[ALPS04649268] Move SELINUX policies to plat_private

These policies are for system process, as a result, move it to plat_private folder. MTK-Commit-Id: 46e87002024d5675d566dd59f77cbde9c69bdd37 Change-Id: I9c2b72136d1f1c3062f0ac6b174c8334b1965e80 CR-Id: ALPS04649268 Feature: Mobile Log Tool
2020-01-18 10:16:47 +08:00 · 2020-01-18 10:16:47 +08:00 · 7574cf2c9c
commit 7574cf2c9c
parent 4a346a24a8
13 changed files with 22 additions and 22 deletions
--- a/non_plat/adbd.te
+++ b/non_plat/adbd.te
@ -11,5 +11,3 @@ allow adbd aee_dumpsys_data_file:file r_file_perms;
 allow adbd aee_exp_data_file:dir r_dir_perms;
 allow adbd aee_exp_data_file:file r_file_perms;
 allow adbd gpu_device:dir search;
-allow adbd debuglog_data_file:dir r_dir_perms;
-allow adbd debuglog_data_file:file r_file_perms;
--- a/non_plat/connsyslogger.te
+++ b/non_plat/connsyslogger.te
@ -4,15 +4,11 @@
 # ==============================================
 # Type Declaration
 # ==============================================
-type connsyslogger,domain;
-type connsyslogger_exec, system_file_type, exec_type, file_type;
-typeattribute connsyslogger coredomain;
 # Purpose : for create hidl server
 #hal_server_domain(connsyslogger, mtk_hal_log)
 # ==============================================
 # MTK Policy Rule
 # ==============================================
-init_daemon_domain(connsyslogger)

 #for logging sdcard access
 allow connsyslogger fuse:dir { create_dir_perms };
@ -84,9 +80,4 @@ allow connsyslogger node:tcp_socket node_bind;
 # usb device ttyGSx for modem logger usb logging
 allow connsyslogger ttyGS_device:chr_file { rw_file_perms};

-#Date:2019/06/27
-#access data/debuglog
-allow connsyslogger debuglog_data_file:dir {relabelto create_dir_perms};
-allow connsyslogger debuglog_data_file:file create_file_perms;
-

--- a/non_plat/file.te
+++ b/non_plat/file.te
@ -118,8 +118,6 @@ type logmisc_data_file, file_type, data_file_type, core_data_file_type;
 #mobilelog data/log_temp
 type logtemp_data_file, file_type, data_file_type, core_data_file_type;

-type debuglog_data_file, file_type, data_file_type, core_data_file_type;
-
 # NE core_forwarder
 type aee_core_data_file, file_type, data_file_type, core_data_file_type;
 type aee_core_vendor_file, file_type, data_file_type;
--- a/non_plat/file_contexts
+++ b/non_plat/file_contexts
@ -37,7 +37,6 @@
 /data/extmdl(/.*)? u:object_r:mdlog_data_file:s0
 #/data/http-proxy-cfg(/.*)? u:object_r:http_proxy_cfg_data_file:s0
 /data/log_temp(/.*)? u:object_r:logtemp_data_file:s0
-/data/debuglogger(/.*)? u:object_r:debuglog_data_file:s0
 #/data/lost\+found(/.*)? u:object_r:lost_found_data_file:s0
 /data/mdlog(/.*)? u:object_r:mdlog_data_file:s0
 /data/mdl(/.*)? u:object_r:mdlog_data_file:s0
--- a/non_plat/mobile_log_d.te
+++ b/non_plat/mobile_log_d.te
@ -59,9 +59,3 @@ allow mobile_log_d node:tcp_socket node_bind;

 # purpose: allow mobile_log_d to read system property init.svc.vendor.
 get_prop(mobile_log_d, vendor_default_prop)
-
-#data/debuglog
-allow mobile_log_d debuglog_data_file:dir {relabelto create_dir_perms};
-allow mobile_log_d debuglog_data_file:file create_file_perms;
-allow mobile_log_d system_data_file:dir create_dir_perms;
-file_type_auto_trans(mobile_log_d, system_data_file, debuglog_data_file)
--- a/non_plat/shell.te
+++ b/non_plat/shell.te
@ -18,8 +18,6 @@ allow shell aee_exp_vendor_file:dir r_dir_perms;
 allow shell aee_exp_vendor_file:file r_file_perms;
 allow shell aee_exp_data_file:dir r_dir_perms;
 allow shell aee_exp_data_file:file r_file_perms;
-allow shell debuglog_data_file:dir r_dir_perms;
-allow shell debuglog_data_file:file r_file_perms;

 get_prop(shell, mobile_log_prop)
 get_prop(shell, persist_mtk_aee_prop);
--- a/plat_private/adbd.te
+++ b/plat_private/adbd.te
@ -0,0 +1,2 @@
+allow adbd debuglog_data_file:dir r_dir_perms;
+allow adbd debuglog_data_file:file r_file_perms;
--- a/plat_private/connsyslogger.te
+++ b/plat_private/connsyslogger.te
@ -0,0 +1,8 @@
+typeattribute connsyslogger coredomain;
+type connsyslogger_exec, system_file_type, exec_type, file_type;
+init_daemon_domain(connsyslogger)
+
+#Date:2019/06/27
+#access data/debuglog
+allow connsyslogger debuglog_data_file:dir {relabelto create_dir_perms};
+allow connsyslogger debuglog_data_file:file create_file_perms;
--- a/plat_private/file.te
+++ b/plat_private/file.te
@ -16,3 +16,5 @@ type access_sys_file, fs_type, sysfs_type;
 # Operation : Save modem db and filter into data partition
 # Purpose : For Modem db and filter file
 type mddb_filter_data_file, file_type, data_file_type, core_data_file_type;
+
+type debuglog_data_file, file_type, data_file_type, core_data_file_type;
--- a/plat_private/file_contexts
+++ b/plat_private/file_contexts
@ -3,6 +3,7 @@
 #

 /data/system_de/mdfilter(/.*)? u:object_r:mddb_filter_data_file:s0
+/data/debuglogger(/.*)? u:object_r:debuglog_data_file:s0
 #############################
 # debugfs files
 #
--- a/plat_private/mobile_log_d.te
+++ b/plat_private/mobile_log_d.te
@ -75,3 +75,9 @@ allow mobile_log_d debugfs_tracing:dir create_dir_perms;
 #allow mobile_log_d debugfs_tracing:file create_file_perms;
 allow mobile_log_d debugfs_tracing_instances:dir create_dir_perms;
 allow mobile_log_d debugfs_tracing_instances:file create_file_perms;
+
+#data/debuglog
+allow mobile_log_d debuglog_data_file:dir {relabelto create_dir_perms};
+allow mobile_log_d debuglog_data_file:file create_file_perms;
+allow mobile_log_d system_data_file:dir create_dir_perms;
+file_type_auto_trans(mobile_log_d, system_data_file, debuglog_data_file)
--- a/plat_private/shell.te
+++ b/plat_private/shell.te
@ -0,0 +1,2 @@
+allow shell debuglog_data_file:dir r_dir_perms;
+allow shell debuglog_data_file:file r_file_perms;
--- a/plat_public/connsyslogger.te
+++ b/plat_public/connsyslogger.te
@ -0,0 +1 @@
+type connsyslogger,domain;