From b0daa90c01a3f377715524c91392fe80c9aa5800 Mon Sep 17 00:00:00 2001 From: Enzo Liao Date: Thu, 14 Mar 2024 15:01:43 +0800 Subject: [PATCH] Move SELinux policies of RamdumpService and SSRestartDetector to /gs-common. New paths (ag/26620507): RamdumpService: device/google/gs-common/ramdump_app SSRestartDetector: device/google/gs-common/ssr_detector_app Bug: 298102808 Design: go/sys-software-logging Test: Manual Change-Id: I568f43ab8ed8f5ab330cbda19cd68bcc12838fdf --- gs101-sepolicy.mk | 3 --- whitechapel/vendor/google/ramdump_app.te | 24 ----------------------- whitechapel/vendor/google/seapp_contexts | 4 ---- whitechapel/vendor/google/ssr_detector.te | 24 ----------------------- 4 files changed, 55 deletions(-) delete mode 100644 whitechapel/vendor/google/ramdump_app.te delete mode 100644 whitechapel/vendor/google/ssr_detector.te diff --git a/gs101-sepolicy.mk b/gs101-sepolicy.mk index 12768b9e..3e8c9022 100644 --- a/gs101-sepolicy.mk +++ b/gs101-sepolicy.mk @@ -20,9 +20,6 @@ SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/gs101-sepolicy/system_ext/priv # PowerStats HAL BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/powerstats -# sscoredump -BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/sscoredump - # Public PRODUCT_PUBLIC_SEPOLICY_DIRS += device/google/gs101-sepolicy/public diff --git a/whitechapel/vendor/google/ramdump_app.te b/whitechapel/vendor/google/ramdump_app.te deleted file mode 100644 index 308e9fb7..00000000 --- a/whitechapel/vendor/google/ramdump_app.te +++ /dev/null @@ -1,24 +0,0 @@ -type ramdump_app, domain; - -userdebug_or_eng(` - app_domain(ramdump_app) - - allow ramdump_app app_api_service:service_manager find; - - allow ramdump_app ramdump_vendor_data_file:file create_file_perms; - allow ramdump_app ramdump_vendor_data_file:dir create_dir_perms; - - set_prop(ramdump_app, vendor_ramdump_prop) - get_prop(ramdump_app, system_boot_reason_prop) - - # To access ramdumpfs. - allow ramdump_app mnt_vendor_file:dir search; - allow ramdump_app ramdump_vendor_mnt_file:dir create_dir_perms; - allow ramdump_app ramdump_vendor_mnt_file:file create_file_perms; - - # To access subsystem ramdump files and dirs. - allow ramdump_app sscoredump_vendor_data_crashinfo_file:dir r_dir_perms; - allow ramdump_app sscoredump_vendor_data_crashinfo_file:file r_file_perms; - allow ramdump_app sscoredump_vendor_data_coredump_file:dir r_dir_perms; - allow ramdump_app sscoredump_vendor_data_coredump_file:file r_file_perms; -') diff --git a/whitechapel/vendor/google/seapp_contexts b/whitechapel/vendor/google/seapp_contexts index f2c53ebc..804c36ce 100644 --- a/whitechapel/vendor/google/seapp_contexts +++ b/whitechapel/vendor/google/seapp_contexts @@ -17,10 +17,6 @@ user=_app isPrivApp=true name=com.shannon.rcsservice domain=vendor_rcs_app level user=_app isPrivApp=true name=com.shannon.rcsservice:shannonrcsservice domain=vendor_rcs_app levelFrom=all user=_app isPrivApp=true name=com.shannon.qualifiednetworksservice domain=vendor_ims_app levelFrom=all -# coredump/ramdump -user=system seinfo=platform name=com.google.SSRestartDetector domain=ssr_detector_app type=system_app_data_file levelFrom=user -user=_app seinfo=platform name=com.android.ramdump domain=ramdump_app type=app_data_file levelFrom=all - # grilservice user=_app isPrivApp=true name=com.google.android.grilservice domain=grilservice_app levelFrom=all diff --git a/whitechapel/vendor/google/ssr_detector.te b/whitechapel/vendor/google/ssr_detector.te deleted file mode 100644 index f27fcc5b..00000000 --- a/whitechapel/vendor/google/ssr_detector.te +++ /dev/null @@ -1,24 +0,0 @@ -type ssr_detector_app, domain; - -app_domain(ssr_detector_app) -allow ssr_detector_app app_api_service:service_manager find; -allow ssr_detector_app radio_service:service_manager find; - -allow ssr_detector_app system_app_data_file:dir create_dir_perms; -allow ssr_detector_app system_app_data_file:file create_file_perms; - -allow ssr_detector_app sscoredump_vendor_data_crashinfo_file:dir r_dir_perms; -allow ssr_detector_app sscoredump_vendor_data_crashinfo_file:file r_file_perms; -userdebug_or_eng(` - allow ssr_detector_app sscoredump_vendor_data_coredump_file:dir r_dir_perms; - allow ssr_detector_app sscoredump_vendor_data_coredump_file:file r_file_perms; - allow ssr_detector_app sysfs_sjtag:dir r_dir_perms; - allow ssr_detector_app sysfs_sjtag:file rw_file_perms; - allow ssr_detector_app proc_vendor_sched:dir search; - allow ssr_detector_app proc_vendor_sched:file rw_file_perms; - allow ssr_detector_app cgroup:file write; -') - -get_prop(ssr_detector_app, vendor_ssrdump_prop) -get_prop(ssr_detector_app, vendor_wifi_version) -get_prop(ssr_detector_app, vendor_aoc_prop)