Pixel logger: fixed sepolicy issue for cnss_diag

Bug: 36734870

Change-Id: Ice91de09ef35c8ced0c3faccf65ddfacf8b64101
Signed-off-by: Ecco Park <eccopark@google.com>

sepolicy/cnss_diag.te

@@ -0,0 +1,19 @@
+# Policy for /vendor/bin/cnss_diag
+type cnss_diag, domain;
+type cnss_diag_exec, exec_type, file_type;
+
+init_daemon_domain(cnss_diag)
+
+allow cnss_diag self:capability { setgid setuid };
+
+allow cnss_diag self:netlink_socket create_socket_perms_no_ioctl;
+allow cnss_diag sysfs:file r_file_perms;
+
+# b/35877764 suppress the udp_socket denial message temproarily
+dontaudit cnss_diag self:udp_socket create;
+
+userdebug_or_eng(`
+  allow cnss_diag diag_device:chr_file rw_file_perms;
+  allow cnss_diag cnss_vendor_data_file:dir create_dir_perms;
+  allow cnss_diag cnss_vendor_data_file:file create_file_perms;
+')

sepolicy/logger_app.te

@@ -14,4 +14,5 @@ userdebug_or_eng(`
 
   allow logger_app cnss_vendor_data_file:dir create_dir_perms;
   allow logger_app cnss_vendor_data_file:file create_file_perms;
+  set_prop(logger_app, cnss_diag_prop);
 ')

sepolicy/property.te

@@ -5,5 +5,6 @@ type keymaster_prop, property_type;
 type ramdump_prop, property_type;
 type post_boot_prop, property_type;
 type ssr_prop, property_type;
+type cnss_diag_prop, property_type;
 type tee_listener_prop, property_type;
 type wc_prop, property_type;

sepolicy/property_contexts

@@ -8,5 +8,6 @@ sys.post_boot.             u:object_r:post_boot_prop:s0
 radio.                     u:object_r:radio_prop:s0
 debug.htc.hrdump           u:object_r:ramdump_prop:s0
 debug.ssrdump              u:object_r:ssr_prop:s0
+persist.sys.cnss.          u:object_r:cnss_diag_prop:s0
 sys.listeners.registered   u:object_r:tee_listener_prop:s0
 wc_transport.              u:object_r:wc_prop:s0