diff options
| author | Woody Lin <woodylin@google.com> | 2020-06-02 05:01:56 +0000 |
|---|---|---|
| committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2020-06-02 05:01:56 +0000 |
| commit | e621cf662579e8da28145ec41896a9275c76942a (patch) | |
| tree | 6f64905d580c83348d58dfddbf01355cece1b7b2 | |
| parent | 0a55f1ca900e9e9cb780492820ce394652d50d77 (diff) | |
| parent | a39367284fa78ab0c61cb922380ba96989a50fd9 (diff) | |
| download | crosshatch-sepolicy-e621cf662579e8da28145ec41896a9275c76942a.tar.gz | |
ramdump/ramdump_app: SE policies to implement and access ramdumpfs am: 6b5c7e79aa am: a39367284f
Original change: undetermined
Change-Id: I8c0c52a0db905914b49e9ff31fee497606d40d7d
| -rw-r--r-- | vendor/google/file.te | 3 | ||||
| -rw-r--r-- | vendor/qcom/common/file.te | 2 | ||||
| -rw-r--r-- | vendor/qcom/common/file_contexts | 6 | ||||
| -rw-r--r-- | vendor/qcom/common/ramdump.te | 7 | ||||
| -rw-r--r-- | vendor/qcom/common/ramdump_app.te | 5 |
5 files changed, 23 insertions, 0 deletions
diff --git a/vendor/google/file.te b/vendor/google/file.te index ce6a826..fc651f2 100644 --- a/vendor/google/file.te +++ b/vendor/google/file.te @@ -4,3 +4,6 @@ type proc_touch, proc_type, fs_type; type sysfs_display, sysfs_type, fs_type; type sysfs_pixelstats, sysfs_type, fs_type; type persist_battery_file, file_type; + +# RamdumpFS +allow ramdump_vendor_mnt_file self:filesystem associate; diff --git a/vendor/qcom/common/file.te b/vendor/qcom/common/file.te index 1cda2c6..da17d1e 100644 --- a/vendor/qcom/common/file.te +++ b/vendor/qcom/common/file.te @@ -95,6 +95,7 @@ type nfc_vendor_data_file, file_type, data_file_type; type radio_vendor_data_file, file_type, data_file_type, mlstrustedobject; type cnss_vendor_data_file, file_type, data_file_type, mlstrustedobject; type ramdump_vendor_data_file, file_type, data_file_type, mlstrustedobject; +type ramdump_vendor_mnt_file, file_type, data_file_type, mlstrustedobject; type wifidump_vendor_data_file, file_type, data_file_type; type modem_dump_file, file_type, data_file_type; type sensors_vendor_data_file, file_type, data_file_type; @@ -107,6 +108,7 @@ type tcpdump_vendor_data_file, file_type, data_file_type, mlstrustedobject; type data_qsee_file, file_type, data_file_type; type vendor_tui_data_file, file_type, data_file_type; type wifi_vendor_log_data_file, file_type, data_file_type; + type hal_neuralnetworks_data_file, file_type, data_file_type; type modem_stat_data_file, file_type, data_file_type; diff --git a/vendor/qcom/common/file_contexts b/vendor/qcom/common/file_contexts index de33a67..b665d4a 100644 --- a/vendor/qcom/common/file_contexts +++ b/vendor/qcom/common/file_contexts @@ -72,6 +72,12 @@ # Block devices for the drive that holds the xbl_a and xbl_b partitions. /dev/block/sd[bc]1? u:object_r:xbl_block_device:s0 +################################### +# ramdumpfs files +# +/mnt/vendor/ramdump(/.*)? u:object_r:ramdump_vendor_mnt_file:s0 +/ramdump(/.*)? u:object_r:ramdump_vendor_mnt_file:s0 + # Block device for hal_bootctl /dev/block/sde u:object_r:boot_block_device:s0 diff --git a/vendor/qcom/common/ramdump.te b/vendor/qcom/common/ramdump.te index 5748f95..7b2e786 100644 --- a/vendor/qcom/common/ramdump.te +++ b/vendor/qcom/common/ramdump.te @@ -34,4 +34,11 @@ userdebug_or_eng(` get_prop(ramdump, hwservicemanager_prop) allow ramdump fwk_stats_hwservice:hwservice_manager find; binder_call(ramdump, stats_service_server) + + # To implement fusefs (ramdumpfs) under /mnt/vendor/ramdump. + allow ramdump fuse:filesystem relabelfrom; + allow ramdump fuse_device:chr_file rw_file_perms; + allow ramdump mnt_vendor_file:dir r_dir_perms; + allow ramdump ramdump_vendor_mnt_file:dir { getattr mounton }; + allow ramdump ramdump_vendor_mnt_file:filesystem { mount unmount relabelfrom relabelto }; ') diff --git a/vendor/qcom/common/ramdump_app.te b/vendor/qcom/common/ramdump_app.te index 49d15dc..38cf2f4 100644 --- a/vendor/qcom/common/ramdump_app.te +++ b/vendor/qcom/common/ramdump_app.te @@ -13,4 +13,9 @@ userdebug_or_eng(` set_prop(ramdump_app, vendor_ramdump_prop); get_prop(system_app, vendor_ssr_prop) get_prop(ramdump_app, system_boot_reason_prop) + + # To access ramdumpfs. + allow ramdump_app mnt_vendor_file:dir search; + allow ramdump_app ramdump_vendor_mnt_file:dir create_dir_perms; + allow ramdump_app ramdump_vendor_mnt_file:file create_file_perms; ') |