Fix avc denied for vendor silent logging app am: e44f3c867c

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/16986448

Change-Id: I6360f039728d972f47c761e06748d6b2443ba911
This commit is contained in:
Jinting Lin 2022-02-25 08:27:05 +00:00 committed by Automerger Merge Worker
commit 079719c2b0
4 changed files with 28 additions and 0 deletions

View file

@ -29,3 +29,4 @@ allow dmd hal_vendor_oem_hwservice:hwservice_manager { add find };
binder_call(dmd, hwservicemanager)
binder_call(dmd, modem_diagnostic_app)
binder_call(dmd, modem_logging_control)
binder_call(dmd, vendor_telephony_silentlogging_app)

View file

@ -7,6 +7,7 @@ userdebug_or_eng(`
hwbinder_use(sced)
binder_call(sced, dmd)
binder_call(sced, vendor_telephony_silentlogging_app)
get_prop(sced, hwservicemanager_prop)
allow sced self:packet_socket create_socket_perms_no_ioctl;

View file

@ -1,4 +1,13 @@
type vendor_silentlogging_remote_app, domain;
app_domain(vendor_silentlogging_remote_app)
allow vendor_silentlogging_remote_app vendor_slog_file:dir create_dir_perms;
allow vendor_silentlogging_remote_app vendor_slog_file:file create_file_perms;
allow vendor_silentlogging_remote_app app_api_service:service_manager find;
userdebug_or_eng(`
# Silent Logging Remote
dontaudit vendor_silentlogging_remote_app system_app_data_file:dir create_dir_perms;
dontaudit vendor_silentlogging_remote_app system_app_data_file:file create_file_perms;
')

View file

@ -1,4 +1,21 @@
type vendor_telephony_silentlogging_app, domain;
app_domain(vendor_telephony_silentlogging_app)
set_prop(vendor_telephony_silentlogging_app, vendor_modem_prop)
set_prop(vendor_telephony_silentlogging_app, vendor_slog_prop)
allow vendor_telephony_silentlogging_app vendor_slog_file:dir create_dir_perms;
allow vendor_telephony_silentlogging_app vendor_slog_file:file create_file_perms;
allow vendor_telephony_silentlogging_app app_api_service:service_manager find;
allow vendor_telephony_silentlogging_app hal_vendor_oem_hwservice:hwservice_manager find;
binder_call(vendor_telephony_silentlogging_app, dmd)
binder_call(vendor_telephony_silentlogging_app, sced)
userdebug_or_eng(`
# Silent Logging
dontaudit vendor_telephony_silentlogging_app system_app_data_file:dir create_dir_perms;
dontaudit vendor_telephony_silentlogging_app system_app_data_file:file create_file_perms;
dontaudit vendor_telephony_silentlogging_app default_prop:file { getattr open read map };
allow vendor_telephony_silentlogging_app selinuxfs:file { read open };
')