Fix avc denied for vendor silent logging app

log: avc: denied { getattr } for comm="y.silentlogging" path="/data/user/0/com.samsung.slsi.telephony.silentlogging" dev="dm-42" ino=6793 scontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tcontext=u:object_r:system_app_data_file:s0 tclass=dir permissive=0 avc: denied { search } for comm="y.silentlogging" name="com.samsung.slsi.telephony.silentlogging" dev="dm-42" ino=6793 scontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tcontext=u:object_r:system_app_data_file:s0 tclass=dir permissive=0 denied { read } for comm="y.silentlogging" name="u:object_r:vendor_slog_prop:s0" dev="tmpfs" ino=338 scontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tcontext=u:object_r:vendor_slog_prop:s0 tclass=file permissive=0 avc: denied { search } for comm="y.silentlogging" name="slog" dev="dm-42" ino=314 scontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tcontext=u:object_r:vendor_slog_file:s0 tclass=dir permissive=0 avc: denied { read } for comm="y.silentlogging" name="u:object_r:default_prop:s0" dev="tmpfs" ino=150 scontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0 avc: denied { find } for interface=vendor.samsung_slsi.telephony.hardware.oemservice::IOemService sid=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 pid=7322 scontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tcontext=u:object_r:hal_vendor_oem_hwservice:s0 tclass=hwservice_manager permissive=0 avc: denied { call } for comm="y.silentlogging" scontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tcontext=u:r:dmd:s0 tclass=binder permissive=0 avc: denied { call } for comm="y.silentlogging" scontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tcontext=u:r:sced:s0 tclass=binder permissive=0 avc: denied { read } for comm="getenforce" name="enforce" dev="selinuxfs" ino=4 scontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tcontext=u:object_r:selinuxfs:s0 tclass=file permissive=0 avc: denied { set } for property=persist.vendor.modem.logging.shannon_app pid=7279 uid=1000 gid=1000 scontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tcontext=u:object_r:vendor_modem_prop:s0 tclass=property_service permissive=0' avc: denied { call } for comm="HwBinder:1001_1" scontext=u:r:sced:s0 tcontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tclass=binder permissive=0 avc: denied { call } for scontext=u:r:dmd:s0 tcontext=u:r:vendor_telephony_silentlogging_app:s0:c232,c259,c512,c768 tclass=binder permissive=0 avc: denied { getattr } for comm="tlogging:remote" path="/data/user/0/com.samsung.slsi.telephony.silentlogging" dev="dm-42" ino=6793 scontext=u:r:vendor_silentlogging_remote_app:s0:c232,c259,c512,c768 tcontext=u:object_r:system_app_data_file:s0 tclass=dir permissive=0 avc: denied { read } for name="slog" dev="dm-42" ino=314 scontext=u:r:vendor_silentlogging_remote_app:s0:c232,c259,c512,c768 tcontext=u:object_r:vendor_slog_file:s0 tclass=dir permissive=0 Test: flash TH build then run basic test of silent logging app Bug: 220847487 Change-Id: Ib5ac1e796e8e816d024cebc584b5699ab8ed1162
2022-02-24 14:42:19 +00:00 · 2022-02-24 14:42:19 +00:00 · e44f3c867c
commit e44f3c867c
parent 7cb9cc182b
4 changed files with 28 additions and 0 deletions
--- a/whitechapel_pro/dmd.te
+++ b/whitechapel_pro/dmd.te
@ -29,3 +29,4 @@ allow dmd hal_vendor_oem_hwservice:hwservice_manager { add find };
 binder_call(dmd, hwservicemanager)
 binder_call(dmd, modem_diagnostic_app)
 binder_call(dmd, modem_logging_control)
 binder_call(dmd, vendor_telephony_silentlogging_app)
--- a/whitechapel_pro/sced.te
+++ b/whitechapel_pro/sced.te
@ -7,6 +7,7 @@ userdebug_or_eng(`
  hwbinder_use(sced)
  binder_call(sced, dmd)
  binder_call(sced, vendor_telephony_silentlogging_app)
  get_prop(sced, hwservicemanager_prop)
  allow sced self:packet_socket create_socket_perms_no_ioctl;
--- a/whitechapel_pro/vendor_silentlogging_remote_app.te
+++ b/whitechapel_pro/vendor_silentlogging_remote_app.te
@ -1,4 +1,13 @@
 type vendor_silentlogging_remote_app, domain;
 app_domain(vendor_silentlogging_remote_app)
 allow vendor_silentlogging_remote_app vendor_slog_file:dir create_dir_perms;
 allow vendor_silentlogging_remote_app vendor_slog_file:file create_file_perms;
 allow vendor_silentlogging_remote_app app_api_service:service_manager find;
 userdebug_or_eng(`
 # Silent Logging Remote
 dontaudit vendor_silentlogging_remote_app system_app_data_file:dir create_dir_perms;
 dontaudit vendor_silentlogging_remote_app system_app_data_file:file create_file_perms;
 ')
--- a/whitechapel_pro/vendor_telephony_silentlogging_app.te
+++ b/whitechapel_pro/vendor_telephony_silentlogging_app.te
@ -1,4 +1,21 @@
 type vendor_telephony_silentlogging_app, domain;
 app_domain(vendor_telephony_silentlogging_app)
 set_prop(vendor_telephony_silentlogging_app, vendor_modem_prop)
 set_prop(vendor_telephony_silentlogging_app, vendor_slog_prop)
 allow vendor_telephony_silentlogging_app vendor_slog_file:dir create_dir_perms;
 allow vendor_telephony_silentlogging_app vendor_slog_file:file create_file_perms;
 allow vendor_telephony_silentlogging_app app_api_service:service_manager find;
 allow vendor_telephony_silentlogging_app hal_vendor_oem_hwservice:hwservice_manager find;
 binder_call(vendor_telephony_silentlogging_app, dmd)
 binder_call(vendor_telephony_silentlogging_app, sced)
 userdebug_or_eng(`
 # Silent Logging
 dontaudit vendor_telephony_silentlogging_app system_app_data_file:dir create_dir_perms;
 dontaudit vendor_telephony_silentlogging_app system_app_data_file:file create_file_perms;
 dontaudit vendor_telephony_silentlogging_app default_prop:file { getattr open read map };
 allow vendor_telephony_silentlogging_app selinuxfs:file { read open };
 ')