From 4e2023c263a9a67bf0f1ac984a5d57e0ea39a26a Mon Sep 17 00:00:00 2001 From: Martin Wu Date: Thu, 27 Apr 2023 02:20:48 +0000 Subject: [PATCH] Revert "Add sepolicy for dumpstate to zip tcpdump into bugreport" Revert submission 22814097-Fix-tcpdump-sepolicy Reason for revert: build break Reverted changes: /q/submissionid:22814097-Fix-tcpdump-sepolicy Change-Id: I795de89a17c5ccee702fa3a59af03d48d89fbaf2 --- legacy/whitechapel_pro/file.te | 4 ++++ legacy/whitechapel_pro/file_contexts | 1 + tracking_denials/tcpdump_logger.te | 4 ++++ vendor/tcpdump_logger.te | 18 +----------------- 4 files changed, 10 insertions(+), 17 deletions(-) create mode 100644 tracking_denials/tcpdump_logger.te diff --git a/legacy/whitechapel_pro/file.te b/legacy/whitechapel_pro/file.te index 23d748bf..38d3dc82 100644 --- a/legacy/whitechapel_pro/file.te +++ b/legacy/whitechapel_pro/file.te @@ -1,11 +1,15 @@ # Data type updated_wifi_firmware_data_file, file_type, data_file_type; +type tcpdump_vendor_data_file, file_type, data_file_type; type vendor_misc_data_file, file_type, data_file_type; type per_boot_file, file_type, data_file_type, core_data_file_type; type uwb_vendor_data_file, file_type, data_file_type, app_data_file_type; type uwb_data_vendor, file_type, data_file_type; type powerstats_vendor_data_file, file_type, data_file_type; type sensor_debug_data_file, file_type, data_file_type; +userdebug_or_eng(` + typeattribute tcpdump_vendor_data_file mlstrustedobject; +') # sysfs type bootdevice_sysdev, dev_type; diff --git a/legacy/whitechapel_pro/file_contexts b/legacy/whitechapel_pro/file_contexts index a9901c05..a694d515 100644 --- a/legacy/whitechapel_pro/file_contexts +++ b/legacy/whitechapel_pro/file_contexts @@ -38,6 +38,7 @@ /data/vendor/ss(/.*)? u:object_r:tee_data_file:s0 /data/nfc(/.*)? u:object_r:nfc_data_file:s0 /data/vendor/firmware/wifi(/.*)? u:object_r:updated_wifi_firmware_data_file:s0 +/data/vendor/tcpdump_logger(/.*)? u:object_r:tcpdump_vendor_data_file:s0 /data/vendor/misc(/.*)? u:object_r:vendor_misc_data_file:s0 /data/per_boot(/.*)? u:object_r:per_boot_file:s0 /data/vendor/sensors/registry(/.*)? u:object_r:sensor_reg_data_file:s0 diff --git a/tracking_denials/tcpdump_logger.te b/tracking_denials/tcpdump_logger.te new file mode 100644 index 00000000..b0a70465 --- /dev/null +++ b/tracking_denials/tcpdump_logger.te @@ -0,0 +1,4 @@ +# b/264490014 +userdebug_or_eng(` + permissive tcpdump_logger; +') \ No newline at end of file diff --git a/vendor/tcpdump_logger.te b/vendor/tcpdump_logger.te index 7cf02450..10181049 100644 --- a/vendor/tcpdump_logger.te +++ b/vendor/tcpdump_logger.te @@ -1,21 +1,5 @@ type tcpdump_logger, domain; type tcpdump_logger_exec, exec_type, vendor_file_type, file_type; -userdebug_or_eng(` - # make transition from init to its domain - init_daemon_domain(tcpdump_logger) +init_daemon_domain(tcpdump_logger) - allow tcpdump_logger self:capability net_raw; - allow tcpdump_logger self:packet_socket create_socket_perms; - allowxperm tcpdump_logger self:packet_socket ioctl 0x8933; - allow tcpdump_logger tcpdump_exec:file rx_file_perms; - allow tcpdump_logger tcpdump_vendor_data_file:dir create_dir_perms; - allow tcpdump_logger tcpdump_vendor_data_file:file create_file_perms; - allow tcpdump_logger tcpdump_vendor_data_file:dir search; - allow tcpdump_logger radio_vendor_data_file:file create_file_perms; - allow tcpdump_logger radio_vendor_data_file:dir create_dir_perms; - allow tcpdump_logger wifi_logging_data_file:file create_file_perms; - allow tcpdump_logger wifi_logging_data_file:dir create_dir_perms; - - set_prop(tcpdump_logger, vendor_tcpdump_log_prop) -') \ No newline at end of file