From 90ead0f9cbe147c741545349b20235091eea72ac Mon Sep 17 00:00:00 2001
From: Aaron Tsai <tsaiaaron@google.com>
Date: Fri, 16 Apr 2021 11:02:26 +0800
Subject: [PATCH] Update tracking error for Silent Logging tool

04-06 20:16:59.772  1000  5754  5754 W RenderThread: type=1400 audit(0.0:17): avc: denied { write } for name="code_cache" dev="dm-7" ino=4477 scontext=u:r:vendor_telephony_app:s0:c232,c259,c512,c768 tcontext=u:object_r:system_app_data_file:s0 tclass=dir permissive=0
[   65.233590] type=1400 audit(1618796326.840:4): avc: denied { getattr } for comm="y.silentlogging" path="/data/user/0/com.samsung.slsi.telephony.silentlogging" dev="dm-11" ino=6338 scontext=u:r:vendor_telephony_app:s0:c232,c259,c512,c768 tcontext=u:object_r:system_app_data_file:s0 tclass=dir permissive=0
[   65.280798] type=1400 audit(1618796326.888:6): avc: denied { search } for comm="y.silentlogging" name="com.samsung.slsi.telephony.silentlogging" dev="dm-11" ino=6338 scontext=u:r:vendor_telephony_app:s0:c232,c259,c512,c768 tcontext=u:object_r:system_app_data_file:s0 tclass=dir permissive=0

04-06 21:07:23.576  7458  7458 I auditd  : type=1400 audit(0.0:64): avc: denied { create } for comm="RenderThread" name="com.android.skia.shaders_cache" scontext=u:r:vendor_telephony_app:s0:c232,c259,c512,c768 tcontext=u:object_r:system_app_data_file:s0:c232,c259,c512,c768 tclass=file permissive=0
04-13 14:14:38.572  1000  8875  8875 I SharedPreferenc: type=1400 audit(0.0:524): avc: denied { read } for name="SHARED_PREF.xml" dev="dm-7" ino=16734 scontext=u:r:vendor_telephony_app:s0:c232,c259,c512,c768 tcontext=u:object_r:system_app_data_file:s0:c232,c259,c512,c768 tclass=file permissive=1
04-13 14:14:38.572  1000  8875  8875 I SharedPreferenc: type=1400 audit(0.0:525): avc: denied { read } for name="com.samsung.slsi.telephony.silentlogging_preferences.xml" dev="dm-7" ino=17227 scontext=u:r:vendor_telephony_app:s0:c232,c259,c512,c768 tcontext=u:object_r:system_app_data_file:s0:c232,c259,c512,c768 tclass=file permissive=1
04-13 14:14:38.572  1000  8875  8875 I SharedPreferenc: type=1400 audit(0.0:526): avc: denied { getattr } for path="/data/user/0/com.samsung.slsi.telephony.silentlogging/shared_prefs/com.samsung.slsi.telephony.silentlogging_preferences.xml" dev="dm-7" ino=17227 scontext=u:r:vendor_telephony_app:s0:c232,c259,c512,c768 tcontext=u:object_r:system_app_data_file:s0:c232,c259,c512,c768 tclass=file permissive=1
04-13 14:14:38.572  1000  8875  8875 I SharedPreferenc: type=1400 audit(0.0:527): avc: denied { getattr } for path="/data/user/0/com.samsung.slsi.telephony.silentlogging/shared_prefs/SHARED_PREF.xml" dev="dm-7" ino=16734 scontext=u:r:vendor_telephony_app:s0:c232,c259,c512,c768 tcontext=u:object_r:system_app_data_file:s0:c232,c259,c512,c768 tclass=file permissive=1

04-06 12:02:03.460  1000  9117  9117 W si.sysdebugmode: type=1400 audit(0.0:35): avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=139 scontext=u:r:vendor_telephony_app:s0:c232,c259,c512,c768 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0
04-06 12:02:03.465  1000  9117  9117 W libc    : Access denied finding property "persist.input.velocitytracker.strategy"

04-13 15:01:12.636  1000  8718  8718 W y.silentlogging: type=1400 audit(0.0:60): avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=131 scontext=u:r:vendor_telephony_app:s0:c232,c259,c512,c768 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0
04-13 15:01:12.638  1000  8718  8718 W libc    : Access denied finding property "ro.input.resampling"

04-13 15:01:12.724  1000  8718  8718 W y.silentlogging: type=1400 audit(0.0:61): avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=131 scontext=u:r:vendor_telephony_app:s0:c232,c259,c512,c768 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0
04-13 15:01:12.726  1000  8718  8718 W libc    : Access denied finding property "viewroot.profile_rendering"


Bug: 184921478
Test: manual
Change-Id: Ia842b3dcfd8ec2ad30acc065f9caceafdc0458cd
---
 tracking_denials/vendor_telephony_app.te          |  4 ----
 whitechapel/vendor/google/vendor_telephony_app.te | 11 +++++++----
 2 files changed, 7 insertions(+), 8 deletions(-)
 delete mode 100644 tracking_denials/vendor_telephony_app.te

diff --git a/tracking_denials/vendor_telephony_app.te b/tracking_denials/vendor_telephony_app.te
deleted file mode 100644
index 9100149a..00000000
--- a/tracking_denials/vendor_telephony_app.te
+++ /dev/null
@@ -1,4 +0,0 @@
-# b/185723694
-dontaudit vendor_telephony_app system_app_data_file:dir { getattr };
-dontaudit vendor_telephony_app system_app_data_file:dir { search };
-dontaudit vendor_telephony_app system_app_data_file:dir { search };
diff --git a/whitechapel/vendor/google/vendor_telephony_app.te b/whitechapel/vendor/google/vendor_telephony_app.te
index 5b4c4604..7d515a8a 100644
--- a/whitechapel/vendor/google/vendor_telephony_app.te
+++ b/whitechapel/vendor/google/vendor_telephony_app.te
@@ -6,10 +6,6 @@ set_prop(vendor_telephony_app, vendor_persist_sys_default_prop)
 set_prop(vendor_telephony_app, vendor_modem_prop)
 set_prop(vendor_telephony_app, vendor_slog_prop)
 
-# [TODO] Need to check further about the system data permission
-# allow vendor_telephony_app system_app_data_file:dir create_dir_perms;
-# allow vendor_telephony_app system_app_data_file:file create_file_perms;
-
 allow vendor_telephony_app vendor_slog_file:dir create_dir_perms;
 allow vendor_telephony_app vendor_slog_file:file create_file_perms;
 
@@ -17,3 +13,10 @@ allow vendor_telephony_app app_api_service:service_manager find;
 allow vendor_telephony_app hal_vendor_oem_hwservice:hwservice_manager find;
 binder_call(vendor_telephony_app, dmd)
 binder_call(vendor_telephony_app, sced)
+
+userdebug_or_eng(`
+# Silent Logging
+dontaudit vendor_telephony_app system_app_data_file:dir create_dir_perms;
+dontaudit vendor_telephony_app system_app_data_file:file create_file_perms;
+dontaudit vendor_telephony_app default_prop:file { getattr open read map };
+')