl};

allow connsyslogger sdcardfs:dir { create_dir_perms };
allow connsyslogger sdcardfs:file { create_file_perms };
allow connsyslogger rootfs:lnk_file getattr;

#allow connsyslogger media_rw_data_file:file  { create_file_perms };
#allow connsyslogger media_rw_data_file:dir { create_dir_perms };
[ALPS03866092] connsys log support Selinux:porting code to P branch MTK-Commit-Id: 507ec96911d24544a769fec4126a8582eb7246c9 Change-Id: I5104eb3e3de8a13e060f4af2db6c88f4dd669429 CR-Id: ALPS03866092 Feature: Connsys Log Tool 2020-01-18 09:36:45 +08:00
			`# Policy File of /vendor/bin/connsyslogger Executable File`

			`# ==============================================`
			`# Type Declaration`
			`# ==============================================`
			`type connsyslogger,domain;`
			`type connsyslogger_exec, exec_type, file_type, vendor_file_type;`
			`typeattribute connsyslogger mlstrustedsubject;`

			`# ==============================================`
			`# MTK Policy Rule`
			`# ==============================================`
			`init_daemon_domain(connsyslogger)`


			`#allow connsyslogger to set property`
			`allow connsyslogger vendor_consyslogger_prop:property_service set;`
[ALPS03881723] Workaround build error [Detail] vendor binary cannot set debug_prop after enabling PRODUCT_COMPATIBLE_PROPERTY_OVERRIDE [Solution] Mark it MTK-Commit-Id: ab4a34b8a5afdef574ac2f42464925832328d48b CR-Id: ALPS03881723 Feature: [Android Default] SELinux, SEAndroid, and SE-MTK Change-Id: I9bed16503eb2d1e3f31f1225d58c99b42ca61940 2020-01-18 09:41:26 +08:00			`#allow connsyslogger debug_prop:property_service set;`
[ALPS03866092] connsys log support Selinux:porting code to P branch MTK-Commit-Id: 507ec96911d24544a769fec4126a8582eb7246c9 Change-Id: I5104eb3e3de8a13e060f4af2db6c88f4dd669429 CR-Id: ALPS03866092 Feature: Connsys Log Tool 2020-01-18 09:36:45 +08:00			`allow connsyslogger persist_mtklog_prop:property_service set;`
			`#allow connsyslogger system_radio_prop:property_service set;`

			`#stpwmt device for connsyslogger`
			`allow connsyslogger stpwmt_device:chr_file { rw_file_perms };`


			`#for logging sdcard access`
			`allow connsyslogger fuse:dir { create_dir_perms };`
			`allow connsyslogger fuse:file { create_file_perms };`

			`#consys logger access on /data/consyslog`
			`allow connsyslogger consyslog_data_file:dir { create_dir_perms relabelto };`
			`allow connsyslogger consyslog_data_file:fifo_file { create_file_perms };`
			`allow connsyslogger consyslog_data_file:file { create_file_perms };`
			`#allow connsyslogger system_data_file:dir { create_dir_perms relabelfrom};`

			`#file_type_auto_trans(connsyslogger, system_data_file, consyslog_data_file)`

			`#consys logger socket access`
			`allow connsyslogger property_socket:sock_file write;`
			`allow connsyslogger init:unix_stream_socket connectto;`
			`#allow connsyslogger platform_app:unix_stream_socket connectto;`
			`#allow connsyslogger shell_exec:file { rx_file_perms };`
			`#allow connsyslogger system_file:file execute_no_trans;`
			`#allow connsyslogger zygote_exec:file { rx_file_perms };`

			`allow connsyslogger tmpfs:lnk_file { create_file_perms };`

			`# purpose: avc: denied { read } for name="plat_file_contexts"`
			`allow connsyslogger file_contexts_file:file { read getattr open };`

			`#logger SD logging in factory mode`
			`allow connsyslogger vfat:dir create_dir_perms;`
			`allow connsyslogger vfat:file create_file_perms;`

			`#logger permission in storage in android M version`
			`allow connsyslogger mnt_user_file:dir search;`
			`allow connsyslogger mnt_user_file:lnk_file read;`
			`allow connsyslogger storage_file:lnk_file read;`
			`#allow connsyslogger self:capability { chown dac_override };`
			`allow connsyslogger proc:file {setattr write read open};`

			`#permission for use SELinux API`
			`allow connsyslogger rootfs:file r_file_perms;`

			`#permission for storage access storage`
			`allow connsyslogger storage_file:dir { create_dir_perms };`
			`allow connsyslogger storage_file:file { create_file_perms };`

			`#permission for read boot mode`
			`allow connsyslogger sysfs_boot:file { read open };`

			`allow connsyslogger fw_log_wifi_device:chr_file {read write open ioctl};`
			`allow connsyslogger fw_log_bt_device:chr_file {read write open ioctl};`
			`allow connsyslogger fw_log_gps_device:chr_file {read write open ioctl};`
			`allow connsyslogger fw_log_wmt_device:chr_file {read write open ioctl};`

			`allow connsyslogger sdcardfs:dir { create_dir_perms };`
			`allow connsyslogger sdcardfs:file { create_file_perms };`
			`allow connsyslogger rootfs:lnk_file getattr;`

			`#allow connsyslogger media_rw_data_file:file { create_file_perms };`
			`#allow connsyslogger media_rw_data_file:dir { create_dir_perms };`