From df85139d173644b7ec44cb7151845026872a1648 Mon Sep 17 00:00:00 2001 From: Enzo Liao Date: Thu, 14 Mar 2024 15:26:37 +0800 Subject: [PATCH] Move SELinux policies of RamdumpService and SSRestartDetector to /gs-common. New paths (ag/26620507): RamdumpService: device/google/gs-common/ramdump_app SSRestartDetector: device/google/gs-common/ssr_detector_app Bug: 298102808 Design: go/sys-software-logging Test: Manual Change-Id: Id42c4de6c29d4a95f8a68a5732c4732edfb71da8 --- radio/seapp_contexts | 3 --- radio/ssr_detector.te | 24 ------------------------ vendor/ramdump_app.te | 24 ------------------------ vendor/seapp_contexts | 3 --- 4 files changed, 54 deletions(-) delete mode 100644 radio/ssr_detector.te delete mode 100644 vendor/ramdump_app.te diff --git a/radio/seapp_contexts b/radio/seapp_contexts index 9caa3947..4a274136 100644 --- a/radio/seapp_contexts +++ b/radio/seapp_contexts @@ -1,6 +1,3 @@ -# Sub System Ramdump -user=system seinfo=platform name=com.google.SSRestartDetector domain=ssr_detector_app type=system_app_data_file levelFrom=user - # CBRS setup app user=_app seinfo=platform name=com.google.googlecbrs domain=cbrs_setup_app type=app_data_file levelFrom=user diff --git a/radio/ssr_detector.te b/radio/ssr_detector.te deleted file mode 100644 index 2caf6d77..00000000 --- a/radio/ssr_detector.te +++ /dev/null @@ -1,24 +0,0 @@ -type ssr_detector_app, domain; - -app_domain(ssr_detector_app) -allow ssr_detector_app app_api_service:service_manager find; -allow ssr_detector_app radio_service:service_manager find; - -allow ssr_detector_app system_app_data_file:dir create_dir_perms; -allow ssr_detector_app system_app_data_file:file create_file_perms; - -allow ssr_detector_app sscoredump_vendor_data_crashinfo_file:dir r_dir_perms; -allow ssr_detector_app sscoredump_vendor_data_crashinfo_file:file r_file_perms; -userdebug_or_eng(` - allow ssr_detector_app sscoredump_vendor_data_coredump_file:dir r_dir_perms; - allow ssr_detector_app sscoredump_vendor_data_coredump_file:file r_file_perms; - get_prop(ssr_detector_app, vendor_aoc_prop) - allow ssr_detector_app sysfs_sjtag:dir r_dir_perms; - allow ssr_detector_app sysfs_sjtag:file rw_file_perms; - allow ssr_detector_app proc_vendor_sched:dir search; - allow ssr_detector_app proc_vendor_sched:file rw_file_perms; - allow ssr_detector_app cgroup:file write; -') - -get_prop(ssr_detector_app, vendor_ssrdump_prop) -get_prop(ssr_detector_app, vendor_wifi_version) diff --git a/vendor/ramdump_app.te b/vendor/ramdump_app.te deleted file mode 100644 index 308e9fb7..00000000 --- a/vendor/ramdump_app.te +++ /dev/null @@ -1,24 +0,0 @@ -type ramdump_app, domain; - -userdebug_or_eng(` - app_domain(ramdump_app) - - allow ramdump_app app_api_service:service_manager find; - - allow ramdump_app ramdump_vendor_data_file:file create_file_perms; - allow ramdump_app ramdump_vendor_data_file:dir create_dir_perms; - - set_prop(ramdump_app, vendor_ramdump_prop) - get_prop(ramdump_app, system_boot_reason_prop) - - # To access ramdumpfs. - allow ramdump_app mnt_vendor_file:dir search; - allow ramdump_app ramdump_vendor_mnt_file:dir create_dir_perms; - allow ramdump_app ramdump_vendor_mnt_file:file create_file_perms; - - # To access subsystem ramdump files and dirs. - allow ramdump_app sscoredump_vendor_data_crashinfo_file:dir r_dir_perms; - allow ramdump_app sscoredump_vendor_data_crashinfo_file:file r_file_perms; - allow ramdump_app sscoredump_vendor_data_coredump_file:dir r_dir_perms; - allow ramdump_app sscoredump_vendor_data_coredump_file:file r_file_perms; -') diff --git a/vendor/seapp_contexts b/vendor/seapp_contexts index ed23ae5a..1e77caae 100644 --- a/vendor/seapp_contexts +++ b/vendor/seapp_contexts @@ -1,9 +1,6 @@ # Domain for EuiccSupportPixel user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel domain=euiccpixel_app type=app_data_file levelFrom=all -# coredump/ramdump -user=_app seinfo=platform name=com.android.ramdump domain=ramdump_app type=app_data_file levelFrom=all - # Domain for connectivity monitor user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all