Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Allow modem_svc to access modem files and perfetto

Browse source 
Bug: 331147031
Bug: 330730987

Test: Confirmed that modem_svc is able to access token db files in modem partition
Test: Confiemed that modem_svc can send traces to perfetto
Test: Confirmed v2/pixel-health-guard/device-boot-health-check-extra has no modem_svc avc denials.

Change-Id: I5fabd3177c758be533ca8bdef3cb3305afd6a5a6
This commit is contained in:
Hungyen Weng 2024-03-25 20:33:16 +00:00
parent 883cf12320
commit 3a2d59d8a9
2 changed files with 11 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
tracking_denials/bug_map
View file

@ -5,7 +5,6 @@ incidentd debugfs_wakeup_sources file b/282626428
incidentd incidentd anon_inode b/282626428 incidentd incidentd anon_inode b/282626428
kernel dm_device blk_file b/315907959 kernel dm_device blk_file b/315907959
kernel tmpfs chr_file b/315907959 kernel tmpfs chr_file b/315907959
modem_svc_sit traced_producer_socket sock_file b/331147031
rfsd vendor_cbd_prop file b/317734418 rfsd vendor_cbd_prop file b/317734418
shell sysfs_net file b/329380904 shell sysfs_net file b/329380904
surfaceflinger selinuxfs file b/313804340 surfaceflinger selinuxfs file b/313804340
@ -16,3 +15,4 @@ untrusted_app userdebug_or_eng_prop file b/305600845
vendor_init default_prop file b/315104713 vendor_init default_prop file b/315104713
vendor_init default_prop file b/316817111 vendor_init default_prop file b/316817111
vendor_init default_prop property_service b/315104713 vendor_init default_prop property_service b/315104713

11
whitechapel/vendor/google/modem_svc_sit.te vendored
View file

@ -17,7 +17,7 @@ allow modem_svc_sit radio_vendor_data_file:file create_file_perms;
allow modem_svc_sit modem_stat_data_file:dir create_dir_perms; allow modem_svc_sit modem_stat_data_file:dir create_dir_perms;
allow modem_svc_sit modem_stat_data_file:file create_file_perms; allow modem_svc_sit modem_stat_data_file:file create_file_perms;
allow modem_svc_sit mnt_vendor_file:dir search; allow modem_svc_sit mnt_vendor_file:dir r_dir_perms;
allow modem_svc_sit modem_userdata_file:dir create_dir_perms; allow modem_svc_sit modem_userdata_file:dir create_dir_perms;
allow modem_svc_sit modem_userdata_file:file create_file_perms; allow modem_svc_sit modem_userdata_file:file create_file_perms;
@ -33,3 +33,12 @@ get_prop(modem_svc_sit, vendor_logger_prop)
# Modem property # Modem property
set_prop(modem_svc_sit, vendor_modem_prop) set_prop(modem_svc_sit, vendor_modem_prop)
# Write trace data to the Perfetto traced daemon. This requires connecting to
# its producer socket and obtaining a (per-process) tmpfs fd.
perfetto_producer(modem_svc_sit)
# Allow modem_svc_sit to access modem image file/dir
allow modem_svc_sit modem_img_file:dir r_dir_perms;
allow modem_svc_sit modem_img_file:file r_file_perms;
allow modem_svc_sit modem_img_file:lnk_file r_file_perms;