From 6a41ee1f215576718a60eaba539e501ea1bd21a8 Mon Sep 17 00:00:00 2001 From: martinwu Date: Mon, 24 Apr 2023 02:20:40 +0000 Subject: [PATCH 1/2] Add sepolicy for dumpstate to zip tcpdump into bugreport Bug: 264490014 Test: 1. Enable tcpdump_logger always-on function 2. Dump bugreport 3. Pull dumpstate_board.bin and chagne it to zip 4. Unzip dumpstate_board.zip and check if tcpdump files are there. Change-Id: I420f26f17260dff34617c8c723f126ee9e56bb27 --- radio/sepolicy/dump_radio.te | 2 ++ radio/sepolicy/file.te | 6 ++++++ radio/sepolicy/file_contexts | 1 + 3 files changed, 9 insertions(+) create mode 100644 radio/sepolicy/file.te diff --git a/radio/sepolicy/dump_radio.te b/radio/sepolicy/dump_radio.te index 146776c..7970f08 100644 --- a/radio/sepolicy/dump_radio.te +++ b/radio/sepolicy/dump_radio.te @@ -3,6 +3,8 @@ pixel_bugreport(dump_radio) userdebug_or_eng(` allow dump_radio radio_vendor_data_file:dir create_dir_perms; allow dump_radio radio_vendor_data_file:file create_file_perms; + allow dump_radio tcpdump_vendor_data_file:dir r_dir_perms; + allow dump_radio tcpdump_vendor_data_file:file r_file_perms; get_prop(dump_radio, vendor_rild_prop) get_prop(dump_radio vendor_tcpdump_log_prop) ') diff --git a/radio/sepolicy/file.te b/radio/sepolicy/file.te new file mode 100644 index 0000000..02d0209 --- /dev/null +++ b/radio/sepolicy/file.te @@ -0,0 +1,6 @@ +# Data +type tcpdump_vendor_data_file, file_type, data_file_type; + +userdebug_or_eng(` + typeattribute tcpdump_vendor_data_file mlstrustedobject; +') diff --git a/radio/sepolicy/file_contexts b/radio/sepolicy/file_contexts index 558beb3..20d786c 100644 --- a/radio/sepolicy/file_contexts +++ b/radio/sepolicy/file_contexts @@ -1 +1,2 @@ /vendor/bin/dump/dump_radio u:object_r:dump_radio_exec:s0 +/data/vendor/tcpdump_logger(/.*)? u:object_r:tcpdump_vendor_data_file:s0 From 50b5d5287ece0fc15accab5be39934632e6d82e1 Mon Sep 17 00:00:00 2001 From: Martin Wu Date: Thu, 27 Apr 2023 02:20:48 +0000 Subject: [PATCH 2/2] Revert "Add sepolicy for dumpstate to zip tcpdump into bugreport" Revert submission 22814097-Fix-tcpdump-sepolicy Reason for revert: build break Reverted changes: /q/submissionid:22814097-Fix-tcpdump-sepolicy Change-Id: I69d22f368aa5b9e21a8fe0071d1d0981b5c635e9 --- radio/sepolicy/dump_radio.te | 2 -- radio/sepolicy/file.te | 6 ------ radio/sepolicy/file_contexts | 1 - 3 files changed, 9 deletions(-) delete mode 100644 radio/sepolicy/file.te diff --git a/radio/sepolicy/dump_radio.te b/radio/sepolicy/dump_radio.te index 7970f08..146776c 100644 --- a/radio/sepolicy/dump_radio.te +++ b/radio/sepolicy/dump_radio.te @@ -3,8 +3,6 @@ pixel_bugreport(dump_radio) userdebug_or_eng(` allow dump_radio radio_vendor_data_file:dir create_dir_perms; allow dump_radio radio_vendor_data_file:file create_file_perms; - allow dump_radio tcpdump_vendor_data_file:dir r_dir_perms; - allow dump_radio tcpdump_vendor_data_file:file r_file_perms; get_prop(dump_radio, vendor_rild_prop) get_prop(dump_radio vendor_tcpdump_log_prop) ') diff --git a/radio/sepolicy/file.te b/radio/sepolicy/file.te deleted file mode 100644 index 02d0209..0000000 --- a/radio/sepolicy/file.te +++ /dev/null @@ -1,6 +0,0 @@ -# Data -type tcpdump_vendor_data_file, file_type, data_file_type; - -userdebug_or_eng(` - typeattribute tcpdump_vendor_data_file mlstrustedobject; -') diff --git a/radio/sepolicy/file_contexts b/radio/sepolicy/file_contexts index 20d786c..558beb3 100644 --- a/radio/sepolicy/file_contexts +++ b/radio/sepolicy/file_contexts @@ -1,2 +1 @@ /vendor/bin/dump/dump_radio u:object_r:dump_radio_exec:s0 -/data/vendor/tcpdump_logger(/.*)? u:object_r:tcpdump_vendor_data_file:s0