Fix avc denied for vendor silent logging app am: e44f3c867c
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16986448 Change-Id: I6360f039728d972f47c761e06748d6b2443ba911
This commit is contained in:
commit
079719c2b0
4 changed files with 28 additions and 0 deletions
|
@ -29,3 +29,4 @@ allow dmd hal_vendor_oem_hwservice:hwservice_manager { add find };
|
|||
binder_call(dmd, hwservicemanager)
|
||||
binder_call(dmd, modem_diagnostic_app)
|
||||
binder_call(dmd, modem_logging_control)
|
||||
binder_call(dmd, vendor_telephony_silentlogging_app)
|
||||
|
|
|
@ -7,6 +7,7 @@ userdebug_or_eng(`
|
|||
|
||||
hwbinder_use(sced)
|
||||
binder_call(sced, dmd)
|
||||
binder_call(sced, vendor_telephony_silentlogging_app)
|
||||
|
||||
get_prop(sced, hwservicemanager_prop)
|
||||
allow sced self:packet_socket create_socket_perms_no_ioctl;
|
||||
|
|
|
@ -1,4 +1,13 @@
|
|||
type vendor_silentlogging_remote_app, domain;
|
||||
app_domain(vendor_silentlogging_remote_app)
|
||||
|
||||
allow vendor_silentlogging_remote_app vendor_slog_file:dir create_dir_perms;
|
||||
allow vendor_silentlogging_remote_app vendor_slog_file:file create_file_perms;
|
||||
|
||||
allow vendor_silentlogging_remote_app app_api_service:service_manager find;
|
||||
|
||||
userdebug_or_eng(`
|
||||
# Silent Logging Remote
|
||||
dontaudit vendor_silentlogging_remote_app system_app_data_file:dir create_dir_perms;
|
||||
dontaudit vendor_silentlogging_remote_app system_app_data_file:file create_file_perms;
|
||||
')
|
||||
|
|
|
@ -1,4 +1,21 @@
|
|||
type vendor_telephony_silentlogging_app, domain;
|
||||
app_domain(vendor_telephony_silentlogging_app)
|
||||
|
||||
set_prop(vendor_telephony_silentlogging_app, vendor_modem_prop)
|
||||
set_prop(vendor_telephony_silentlogging_app, vendor_slog_prop)
|
||||
|
||||
allow vendor_telephony_silentlogging_app vendor_slog_file:dir create_dir_perms;
|
||||
allow vendor_telephony_silentlogging_app vendor_slog_file:file create_file_perms;
|
||||
|
||||
allow vendor_telephony_silentlogging_app app_api_service:service_manager find;
|
||||
allow vendor_telephony_silentlogging_app hal_vendor_oem_hwservice:hwservice_manager find;
|
||||
binder_call(vendor_telephony_silentlogging_app, dmd)
|
||||
binder_call(vendor_telephony_silentlogging_app, sced)
|
||||
|
||||
userdebug_or_eng(`
|
||||
# Silent Logging
|
||||
dontaudit vendor_telephony_silentlogging_app system_app_data_file:dir create_dir_perms;
|
||||
dontaudit vendor_telephony_silentlogging_app system_app_data_file:file create_file_perms;
|
||||
dontaudit vendor_telephony_silentlogging_app default_prop:file { getattr open read map };
|
||||
allow vendor_telephony_silentlogging_app selinuxfs:file { read open };
|
||||
')
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue