From 885a790f2d3175c80e254f9c09cf1ac216434862 Mon Sep 17 00:00:00 2001
From: Donnie Pollitz <donpollitz@google.com>
Date: Tue, 28 Mar 2023 10:42:49 +0200
Subject: [PATCH] Add logd selinux allow permissions

Bug: 261105354
Bug: 264489639
Test: Ran atest SELinuxTest#scanAvcDeniedLogRightAfterReboot
Change-Id: I377dbb3bbdecd6780c1bdfb3aab53ee3c754c163
Signed-off-by: Donnie Pollitz <donpollitz@google.com>
---
 tracking_denials/logd.te | 7 -------
 vendor/logd.te           | 4 ++++
 2 files changed, 4 insertions(+), 7 deletions(-)
 delete mode 100644 tracking_denials/logd.te
 create mode 100644 vendor/logd.te

diff --git a/tracking_denials/logd.te b/tracking_denials/logd.te
deleted file mode 100644
index ab196237..00000000
--- a/tracking_denials/logd.te
+++ /dev/null
@@ -1,7 +0,0 @@
-# b/261105354
-dontaudit logd trusty_log_device:chr_file { open };
-dontaudit logd trusty_log_device:chr_file { read };
-# b/264489639
-userdebug_or_eng(`
-  permissive logd;
-')
\ No newline at end of file
diff --git a/vendor/logd.te b/vendor/logd.te
new file mode 100644
index 00000000..ca969d80
--- /dev/null
+++ b/vendor/logd.te
@@ -0,0 +1,4 @@
+r_dir_file(logd, logbuffer_device)
+allow logd logbuffer_device:chr_file r_file_perms;
+allow logd trusty_log_device:chr_file r_file_perms;
+