1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
|
type hal_dumpstate_impl, domain;
hal_server_domain(hal_dumpstate_impl, hal_dumpstate)
type hal_dumpstate_impl_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_dumpstate_impl)
# Execute dump scripts from vendor partition
allow hal_dumpstate_impl vendor_shell_exec:file rx_file_perms;
allow hal_dumpstate_impl vendor_toolbox_exec:file rx_file_perms;
# Allow to read pixel-trace trace file
allow hal_dumpstate_impl debugfs_tracing_instances:dir search;
allow hal_dumpstate_impl debugfs_tracing_instances:file r_file_perms;
userdebug_or_eng(`
allow hal_dumpstate_impl sysfs_usb_device:dir r_dir_perms;
allow hal_dumpstate_impl sysfs_usb_device:file r_file_perms;
allow hal_dumpstate_impl ssr_log_file:dir search;
allow hal_dumpstate_impl ssr_log_file:file r_file_perms;
allow hal_dumpstate_impl tcpdump_vendor_data_file:dir create_dir_perms;
allow hal_dumpstate_impl tcpdump_vendor_data_file:file create_file_perms;
set_prop(hal_dumpstate_impl, vendor_tcpdump_log_prop)
# Dump sensors log
allow hal_dumpstate_impl sensors_vendor_data_file:dir r_dir_perms;
allow hal_dumpstate_impl sensors_vendor_data_file:file r_file_perms;
')
allow hal_dumpstate_impl modem_dump_file:dir create_dir_perms;
allow hal_dumpstate_impl modem_dump_file:file create_file_perms;
set_prop(hal_dumpstate_impl, vendor_modem_diag_prop)
allow hal_dumpstate_impl radio_vendor_data_file:dir r_dir_perms;
allow hal_dumpstate_impl radio_vendor_data_file:file r_file_perms;
allow hal_dumpstate_impl netmgr_data_file:dir r_dir_perms;
allow hal_dumpstate_impl netmgr_data_file:file r_file_perms;
get_prop(hal_dumpstate_impl, vendor_tcpdump_log_prop)
# modem stat
domain_auto_trans(hal_dumpstate_impl, modem_svc_exec, modem_svc)
allow hal_dumpstate_impl modem_stat_data_file:file r_file_perms;
allow hal_dumpstate_impl uio_device:chr_file rw_file_perms;
r_dir_file(hal_dumpstate_impl, sysfs_uio)
r_dir_file(hal_dumpstate_impl, sysfs_rmtfs)
r_dir_file(hal_dumpstate_impl, sysfs_msm_subsys)
r_dir_file(hal_dumpstate_impl, sysfs_soc)
r_dir_file(hal_dumpstate_impl, sysfs_thermal)
r_dir_file(hal_dumpstate_impl, sysfs_easel)
allow hal_dumpstate_impl sysfs_esim:file r_file_perms;
allow hal_dumpstate_impl sysfs_rpm:file r_file_perms;
allow hal_dumpstate_impl sysfs_system_sleep_stats:file r_file_perms;
allow hal_dumpstate_impl debugfs_ion:dir r_dir_perms;
allow hal_dumpstate_impl debugfs_ion:file r_file_perms;
allow hal_dumpstate_impl debugfs_wlan:dir r_dir_perms;
allow hal_dumpstate_impl debugfs_wlan:file r_file_perms;
allow hal_dumpstate_impl debugfs_icnss:dir r_dir_perms;
allow hal_dumpstate_impl debugfs_icnss:file r_file_perms;
allow hal_dumpstate_impl debugfs_ipc:dir r_dir_perms;
allow hal_dumpstate_impl debugfs_ipc:file r_file_perms;
allow hal_dumpstate_impl debugfs_f2fs:dir r_dir_perms;
allow hal_dumpstate_impl debugfs_f2fs:file r_file_perms;
allow hal_dumpstate_impl debugfs_tzdbg:dir search;
allow hal_dumpstate_impl debugfs_tzdbg:file r_file_perms;
allow hal_dumpstate_impl debugfs_ufs:dir r_dir_perms;
allow hal_dumpstate_impl debugfs_ufs:file r_file_perms;
allow hal_dumpstate_impl proc_stat:file r_file_perms;
allow hal_dumpstate_impl proc_f2fs:dir r_dir_perms;
allow hal_dumpstate_impl proc_f2fs:file r_file_perms;
allow hal_dumpstate_impl block_device:dir r_dir_perms;
# Access to files for dumping
allow hal_dumpstate_impl sysfs:dir r_dir_perms;
# usb logs
allow hal_dumpstate_impl debugfs_usb:file r_file_perms;
#Access display debug data
allow hal_dumpstate_impl display_vendor_data_file:dir r_dir_perms;
allow hal_dumpstate_impl display_vendor_data_file:file r_file_perms;
# Access to touch firmware info
allow hal_dumpstate_impl sysfs_touch:dir r_dir_perms;
allow hal_dumpstate_impl sysfs_touch:file rw_file_perms;
# Access to touch proc node
allow hal_dumpstate_impl proc_touch:file rw_file_perms;
# Access to WLC firmware info
allow hal_dumpstate_impl sysfs_wlc:dir r_dir_perms;
allow hal_dumpstate_impl sysfs_wlc:file r_file_perms;
# Access to UFS info
allow hal_dumpstate_impl sysfs_scsi_devices_0000:dir r_dir_perms;
allow hal_dumpstate_impl sysfs_scsi_devices_0000:file r_file_perms;
# Access to MPSS RFS info
allow hal_dumpstate_impl mpss_rfs_data_file:dir r_dir_perms;
allow hal_dumpstate_impl mpss_rfs_data_file:file r_file_perms;
# For collecting bugreports.
allow hal_dumpstate_impl debugfs_system_ion_heap:file r_file_perms;
allow hal_dumpstate_impl shell_data_file:file getattr;
allow hal_dumpstate_impl sysfs_system_sleep_stats:file r_file_perms;
# For '/vendor/bin/sh -c getprop | grep vendor.sys.modem.diag'
allow hal_dumpstate_impl vendor_file:file execute_no_trans;
userdebug_or_eng(`allow hal_dumpstate_impl debugfs_dma_bufinfo:file r_file_perms;')
dontaudit hal_dumpstate_impl debugfs_dma_bufinfo:file r_file_perms;
# Allow to dump page_owner
userdebug_or_eng(`
allow hal_dumpstate_impl debugfs_page_owner:file r_file_perms;
')
#Dumpstats fastrpc buffer
allow hal_dumpstate_impl sysfs_fastrpc:file r_file_perms;
# Query and dump power supply nodes
allow hal_dumpstate_impl sysfs_batteryinfo:dir search;
allow hal_dumpstate_impl sysfs_batteryinfo:file r_file_perms;
# Dump QCOM FG content
allow hal_dumpstate_impl debugfs_fg_sram:dir search;
allow hal_dumpstate_impl debugfs_fg_sram:file rw_file_perms;
# Dump Maxim FG content
allow hal_dumpstate_impl debugfs_maxfg:dir search;
allow hal_dumpstate_impl debugfs_maxfg:file r_file_perms;
allow hal_dumpstate_impl tmpfs:dir search;
allow hal_dumpstate_impl maxfg_device:chr_file r_file_perms;
# Dump PMIC votables
allow hal_dumpstate_impl debugfs_pmic_votable:dir r_dir_perms;
allow hal_dumpstate_impl debugfs_pmic_votable:file r_file_perms;
# Citadel communication must be via citadeld
vndbinder_use(hal_dumpstate_impl)
binder_call(hal_dumpstate_impl, citadeld)
allow hal_dumpstate_impl citadeld_service:service_manager find;
# Vibrator
r_dir_file(hal_dumpstate_impl, sysfs_leds)
dontaudit hal_dumpstate_impl sensors_vendor_data_file:dir r_dir_perms;
dontaudit hal_dumpstate_impl sensors_vendor_data_file:file r_file_perms;
# Access to vendor logging property
set_prop(hal_dumpstate_impl, vendor_logging_prop)
|
