[ALPS03886572] Mobile Log selinux rule porting
[Detail] Mobile Log selinux rule porting: 1. fix the violation on P 2. relable some kernel interfaces. MTK-Commit-Id: 4108ed13f3e7693c3642b6f073c5444f133b3c38 Change-Id: I1fac185779510f10b9b94bdf6ec40573237d846a CR-Id: ALPS03886572 Feature: Mobile Log Tool
This commit is contained in:
Yuxian Xu
Yuxian Xu (徐玉显)
parent
35d89a9938
commit
af8b6473d2
@ -61,6 +61,11 @@ type proc_cpu_alignment, fs_type;
|
|||||||
type proc_gpulog, fs_type;
|
type proc_gpulog, fs_type;
|
||||||
type proc_sched_debug, fs_type;
|
type proc_sched_debug, fs_type;
|
||||||
type proc_hw_ver, fs_type;
|
type proc_hw_ver, fs_type;
|
||||||
|
type proc_atf_log, fs_type, proc_type;
|
||||||
|
type proc_gz_log, fs_type, proc_type;
|
||||||
|
type proc_last_kmsg, fs_type, proc_type;
|
||||||
|
type proc_bootprof, fs_type, proc_type;
|
||||||
|
type proc_pl_lk, fs_type, proc_type;
|
||||||
type sysfs_therm, fs_type, sysfs_type;
|
type sysfs_therm, fs_type, sysfs_type;
|
||||||
type sysfs_fps, fs_type, sysfs_type;
|
type sysfs_fps, fs_type, sysfs_type;
|
||||||
type sysfs_ccci, fs_type, sysfs_type;
|
type sysfs_ccci, fs_type, sysfs_type;
|
||||||
@ -93,10 +98,10 @@ type mediacodec_data_file, file_type, data_file_type;
|
|||||||
|
|
||||||
|
|
||||||
#mobilelog data/misc/mblog
|
#mobilelog data/misc/mblog
|
||||||
type logmisc_data_file, file_type, data_file_type;
|
type logmisc_data_file, file_type, data_file_type, core_data_file_type;
|
||||||
|
|
||||||
#mobilelog data/log_temp
|
#mobilelog data/log_temp
|
||||||
type logtemp_data_file, file_type, data_file_type;
|
type logtemp_data_file, file_type, data_file_type, core_data_file_type;
|
||||||
|
|
||||||
# NE core_forwarder
|
# NE core_forwarder
|
||||||
type aee_core_data_file, file_type, data_file_type, core_data_file_type;
|
type aee_core_data_file, file_type, data_file_type, core_data_file_type;
|
||||||
|
|||||||
@ -36,7 +36,7 @@
|
|||||||
/data/vendor/dumpsys(/.*)? u:object_r:aee_dumpsys_vendor_file:s0
|
/data/vendor/dumpsys(/.*)? u:object_r:aee_dumpsys_vendor_file:s0
|
||||||
/data/extmdl(/.*)? u:object_r:mdlog_data_file:s0
|
/data/extmdl(/.*)? u:object_r:mdlog_data_file:s0
|
||||||
#/data/http-proxy-cfg(/.*)? u:object_r:http_proxy_cfg_data_file:s0
|
#/data/http-proxy-cfg(/.*)? u:object_r:http_proxy_cfg_data_file:s0
|
||||||
#/data/log_temp(/.*)? u:object_r:logtemp_data_file:s0
|
/data/log_temp(/.*)? u:object_r:logtemp_data_file:s0
|
||||||
#/data/lost\+found(/.*)? u:object_r:lost_found_data_file:s0
|
#/data/lost\+found(/.*)? u:object_r:lost_found_data_file:s0
|
||||||
/data/mdlog(/.*)? u:object_r:mdlog_data_file:s0
|
/data/mdlog(/.*)? u:object_r:mdlog_data_file:s0
|
||||||
/data/mdl(/.*)? u:object_r:mdlog_data_file:s0
|
/data/mdl(/.*)? u:object_r:mdlog_data_file:s0
|
||||||
@ -64,7 +64,7 @@
|
|||||||
|
|
||||||
# Misc data
|
# Misc data
|
||||||
#/data/misc/acdapi(/.*)? u:object_r:acdapi_data_file:s0
|
#/data/misc/acdapi(/.*)? u:object_r:acdapi_data_file:s0
|
||||||
#/data/misc/mblog(/.*)? u:object_r:logmisc_data_file:s0
|
/data/misc/mblog(/.*)? u:object_r:logmisc_data_file:s0
|
||||||
#/data/misc/ppp(/.*)? u:object_r:ppp_data_file:s0
|
#/data/misc/ppp(/.*)? u:object_r:ppp_data_file:s0
|
||||||
#/data/misc/radvd(/.*)? u:object_r:radvd_data_file:s0
|
#/data/misc/radvd(/.*)? u:object_r:radvd_data_file:s0
|
||||||
#/data/misc/sensor(/.*)? u:object_r:sensor_data_file:s0
|
#/data/misc/sensor(/.*)? u:object_r:sensor_data_file:s0
|
||||||
@ -476,7 +476,7 @@
|
|||||||
/sys/firmware/devicetree/base/chosen/atag\,devinfo u:object_r:sysfs_devinfo:s0
|
/sys/firmware/devicetree/base/chosen/atag\,devinfo u:object_r:sysfs_devinfo:s0
|
||||||
/sys/devices/virtual/thermal(/.*)? u:object_r:sysfs_therm:s0
|
/sys/devices/virtual/thermal(/.*)? u:object_r:sysfs_therm:s0
|
||||||
/sys/devices/virtual/switch/fps(/.*)? u:object_r:sysfs_fps:s0
|
/sys/devices/virtual/switch/fps(/.*)? u:object_r:sysfs_fps:s0
|
||||||
/sys/class/BOOT/BOOT/boot/boot_mode(/.*)? u:object_r:sysfs_boot:s0
|
/sys/devices/virtual/BOOT/BOOT/boot/boot_mode(/.*)? u:object_r:sysfs_boot:s0
|
||||||
/sys/bus/platform/drivers/meta_com_type_info/meta_com_type_info(/.*)? u:object_r:sysfs_comport_type:s0
|
/sys/bus/platform/drivers/meta_com_type_info/meta_com_type_info(/.*)? u:object_r:sysfs_comport_type:s0
|
||||||
/sys/bus/platform/drivers/meta_uart_port_info/meta_uart_port_info(/.*)? u:object_r:sysfs_uart_info:s0
|
/sys/bus/platform/drivers/meta_uart_port_info/meta_uart_port_info(/.*)? u:object_r:sysfs_uart_info:s0
|
||||||
|
|
||||||
|
|||||||
@ -25,6 +25,11 @@ genfscon proc /gpulog u:object_r:proc_gpulog:s0
|
|||||||
genfscon proc /cpu/alignment u:object_r:proc_cpu_alignment:s0
|
genfscon proc /cpu/alignment u:object_r:proc_cpu_alignment:s0
|
||||||
genfscon proc /sched_debug u:object_r:proc_sched_debug:s0
|
genfscon proc /sched_debug u:object_r:proc_sched_debug:s0
|
||||||
genfscon proc /chip/hw_ver u:object_r:proc_hw_ver:s0
|
genfscon proc /chip/hw_ver u:object_r:proc_hw_ver:s0
|
||||||
|
genfscon proc /atf_log u:object_r:proc_atf_log:s0
|
||||||
|
genfscon proc /gz_log u:object_r:proc_gz_log:s0
|
||||||
|
genfscon proc /last_kmsg u:object_r:proc_last_kmsg:s0
|
||||||
|
genfscon proc /bootprof u:object_r:proc_bootprof:s0
|
||||||
|
genfscon proc /pl_lk u:object_r:proc_pl_lk:s0
|
||||||
|
|
||||||
genfscon iso9660 / u:object_r:iso9660:s0
|
genfscon iso9660 / u:object_r:iso9660:s0
|
||||||
genfscon rawfs / u:object_r:rawfs:s0
|
genfscon rawfs / u:object_r:rawfs:s0
|
||||||
|
|||||||
@ -1,3 +1,17 @@
|
|||||||
|
# boot_mdoe file access
|
||||||
|
allow mobile_log_d sysfs_boot:file { open read };
|
||||||
|
|
||||||
|
#proc/ access
|
||||||
|
#allow mobile_log_d proc:file r_file_perms;
|
||||||
|
allow mobile_log_d proc_kmsg:file r_file_perms;
|
||||||
|
allow mobile_log_d proc_cmdline:file r_file_perms;
|
||||||
|
allow mobile_log_d proc_atf_log:dir search;
|
||||||
|
allow mobile_log_d proc_atf_log:file r_file_perms;
|
||||||
|
allow mobile_log_d proc_gz_log:file r_file_perms;
|
||||||
|
allow mobile_log_d proc_last_kmsg:file r_file_perms;
|
||||||
|
allow mobile_log_d proc_bootprof:file r_file_perms;
|
||||||
|
allow mobile_log_d proc_pl_lk:file r_file_perms;
|
||||||
|
|
||||||
#scp
|
#scp
|
||||||
allow mobile_log_d sysfs_scp:file { open write };
|
allow mobile_log_d sysfs_scp:file { open write };
|
||||||
allow mobile_log_d sysfs_scp:dir search;
|
allow mobile_log_d sysfs_scp:dir search;
|
||||||
@ -9,7 +23,6 @@ allow mobile_log_d sysfs_sspm:dir search;
|
|||||||
allow mobile_log_d sspm_device:chr_file { read open };
|
allow mobile_log_d sspm_device:chr_file { read open };
|
||||||
|
|
||||||
#data/misc/mblog
|
#data/misc/mblog
|
||||||
typeattribute mobile_log_d data_between_core_and_vendor_violators;
|
|
||||||
allow mobile_log_d logmisc_data_file:dir { relabelto create_dir_perms };
|
allow mobile_log_d logmisc_data_file:dir { relabelto create_dir_perms };
|
||||||
allow mobile_log_d logmisc_data_file:file create_file_perms;
|
allow mobile_log_d logmisc_data_file:file create_file_perms;
|
||||||
|
|
||||||
|
|||||||
@ -23,6 +23,7 @@ unix_socket_connect(mobile_log_d, logdr, logd);
|
|||||||
|
|
||||||
#capability
|
#capability
|
||||||
#allow mobile_log_d self:capability { setuid setgid chown dac_read_search dac_override fowner fsetid };
|
#allow mobile_log_d self:capability { setuid setgid chown dac_read_search dac_override fowner fsetid };
|
||||||
|
allow mobile_log_d self:capability { setuid chown setgid };
|
||||||
allow mobile_log_d self:capability2 syslog;
|
allow mobile_log_d self:capability2 syslog;
|
||||||
|
|
||||||
#aee mode switch
|
#aee mode switch
|
||||||
@ -59,12 +60,6 @@ allow mobile_log_d device_logging_prop:file { getattr open };
|
|||||||
allow mobile_log_d mmc_prop:file { getattr open };
|
allow mobile_log_d mmc_prop:file { getattr open };
|
||||||
allow mobile_log_d safemode_prop:file { getattr open };
|
allow mobile_log_d safemode_prop:file { getattr open };
|
||||||
|
|
||||||
#proc/ access
|
|
||||||
#allow mobile_log_d proc:file r_file_perms;
|
|
||||||
|
|
||||||
# boot_mdoe file access
|
|
||||||
#allow mobile_log_d sysfs:file { open read };
|
|
||||||
|
|
||||||
# purpose: allow MobileLog to access storage in N version
|
# purpose: allow MobileLog to access storage in N version
|
||||||
allow mobile_log_d media_rw_data_file:file create_file_perms;
|
allow mobile_log_d media_rw_data_file:file create_file_perms;
|
||||||
allow mobile_log_d media_rw_data_file:dir create_dir_perms;
|
allow mobile_log_d media_rw_data_file:dir create_dir_perms;
|
||||||
|
|||||||
@ -23,6 +23,7 @@ unix_socket_connect(mobile_log_d, logdr, logd);
|
|||||||
|
|
||||||
#capability
|
#capability
|
||||||
#allow mobile_log_d self:capability { setuid setgid chown dac_read_search dac_override fowner fsetid };
|
#allow mobile_log_d self:capability { setuid setgid chown dac_read_search dac_override fowner fsetid };
|
||||||
|
allow mobile_log_d self:capability { setuid chown setgid };
|
||||||
allow mobile_log_d self:capability2 syslog;
|
allow mobile_log_d self:capability2 syslog;
|
||||||
|
|
||||||
#aee mode switch
|
#aee mode switch
|
||||||
@ -59,12 +60,6 @@ allow mobile_log_d device_logging_prop:file { getattr open };
|
|||||||
allow mobile_log_d mmc_prop:file { getattr open };
|
allow mobile_log_d mmc_prop:file { getattr open };
|
||||||
allow mobile_log_d safemode_prop:file { getattr open };
|
allow mobile_log_d safemode_prop:file { getattr open };
|
||||||
|
|
||||||
#proc/ access
|
|
||||||
#allow mobile_log_d proc:file r_file_perms;
|
|
||||||
|
|
||||||
# boot_mdoe file access
|
|
||||||
#allow mobile_log_d sysfs:file { open read };
|
|
||||||
|
|
||||||
# purpose: allow MobileLog to access storage in N version
|
# purpose: allow MobileLog to access storage in N version
|
||||||
allow mobile_log_d media_rw_data_file:file create_file_perms;
|
allow mobile_log_d media_rw_data_file:file create_file_perms;
|
||||||
allow mobile_log_d media_rw_data_file:dir create_dir_perms;
|
allow mobile_log_d media_rw_data_file:dir create_dir_perms;
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user