From bf77ac2d1262f0cafef7b69d155a36e81c0f8528 Mon Sep 17 00:00:00 2001 From: Peng Qi Date: Sat, 18 Jan 2020 09:45:40 +0800 Subject: [PATCH] [ALPS03866092] BT HCI snoop log (2/2) [Detail] 1. Add selinux right for MTKLogger to able to connect Bluetooth via socket 2. Add selinux right for Bluetooth to set debug property for MTKLogger state check MTK-Commit-Id: db60d64b8ed91dfee48588fb5a32f2bedc2ba604 Change-Id: I31c5abb153c2bcd44a2dafca0f1f669e7310c3fe CR-Id: ALPS03866092 Feature: BT AOSP --- non_plat/bluetooth.te | 17 ++++++++++++++--- non_plat/platform_app.te | 3 +++ non_plat/property.te | 3 +++ non_plat/property_contexts | 3 +++ plat_private/bluetooth.te | 36 ++++++++++++++++++++++++++++++++++++ 5 files changed, 59 insertions(+), 3 deletions(-) create mode 100644 plat_private/bluetooth.te diff --git a/non_plat/bluetooth.te b/non_plat/bluetooth.te index e8aeffb..d0952ca 100644 --- a/non_plat/bluetooth.te +++ b/non_plat/bluetooth.te @@ -1,5 +1,5 @@ -# ============================================== -# MTK Policy Rule +# ============================================== +# MTK Policy Rule # ============================================== # Date:W17.07 @@ -7,4 +7,15 @@ # Purpose : bt hal interface permission binder_call(bluetooth, mtk_hal_bluetooth) -allow bluetooth storage_stub_file:dir getattr; \ No newline at end of file +allow bluetooth storage_stub_file:dir getattr; + +# Date: 2018/01/17 +#allow bluetooth to set property +set_prop(bluetooth, vendor_bluetooth_prop) +set_prop(bluetooth, debug_prop) + +# Date: 2018/02/02 +# Major permission allow are in /system/sepoplicy/private/bluetooth.te +# Add dir create perms for bluetooth on /data/misc/bluetooth/logs +allow bluetooth bluetooth_logs_data_file:dir { create_dir_perms relabelto }; +allow bluetooth bluetooth_logs_data_file:fifo_file { create_file_perms }; diff --git a/non_plat/platform_app.te b/non_plat/platform_app.te index f2cbee4..2c56dfd 100644 --- a/non_plat/platform_app.te +++ b/non_plat/platform_app.te @@ -26,6 +26,9 @@ allow platform_app mdlogger:unix_stream_socket connectto; allow platform_app emdlogger:unix_stream_socket connectto; allow platform_app cmddumper:unix_stream_socket connectto; unix_socket_connect(platform_app, netdiag, netdiag) +# Date: 2018/11/17 +# purpose: allow MTKLogger to control Bluetooth HCI log via socket +allow platform_app bluetooth:unix_stream_socket connectto; # Date : 2014/10/17 # Operation : Migration diff --git a/non_plat/property.te b/non_plat/property.te index da166c3..7f36909 100644 --- a/non_plat/property.te +++ b/non_plat/property.te @@ -167,3 +167,6 @@ type vendor_consyslogger_prop, property_type, mtk_core_property_type; #=============radio group property============= type vendor_radio_prop, property_type, mtk_core_property_type; + +#=============allow bluetooth============== +type vendor_bluetooth_prop, property_type, mtk_core_property_type; diff --git a/non_plat/property_contexts b/non_plat/property_contexts index 4a50344..8110d39 100644 --- a/non_plat/property_contexts +++ b/non_plat/property_contexts @@ -177,3 +177,6 @@ vendor.ril. u:object_r:vendor_radio_prop:s0 ro.vendor.ril. u:object_r:vendor_radio_prop:s0 vendor.gsm. u:object_r:vendor_radio_prop:s0 persist.vendor.radio. u:object_r:vendor_radio_prop:s0 + +#=============allow bluetooth============== +vendor.bthcisnoop u:object_r:vendor_bluetooth_prop:s0 diff --git a/plat_private/bluetooth.te b/plat_private/bluetooth.te new file mode 100644 index 0000000..dd16c15 --- /dev/null +++ b/plat_private/bluetooth.te @@ -0,0 +1,36 @@ +# ============================================== +# MTK Bluetooth Policy Rule +# Add permission only for platform system +# ============================================== + +# Date: 2018/02/02 +# Add permission for different storage types logging + +# permission in storage for legacy android M version +allow bluetooth mnt_user_file:dir search; +allow bluetooth mnt_user_file:lnk_file read; +allow bluetooth storage_file:lnk_file read; + +# purpose: allow access storage for legacy N version +allow bluetooth media_rw_data_file:file { create_file_perms }; +allow bluetooth media_rw_data_file:dir { create_dir_perms }; + +# permission for storage link access in vzw Project +allow bluetooth mnt_media_rw_file:dir search; + +# for logging sdcard access +allow bluetooth sdcard_type:dir { create_dir_perms }; +allow bluetooth sdcard_type:file { create_file_perms }; +allow bluetooth sdcardfs:dir { create_dir_perms }; +allow bluetooth sdcardfs:file { create_file_perms }; +allow bluetooth rootfs:lnk_file getattr; + +allow bluetooth fuse:dir { create_dir_perms }; +allow bluetooth fuse:file { create_file_perms }; + +# permission for storage access storage +allow bluetooth vfat:dir create_dir_perms; +allow bluetooth vfat:file create_file_perms; +allow bluetooth storage_file:dir { create_dir_perms }; +allow bluetooth tmpfs:lnk_file read; +allow bluetooth storage_file:file { create_file_perms };