From 3f707d13c29300fab31a1ba6a8657771ba4946a8 Mon Sep 17 00:00:00 2001 From: Spade Lee Date: Tue, 12 Mar 2024 16:54:51 +0000 Subject: [PATCH 1/2] pixelstats_vendor: add logbuffer_device r_file_perms avc: denied { read } for name="logbuffer_maxfg_monitor" dev="tmpfs" ino=1034 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=0 Bug: 329174074 Test: no denied log, and able to read logbuffer in pixelstats_vendor Change-Id: Ieca53f3092355c72784d4216c138cbb7cc9c7fa4 Signed-off-by: Spade Lee --- vendor/pixelstats_vendor.te | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/pixelstats_vendor.te b/vendor/pixelstats_vendor.te index f4f447a1..35304f76 100644 --- a/vendor/pixelstats_vendor.te +++ b/vendor/pixelstats_vendor.te @@ -1,5 +1,6 @@ # Battery history allow pixelstats_vendor battery_history_device:chr_file r_file_perms; +allow pixelstats_vendor logbuffer_device:chr_file r_file_perms; # BCL allow pixelstats_vendor sysfs_bcl:dir search; From 1db18cf4b3603b81c4db17247bfee6e2327608f3 Mon Sep 17 00:00:00 2001 From: Hungyen Weng Date: Wed, 20 Mar 2024 23:00:09 +0000 Subject: [PATCH 2/2] Allow modem_svc to access modem files and perfetto Bug: 330730987 Test: Confirmed that modem_svc is able to access token db files in modem partition Test: Confiemed that modem_svc can send traces to perfetto Change-Id: Ic8b724e0e8d72f5ead83e75ab85471bcbdaf8749 --- radio/modem_svc_sit.te | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/radio/modem_svc_sit.te b/radio/modem_svc_sit.te index 57ed142b..6733a264 100644 --- a/radio/modem_svc_sit.te +++ b/radio/modem_svc_sit.te @@ -20,7 +20,7 @@ allow modem_svc_sit modem_stat_data_file:file create_file_perms; allow modem_svc_sit vendor_fw_file:dir search; allow modem_svc_sit vendor_fw_file:file r_file_perms; -allow modem_svc_sit mnt_vendor_file:dir search; +allow modem_svc_sit mnt_vendor_file:dir r_dir_perms; allow modem_svc_sit modem_userdata_file:dir create_dir_perms; allow modem_svc_sit modem_userdata_file:file create_file_perms; @@ -36,3 +36,12 @@ get_prop(modem_svc_sit, hwservicemanager_prop) # logging property get_prop(modem_svc_sit, vendor_logger_prop) + +# Write trace data to the Perfetto traced daemon. This requires connecting to +# its producer socket and obtaining a (per-process) tmpfs fd. +perfetto_producer(modem_svc_sit) + +# Allow modem_svc_sit to access modem image file/dir +allow modem_svc_sit modem_img_file:dir r_dir_perms; +allow modem_svc_sit modem_img_file:file r_file_perms; +allow modem_svc_sit modem_img_file:lnk_file r_file_perms; \ No newline at end of file