Add new type and domain for vendor radio

1. Add radio_vendor_data_file type 2. Add logger_app domain Bug: 36859102 Test: Verify no security denial Change-Id: I6c9236a3b2e0b459bf16b2861e7ddfebca3ed9c6
2026-01-28 13:18:23 +00:00 · 2017-04-05 10:49:30 -07:00
parent f41ff958d8
commit 21ec03152e
6 changed files with 20 additions and 1 deletions
--- a/init.hardware.diag.rc.userdebug
+++ b/init.hardware.diag.rc.userdebug
@@ -16,7 +16,8 @@

 on post-fs-data
    # Modem logging collection
-    mkdir /data/diag_logs 0777 system system
+    mkdir /data/vendor/radio 0775 radio radio
+    mkdir /data/vendor/radio/diag_logs 0777 system system
    # WLAN logging collection
    mkdir /data/cnss_diag 0777 system system

--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -38,4 +38,6 @@ type netmgr_data_file, file_type, data_file_type;

 type nfc_vendor_data_file, file_type, data_file_type;

+type radio_vendor_data_file, file_type, data_file_type, mlstrustedobject;
+
 type ramdump_data_file, file_type, data_file_type, mlstrustedobject;
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -138,6 +138,7 @@

 # data files
 /data/misc/radio(/.*)?                 u:object_r:radio_data_file:s0
+/data/vendor/radio(/.*)?               u:object_r:radio_vendor_data_file:s0
 /data/misc/netmgr(/.*)?                u:object_r:netmgr_data_file:s0
 /data/misc/location(/.*)?              u:object_r:location_data_file:s0
 /data/ramdump(/.*)?                    u:object_r:ramdump_data_file:s0
--- a/sepolicy/hal_dumpstate_impl.te
+++ b/sepolicy/hal_dumpstate_impl.te
@@ -19,8 +19,10 @@ userdebug_or_eng(`
  allow hal_dumpstate_impl smlog_dump_file:dir create_dir_perms;
  allow hal_dumpstate_impl smlog_dump_file:file create_file_perms;
  allow hal_dumpstate_impl radio_data_file:dir r_dir_perms;
+  allow hal_dumpstate_impl radio_vendor_data_file:dir r_dir_perms;
  allow hal_dumpstate_impl netmgr_data_file:dir r_dir_perms;
  allow hal_dumpstate_impl radio_data_file:file r_file_perms;
+  allow hal_dumpstate_impl radio_vendor_data_file:file r_file_perms;
  allow hal_dumpstate_impl netmgr_data_file:file r_file_perms;
 ')

--- a/sepolicy/logger_app.te
+++ b/sepolicy/logger_app.te
@@ -0,0 +1,12 @@
+type logger_app, domain;
+
+userdebug_or_eng(`
+  app_domain(logger_app)
+  net_domain(logger_app)
+
+  allow logger_app app_api_service:service_manager find;
+  allow logger_app surfaceflinger_service:service_manager find;
+
+  allow logger_app radio_vendor_data_file:file { create open unlink getattr setattr read write };
+  allow logger_app radio_vendor_data_file:dir { create open rmdir add_name remove_name getattr setattr search read write };
+')
--- a/sepolicy/seapp_contexts
+++ b/sepolicy/seapp_contexts
@@ -0,0 +1 @@
+user=_app seinfo=platform name=com.android.nexuslogger domain=logger_app type=app_data_file levelFrom=all
				`@@ -0,0 +1 @@`
				`user=_app seinfo=platform name=com.android.nexuslogger domain=logger_app type=app_data_file levelFrom=all`