From e4ceb50a9cc17d702f6b7f56e7a0d1769ad1f0fc Mon Sep 17 00:00:00 2001 From: Enzo Liao Date: Thu, 14 Mar 2024 15:28:29 +0800 Subject: [PATCH] Move SELinux policies of RamdumpService and SSRestartDetector to /gs-common. New paths (ag/26620507): RamdumpService: device/google/gs-common/ramdump_app SSRestartDetector: device/google/gs-common/ssr_detector_app Bug: 298102808 Design: go/sys-software-logging Test: Manual (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:2761dbe28b294be5199aba6ee73013427e8d627f) Merged-In: I455630b347f9f234365fec371142582d2cc0640a Change-Id: I455630b347f9f234365fec371142582d2cc0640a --- legacy/zuma/vendor/ramdump_app.te | 24 ------------------------ radio/seapp_contexts | 3 --- radio/ssr_detector.te | 24 ------------------------ tracking_denials/seapp_contexts | 3 --- 4 files changed, 54 deletions(-) delete mode 100644 legacy/zuma/vendor/ramdump_app.te delete mode 100644 radio/ssr_detector.te diff --git a/legacy/zuma/vendor/ramdump_app.te b/legacy/zuma/vendor/ramdump_app.te deleted file mode 100644 index 308e9fb..0000000 --- a/legacy/zuma/vendor/ramdump_app.te +++ /dev/null @@ -1,24 +0,0 @@ -type ramdump_app, domain; - -userdebug_or_eng(` - app_domain(ramdump_app) - - allow ramdump_app app_api_service:service_manager find; - - allow ramdump_app ramdump_vendor_data_file:file create_file_perms; - allow ramdump_app ramdump_vendor_data_file:dir create_dir_perms; - - set_prop(ramdump_app, vendor_ramdump_prop) - get_prop(ramdump_app, system_boot_reason_prop) - - # To access ramdumpfs. - allow ramdump_app mnt_vendor_file:dir search; - allow ramdump_app ramdump_vendor_mnt_file:dir create_dir_perms; - allow ramdump_app ramdump_vendor_mnt_file:file create_file_perms; - - # To access subsystem ramdump files and dirs. - allow ramdump_app sscoredump_vendor_data_crashinfo_file:dir r_dir_perms; - allow ramdump_app sscoredump_vendor_data_crashinfo_file:file r_file_perms; - allow ramdump_app sscoredump_vendor_data_coredump_file:dir r_dir_perms; - allow ramdump_app sscoredump_vendor_data_coredump_file:file r_file_perms; -') diff --git a/radio/seapp_contexts b/radio/seapp_contexts index 2dea8c9..82d71dc 100644 --- a/radio/seapp_contexts +++ b/radio/seapp_contexts @@ -1,6 +1,3 @@ -# Sub System Ramdump -user=system seinfo=platform name=com.google.SSRestartDetector domain=ssr_detector_app type=system_app_data_file levelFrom=user - # CBRS setup app user=_app seinfo=platform name=com.google.googlecbrs domain=cbrs_setup_app type=app_data_file levelFrom=user diff --git a/radio/ssr_detector.te b/radio/ssr_detector.te deleted file mode 100644 index 2caf6d7..0000000 --- a/radio/ssr_detector.te +++ /dev/null @@ -1,24 +0,0 @@ -type ssr_detector_app, domain; - -app_domain(ssr_detector_app) -allow ssr_detector_app app_api_service:service_manager find; -allow ssr_detector_app radio_service:service_manager find; - -allow ssr_detector_app system_app_data_file:dir create_dir_perms; -allow ssr_detector_app system_app_data_file:file create_file_perms; - -allow ssr_detector_app sscoredump_vendor_data_crashinfo_file:dir r_dir_perms; -allow ssr_detector_app sscoredump_vendor_data_crashinfo_file:file r_file_perms; -userdebug_or_eng(` - allow ssr_detector_app sscoredump_vendor_data_coredump_file:dir r_dir_perms; - allow ssr_detector_app sscoredump_vendor_data_coredump_file:file r_file_perms; - get_prop(ssr_detector_app, vendor_aoc_prop) - allow ssr_detector_app sysfs_sjtag:dir r_dir_perms; - allow ssr_detector_app sysfs_sjtag:file rw_file_perms; - allow ssr_detector_app proc_vendor_sched:dir search; - allow ssr_detector_app proc_vendor_sched:file rw_file_perms; - allow ssr_detector_app cgroup:file write; -') - -get_prop(ssr_detector_app, vendor_ssrdump_prop) -get_prop(ssr_detector_app, vendor_wifi_version) diff --git a/tracking_denials/seapp_contexts b/tracking_denials/seapp_contexts index 7c87136..74fea00 100644 --- a/tracking_denials/seapp_contexts +++ b/tracking_denials/seapp_contexts @@ -1,9 +1,6 @@ # Domain for EuiccSupportPixel user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel domain=euiccpixel_app type=app_data_file levelFrom=all -# coredump/ramdump -user=_app seinfo=platform name=com.android.ramdump domain=ramdump_app type=app_data_file levelFrom=all - # Domain for connectivity monitor user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all