storage: fix adb bugreport and refactor the existing rules
avc: denied { getattr } for comm="df" path="/mnt/vendor/persist" dev="sda15" ino=2 scontext=u:r:dumpstate:s0 tcontext=u:object_r:persist_file:s0 tclass=dir permissive=1
avc: denied { call } for comm="binder:10121_3" scontext=u:r:dumpstate:s0 tcontext=u:r:vold:s0 tclass=binder permissive=1
avc: denied { getattr } for comm="df" path="/mnt/vendor/efs" dev="sda5" ino=3 scontext=u:r:dumpstate:s0 tcontext=u:object_r:modem_efs_file:s0 tclass=dir permissive=1
avc: denied { getattr } for comm="df" path="/mnt/vendor/modem_userdata" dev="sda7" ino=3 scontext=u:r:dumpstate:s0 tcontext=u:object_r:modem_userdata_file:s0 tclass=dir permissive=1
Bug: 361093041
Test: local build
Change-Id: I5c6be63beebf66d64db7e495c28493ab35621054
Signed-off-by: Randall Huang <huangrandall@google.com>
This commit is contained in:
Randall Huang
parent
4391ba797c
commit
bce5748b4f
13 changed files with 30 additions and 1 deletions
|
|
@ -1,8 +1,11 @@
|
|||
# adb bugreport
|
||||
pixel_bugreport(dump_storage)
|
||||
|
||||
# adb bugreport
|
||||
allow dump_storage sysfs_scsi_devices_0000:dir r_dir_perms;
|
||||
allow dump_storage sysfs_scsi_devices_0000:file r_file_perms;
|
||||
|
||||
# adb bugreport
|
||||
userdebug_or_eng(`
|
||||
allow dump_storage debugfs_f2fs:dir r_dir_perms;
|
||||
allow dump_storage debugfs_f2fs:file r_file_perms;
|
||||
|
|
@ -17,7 +20,10 @@ userdebug_or_eng(`
|
|||
allow dump_storage dump_storage_data_file:file create_file_perms;
|
||||
')
|
||||
|
||||
# adb bugreport
|
||||
get_prop(dump_storage, boottime_public_prop)
|
||||
|
||||
# adb bugreport
|
||||
dontaudit dump_storage debugfs_f2fs:dir r_dir_perms;
|
||||
dontaudit dump_storage debugfs_f2fs:file r_file_perms;
|
||||
|
||||
|
|
|
|||
|
|
@ -1 +1,7 @@
|
|||
allow dumpstate sysfs_scsi_devices_0000:file r_file_perms;
|
||||
# adb bugreport
|
||||
allow dumpstate sysfs_scsi_devices_0000:file r_file_perms;
|
||||
allow dumpstate persist_file:dir { getattr };
|
||||
allow dumpstate modem_efs_file:dir { getattr };
|
||||
allow dumpstate modem_userdata_file:dir { getattr };
|
||||
allow dumpstate vold:binder { call };
|
||||
|
||||
|
|
|
|||
|
|
@ -7,3 +7,4 @@ allowxperm e2fs { persist_block_device efs_block_device modem_userdata_block_dev
|
|||
};
|
||||
allow e2fs sysfs_scsi_devices_0000:dir r_dir_perms;
|
||||
allow e2fs sysfs_scsi_devices_0000:file r_file_perms;
|
||||
|
||||
|
|
|
|||
|
|
@ -1 +1,3 @@
|
|||
# fastbootd
|
||||
allow fastbootd devpts:chr_file rw_file_perms;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,6 @@
|
|||
# file.te
|
||||
type debugfs_f2fs, debugfs_type, fs_type;
|
||||
type dump_storage_data_file, file_type, data_file_type;
|
||||
type sg_device, dev_type;
|
||||
type sg_util_exec, exec_type, vendor_file_type, file_type;
|
||||
|
||||
|
|
|
|||
|
|
@ -4,3 +4,4 @@ allow fsck efs_block_device:blk_file rw_file_perms;
|
|||
allow fsck modem_userdata_block_device:blk_file rw_file_perms;
|
||||
allow fsck sysfs_scsi_devices_0000:dir r_dir_perms;
|
||||
allow fsck sysfs_scsi_devices_0000:file r_file_perms;
|
||||
|
||||
|
|
|
|||
|
|
@ -1 +1,3 @@
|
|||
# f2fs
|
||||
genfscon debugfs /f2fs u:object_r:debugfs_f2fs:s0
|
||||
|
||||
|
|
|
|||
|
|
@ -1,2 +1,3 @@
|
|||
# dumpsys android.hardware.power.stats.IPowerStats/default
|
||||
r_dir_file(hal_health_default, sysfs_scsi_devices_0000)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
# Access to /sys/devices/platform/*ufs/*
|
||||
allow hal_health_storage_default sysfs_scsi_devices_0000:dir r_dir_perms;
|
||||
allow hal_health_storage_default sysfs_scsi_devices_0000:file rw_file_perms;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,2 +1,3 @@
|
|||
# dumpsys android.hardware.power.stats.IPowerStats/default
|
||||
r_dir_file(hal_power_stats_default, sysfs_scsi_devices_0000)
|
||||
|
||||
|
|
|
|||
|
|
@ -1 +1,3 @@
|
|||
# init
|
||||
allow init sysfs_scsi_devices_0000:file w_file_perms;
|
||||
|
||||
|
|
|
|||
|
|
@ -1 +1,3 @@
|
|||
# vendor_init
|
||||
allow vendor_init sg_device:chr_file r_file_perms;
|
||||
|
||||
|
|
|
|||
|
|
@ -5,9 +5,11 @@ allow vold sysfs_scsi_devices_0000:file rw_file_perms;
|
|||
allow vold userdata_exp_block_device:blk_file rw_file_perms;
|
||||
allowxperm vold userdata_exp_block_device:blk_file ioctl BLKSECDISCARD;
|
||||
|
||||
# adb bugreport
|
||||
dontaudit vold dumpstate:fifo_file rw_file_perms;
|
||||
dontaudit vold dumpstate:fd use ;
|
||||
|
||||
# fix idle-maint
|
||||
allow vold efs_block_device:blk_file { getattr };
|
||||
allow vold modem_userdata_block_device:blk_file { getattr };
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue