Selinux: give qmxd logger app access to diag device and logs

label /data/diag_logs make /data/diag_logs an mlstrustedobject QXDM logger runs as a platform app, and is now subject to SELinux multi-user restrictions. Mark /data/diag_logs as being safe to access from multiple Android users. Addresses the following denials: avc: denied { write } for name="rundiag" dev="dm-1" ino=1798722 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:diag_logs:s0 tclass=file permissive=0 avc: denied { setattr } for name="rundiag" dev="dm-1" ino=1798722 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:diag_logs:s0 tclass=file permissive=0 Bug: 21591724 Change-Id: Ib79380b4d27660cf23b1ab241ddd7e54f67247b7
author: Jeff Vander Stoep <jeffv@google.com> 2015-07-27 15:43:41 -0700
committer: Jeff Vander Stoep <jeffv@google.com> 2015-07-27 15:43:41 -0700
commit: 00bb065e8a5d4a8bfd27b6d8759fe2780864c2d4 (patch)
tree: 59e140aa38d1fa98c121724183ab2bde46f1cb85 /sepolicy/file_contexts
parent: eebd18048be6b25c14005d3e25ad38321d27f548 (diff)
download: bullhead-00bb065e8a5d4a8bfd27b6d8759fe2780864c2d4.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index b2a4589..f7b2ead 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -9,6 +9,7 @@
 /data/misc/location(/.*)?      u:object_r:location_data_file:s0
 /data/time(/.*)?               u:object_r:time_data_file:s0
 /data/ramdump(/.*)?            u:object_r:ramdump_data_file:s0
+/data/diag_logs(/.*)?          u:object_r:diag_logs:s0
 
 # GPU device
 /dev/kgsl-3d0                  u:object_r:gpu_device:s0
author	Jeff Vander Stoep <jeffv@google.com>	2015-07-27 15:43:41 -0700
committer	Jeff Vander Stoep <jeffv@google.com>	2015-07-27 15:43:41 -0700
commit	00bb065e8a5d4a8bfd27b6d8759fe2780864c2d4 (patch)
tree	59e140aa38d1fa98c121724183ab2bde46f1cb85 /sepolicy/file_contexts
parent	eebd18048be6b25c14005d3e25ad38321d27f548 (diff)
download	bullhead-00bb065e8a5d4a8bfd27b6d8759fe2780864c2d4.tar.gz