1#allow emdlogger to set property 2#allow emdlogger debug_prop:property_service set; 3#allow emdlogger persist_mtklog_prop:property_service set; 4#allow emdlogger system_radio_prop:property_service set; 5 6# ccci device for internal modem 7allow emdlogger ccci_device:chr_file { rw_file_perms }; 8 9# eemcs device for external modem 10allow emdlogger eemcs_device:chr_file { rw_file_perms }; 11 12# C2K project SDIO device for external modem ttySDIO2 control port, ttySDIO8 log port 13allow emdlogger ttySDIO_device:chr_file { rw_file_perms }; 14 15# C2K project modem device for external modem vmodem start/stop/ioctl modem 16allow emdlogger vmodem_device:chr_file { rw_file_perms }; 17 18# usb device ttyGSx for modem logger usb logging 19allow emdlogger ttyGS_device:chr_file { rw_file_perms}; 20 21# for modem logging sdcard access 22allow emdlogger sdcard_type:dir { create_dir_perms }; 23allow emdlogger sdcard_type:file { create_file_perms }; 24 25# modem logger access on /data/mdlog 26allow emdlogger mdlog_data_file:dir { create_dir_perms relabelto }; 27allow emdlogger mdlog_data_file:fifo_file { create_file_perms }; 28allow emdlogger mdlog_data_file:file { create_file_perms }; 29 30# modem logger control port access /dev/ttyC1 31allow emdlogger mdlog_device:chr_file { rw_file_perms}; 32 33#modem logger SD logging in factory mode 34allow emdlogger vfat:dir create_dir_perms; 35allow emdlogger vfat:file create_file_perms; 36 37#modem logger permission in storage in android M version 38allow emdlogger mnt_user_file:dir search; 39allow emdlogger mnt_user_file:lnk_file read; 40allow emdlogger storage_file:lnk_file read; 41 42#permission for storage link access in vzw Project 43allow emdlogger mnt_media_rw_file:dir search; 44 45 46#permission for use SELinux API 47#avc: denied { read } for pid=576 comm="emdlogger1" name="selinux_version" dev="rootfs" 48allow emdlogger rootfs:file r_file_perms; 49 50#permission for storage access storage 51allow emdlogger storage_file:dir { create_dir_perms }; 52allow emdlogger tmpfs:lnk_file read; 53allow emdlogger storage_file:file { create_file_perms }; 54 55#permission for read boot mode 56#avc: denied { open } path="/sys/devices/virtual/BOOT/BOOT/boot/boot_mode" dev="sysfs" 57allow emdlogger sysfs_boot_mode:file { read open }; 58 59# Allow read to sys/kernel/ccci/* files 60allow emdlogger sysfs_ccci:dir search; 61allow emdlogger sysfs_ccci:file r_file_perms; 62 63allow emdlogger sysfs_mdinfo:file r_file_perms; 64allow emdlogger sysfs_mdinfo:dir search; 65 66# Allow read avc: denied { read } for name="mddb" dev="mmcblk0p25" ino=681 67# scontext=u:r:emdlogger:s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=0 68allow emdlogger system_file:dir read; 69 70 71# purpose: allow emdlogger to access storage in N version 72allow emdlogger media_rw_data_file:file { create_file_perms }; 73allow emdlogger media_rw_data_file:dir { create_dir_perms }; 74 75#avc: denied { connectto } for path=006165653A72747464 scontext=u:r:emdlogger:s0 76#tcontext=u:object_r:aee_aed_socket:s0 tclass=unix_stream_socket permissive=0 77#security issue control 78allow emdlogger crash_dump:unix_stream_socket connectto; 79 80# For dynamic CCB buffer feature 81#avc: denied { read write } for name="lk_env" dev="proc" ino=4026532192 82#scontext=u:r:emdlogger:s0 tcontext=u:object_r:proc_lk_env:s0 tclass=file permissive=0 83#avc: denied { read } for name="mmcblk0p3" dev="tmpfs" ino=8493 scontext=u:r:emdlogger:s0 84# tcontext=u:object_r:para_block_device:s0 tclass=blk_file permissive=0 85allow emdlogger para_block_device:blk_file { read open write }; 86allow emdlogger proc_lk_env:file { read write ioctl open }; 87 88## purpose: avc: denied { read } for name="plat_file_contexts" 89#allow emdlogger file_contexts_file:file { read getattr open map}; 90 91allow emdlogger block_device:dir search; 92allow emdlogger md_block_device:blk_file { read open }; 93allow emdlogger self:capability { chown }; 94 95 96# purpose: allow emdlogger to access persist.meta.connecttype 97get_prop(emdlogger, meta_connecttype_prop); 98 99# purpose: allow emdlogger to create socket 100allow emdlogger port:tcp_socket { name_connect name_bind }; 101allow emdlogger emdlogger:tcp_socket { create connect setopt bind }; 102allow emdlogger emdlogger:tcp_socket { bind setopt listen accept read write }; 103allow emdlogger node:tcp_socket node_bind; 104 105# Android P migration 106set_prop(emdlogger, persist_mtklog_prop) 107set_prop(emdlogger, vendor_mdl_prop) 108set_prop(emdlogger, vendor_mdl_start_prop) 109set_prop(emdlogger, debug_mdlogger_prop) 110get_prop(emdlogger, vendor_usb_prop) 111set_prop(emdlogger, persist_mdlog_prop) 112set_prop(emdlogger, vendor_mdl_pulllog_prop) 113set_prop(emdlogger, exported_system_radio_prop) 114set_prop(emdlogger, debug_prop) 115set_prop(emdlogger, system_radio_prop) 116 117allow emdlogger vendor_configs_file:file map; 118allow emdlogger vendor_default_prop:file map; 119 120# Date : WK19.12 121# Operation: add permission to catch logs 122# Purpose : get kernel and radio logs when modem exception 123allow emdlogger kernel:system syslog_read; 124allow emdlogger logcat_exec:file {rx_file_perms}; 125allow emdlogger logdr_socket:sock_file write; 126 127