From 02f64cf99f50405dbbd4ee3f3631c66ffd3bb5a6 Mon Sep 17 00:00:00 2001 From: Thomas Flucke Date: Fri, 23 Aug 2024 14:28:17 +0000 Subject: [PATCH] dumpstate: gsa: Add GSA logs to dumpstate New Stuff: * Add program to read the GSA logs Evidence: avc: denied { read } for comm="dump_gsa" name="gsa-log1" dev="tmpfs" ino=1261 scontext=u:r:dump_gsa:s0 tcontext=u:object_r:gsa_log_device:s0 tclass=chr_file permissive=0 avc: denied { read } for comm="dump_gsa" name="gsa-bl1-log2" dev="tmpfs" ino=1222 scontext=u:r:dump_gsa:s0 tcontext=u:object_r:gsa_log_device:s0 tclass=chr_file permissive=0 Bug: 360205716 Test: adb shell dumpstate and check the dumpstate_board.txt for GSA logs Flag: EXEMPT debug only Change-Id: I4ea35da7916273cf526570067f24145ef4fb14f1 Signed-off-by: Thomas Flucke --- gsa/Android.bp | 20 ++++++++++++++++++++ gsa/dump_gsa.cpp | 31 +++++++++++++++++++++++++++++++ gsa/gsa.mk | 3 +++ gsa/init.gsa.rc | 6 ++++++ gsa/sepolicy/gsa/dump_gsa.te | 6 ++++++ gsa/sepolicy/gsa/file.te | 2 ++ gsa/sepolicy/gsa/file_contexts | 4 ++++ 7 files changed, 72 insertions(+) create mode 100644 gsa/Android.bp create mode 100644 gsa/dump_gsa.cpp create mode 100644 gsa/gsa.mk create mode 100644 gsa/init.gsa.rc create mode 100644 gsa/sepolicy/gsa/dump_gsa.te create mode 100644 gsa/sepolicy/gsa/file.te create mode 100644 gsa/sepolicy/gsa/file_contexts diff --git a/gsa/Android.bp b/gsa/Android.bp new file mode 100644 index 0000000..59e0369 --- /dev/null +++ b/gsa/Android.bp @@ -0,0 +1,20 @@ +package { + default_applicable_licenses: ["Android-Apache-2.0"], +} + +cc_binary { + name: "dump_gsa", + srcs: ["dump_gsa.cpp"], + init_rc: ["init.gsa.rc"], + cflags: [ + "-Wall", + "-Wextra", + "-Werror", + "-pedantic", + ], + shared_libs: [ + "libdump", + ], + vendor: true, + relative_install_path: "dump", +} diff --git a/gsa/dump_gsa.cpp b/gsa/dump_gsa.cpp new file mode 100644 index 0000000..6308036 --- /dev/null +++ b/gsa/dump_gsa.cpp @@ -0,0 +1,31 @@ +/* + * Copyright 2024 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include +#include + +#define DIM(arr) (sizeof(arr) / sizeof(arr[0])) + +const char* paths[][2] = {{"GSA MAIN LOG", "/dev/gsa-log1"}, + {"GSA INTERMEDIATE LOG", "/dev/gsa-bl1-log2"}}; + +int main() { + for (size_t i = 0; i < DIM(paths); i++) { + if (!access(paths[i][1], R_OK)) { + dumpFileContent(paths[i][0], paths[i][1]); + } + } + return 0; +} diff --git a/gsa/gsa.mk b/gsa/gsa.mk new file mode 100644 index 0000000..1938c66 --- /dev/null +++ b/gsa/gsa.mk @@ -0,0 +1,3 @@ +BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gsa/sepolicy/gsa + +PRODUCT_PACKAGES += dump_gsa diff --git a/gsa/init.gsa.rc b/gsa/init.gsa.rc new file mode 100644 index 0000000..357144e --- /dev/null +++ b/gsa/init.gsa.rc @@ -0,0 +1,6 @@ +on init + # Change GSA log group for dumpstate + chmod 660 /dev/gsa-log1 + chmod 660 /dev/gsa-bl1-log2 + chown root system /dev/gsa-log1 + chown root system /dev/gsa-bl1-log2 diff --git a/gsa/sepolicy/gsa/dump_gsa.te b/gsa/sepolicy/gsa/dump_gsa.te new file mode 100644 index 0000000..dcc3ef6 --- /dev/null +++ b/gsa/sepolicy/gsa/dump_gsa.te @@ -0,0 +1,6 @@ +# GSA +pixel_bugreport(dump_gsa) + +userdebug_or_eng(` + allow dump_gsa gsa_log_device:chr_file r_file_perms; +') diff --git a/gsa/sepolicy/gsa/file.te b/gsa/sepolicy/gsa/file.te new file mode 100644 index 0000000..46a1732 --- /dev/null +++ b/gsa/sepolicy/gsa/file.te @@ -0,0 +1,2 @@ +# GSA +type gsa_log_device, dev_type; diff --git a/gsa/sepolicy/gsa/file_contexts b/gsa/sepolicy/gsa/file_contexts new file mode 100644 index 0000000..ad3a72d --- /dev/null +++ b/gsa/sepolicy/gsa/file_contexts @@ -0,0 +1,4 @@ +# GSA +/dev/gsa-log1 u:object_r:gsa_log_device:s0 +/dev/gsa-bl1-log2 u:object_r:gsa_log_device:s0 +/vendor/bin/dump/dump_gsa u:object_r:dump_gsa_exec:s0