Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add TCP dump permissions.

Browse source 
Copy selinux policy for tcp dump binary from previous Pixel to support
TCP logging on P21 through PixelLogger.

Bug: 184777243
Test: Check PixelLogger TCP dump works.
Change-Id: Id958c8a3e6375a7aae569d6fc94deb9f8072b57b
This commit is contained in:
Eddie Tashjian 2021-04-07 15:07:49 -07:00
parent 34e0106672
commit b2fb9cdace
6 changed files with 35 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
whitechapel/vendor/google/file.te vendored
View file

@ -117,6 +117,9 @@ type persist_modem_file, file_type, vendor_persist_type;
type modem_img_file, contextmount_type, file_type, vendor_file_type; type modem_img_file, contextmount_type, file_type, vendor_file_type;
allow modem_img_file self:filesystem associate; allow modem_img_file self:filesystem associate;
# TCP logging
type tcpdump_vendor_data_file, file_type, data_file_type, mlstrustedobject;
# Wireless # Wireless
type sysfs_wlc, sysfs_type, fs_type; type sysfs_wlc, sysfs_type, fs_type;

4
whitechapel/vendor/google/file_contexts vendored
View file

@ -254,6 +254,10 @@
# Modem logging # Modem logging
/vendor/bin/modem_logging_control u:object_r:modem_logging_control_exec:s0 /vendor/bin/modem_logging_control u:object_r:modem_logging_control_exec:s0
# TCP logging
/vendor/bin/tcpdump_logger u:object_r:tcpdump_logger_exec:s0
/data/vendor/tcpdump_logger(/.*)? u:object_r:tcpdump_vendor_data_file:s0
# Audio logging # Audio logging
/vendor/bin/aocdump u:object_r:aocdump_exec:s0 /vendor/bin/aocdump u:object_r:aocdump_exec:s0

1
whitechapel/vendor/google/logger_app.te vendored
View file

@ -16,4 +16,5 @@ userdebug_or_eng(`
set_prop(logger_app, vendor_modem_prop) set_prop(logger_app, vendor_modem_prop)
set_prop(logger_app, vendor_gps_prop) set_prop(logger_app, vendor_gps_prop)
set_prop(logger_app, vendor_audio_prop) set_prop(logger_app, vendor_audio_prop)
set_prop(logger_app, vendor_tcpdump_log_prop)
') ')

3
whitechapel/vendor/google/property.te vendored
View file

@ -41,3 +41,6 @@ vendor_internal_prop(vendor_wifi_version)
# Touchpanel # Touchpanel
vendor_internal_prop(vendor_touchpanel_prop) vendor_internal_prop(vendor_touchpanel_prop)
# TCP logging
vendor_internal_prop(vendor_tcpdump_log_prop)

6
whitechapel/vendor/google/property_contexts vendored
View file

@ -102,3 +102,9 @@ vendor.wlan.firmware.version u:object_r:vendor_wifi_version:s
# Touchpanel # Touchpanel
vendor.mfgapi.touchpanel.permission u:object_r:vendor_touchpanel_prop:s0 vendor.mfgapi.touchpanel.permission u:object_r:vendor_touchpanel_prop:s0
# Tcpdump_logger
persist.vendor.tcpdump.log.alwayson u:object_r:vendor_tcpdump_log_prop:s0
vendor.tcpdump.log.ondemand u:object_r:vendor_tcpdump_log_prop:s0
vendor.tcpdump.log.alwayson u:object_r:vendor_tcpdump_log_prop:s0
vendor.tcpdump.output.dir u:object_r:vendor_tcpdump_log_prop:s0

18
whitechapel/vendor/google/tcpdump_logger.te vendored Normal file
View file

@ -0,0 +1,18 @@
type tcpdump_logger, domain;
type tcpdump_logger_exec, exec_type, vendor_file_type, file_type;
userdebug_or_eng(`
# make transition from init to its domain
init_daemon_domain(tcpdump_logger)
allow tcpdump_logger self:capability net_raw;
allow tcpdump_logger self:packet_socket create_socket_perms;
allowxperm tcpdump_logger self:packet_socket ioctl 0x8933;
allow tcpdump_logger tcpdump_exec:file rx_file_perms;
allow tcpdump_logger tcpdump_vendor_data_file:dir create_dir_perms;
allow tcpdump_logger tcpdump_vendor_data_file:file create_file_perms;
allow tcpdump_logger radio_vendor_data_file:file create_file_perms;
allow tcpdump_logger radio_vendor_data_file:dir create_dir_perms;
set_prop(tcpdump_logger, vendor_tcpdump_log_prop)
')