logger_app: don't audit default_prop and fix errors

avc: denied { read } for comm="oid.pixellogger" name="u:object_r:default_prop:s0" dev="tmpfs" ino=153 scontext=u:r:logger_app:s0:c8,c257,c512,c768 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0 app=com.android.pixellogger avc: denied { search } for name="ssrdump" dev="dm-44" ino=377 scontext=u:r:logger_app:s0:c8,c257,c512,c768 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=0 app=com.android.pixellogger avc: denied { search } for name="coredump" dev="dm-44" ino=378 scontext=u:r:logger_app:s0:c8,c257,c512,c768 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=0 app=com.android.pixellogger Bug: 264489961 Bug: 269383459 Test: Make sure no avc denied for logger_app when using Pixel Logger Change-Id: I8999372d243286586eb53602e167fa111d39a00f
2023-02-15 09:13:04 +00:00 · 2023-02-15 09:13:04 +00:00 · ef1d13d86d
commit ef1d13d86d
parent 3432cc6b0b
2 changed files with 5 additions and 2 deletions
--- a/radio/logger_app.te
+++ b/radio/logger_app.te
@ -6,6 +6,9 @@ userdebug_or_eng(`
  allow logger_app radio_vendor_data_file:dir create_dir_perms;
  allow logger_app sysfs_sscoredump_level:file r_file_perms;

+  r_dir_file(logger_app, sscoredump_vendor_data_coredump_file)
+  r_dir_file(logger_app, sscoredump_vendor_data_crashinfo_file)
+
  set_prop(logger_app, vendor_audio_prop)
  set_prop(logger_app, vendor_gps_prop)
  set_prop(logger_app, vendor_logger_prop)
--- a/tracking_denials/logger_app.te
+++ b/tracking_denials/logger_app.te
@ -1,4 +1,4 @@
-# b/264489961
+# b/269383459
 userdebug_or_eng(`
-  permissive logger_app;
+  dontaudit logger_app default_prop:file { read };
 ')