enable power anomaly detection

Move connectivity monitor sepolicies to specific policy file Allow Power Anomaly detector to access /data/vendor/radio Fixes below errors 12-28 18:01:37.294 W/ectivitymonitor( 3619): type=1400 audit(0.0:13): avc: denied { search } for name="radio" dev="sda13" ino=1835015 scontext=u:r:radio:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=0 12-28 18:15:03.838 W/ectivitymonitor( 3621): type=1400 audit(0.0:18): avc: denied { read } for name="u:object_r:tel_mon_prop:s0" dev="tmpfs" ino=9592 scontext=u:r:con_monitor_app:s0:c233,c259,c512,c768 tcontext=u:object_r:tel_mon_prop:s0 tclass=file permissive=0 01-10 19:38:17.399 939 939 W rild : type=1400 audit(0.0:87): avc: denied { read } for name="u:object_r:tel_mon_prop:s0" dev="tmpfs" ino=17732 scontext=u:r:rild:s0 tcontext=u:object_r:tel_mon_prop:s0 tclass=file permissive= add power_anomaly_data.txt to be picked up in bugreport Test: tested by testing power anomaly detector and connectivity monitor Bug: 67058502 Change-Id: I8ad45d5e9cedde8f498627f97b35db27dfd2ea28
2026-01-27 18:19:03 +00:00 · 2018-01-02 16:01:56 -08:00
parent 55ffbfec41
commit 86815f4889
5 changed files with 17 additions and 1 deletions
--- a/dumpstate/DumpstateDevice.cpp
+++ b/dumpstate/DumpstateDevice.cpp
@@ -119,7 +119,8 @@ void DumpstateDevice::dumpModem(int fd, int fdModem)
              "/data/vendor/radio/ril_log",
              "/data/vendor/radio/ril_log_old",
              "/data/vendor/netmgr/netmgr_log",
-              "/data/vendor/netmgr/netmgr_log_old"
+              "/data/vendor/netmgr/netmgr_log_old",
+              "/data/vendor/radio/power_anomaly_data.txt"
            };

        std::string modemLogMkDirCmd= "/vendor/bin/mkdir -p " + modemLogAllDir;
--- a/sepolicy/vendor/con_monitor.te
+++ b/sepolicy/vendor/con_monitor.te
@@ -0,0 +1,9 @@
+# ConnectivityMonitor app
+type con_monitor_app, domain;
+
+app_domain(con_monitor_app)
+
+set_prop(con_monitor_app, tel_mon_prop)
+allow con_monitor_app app_api_service:service_manager find;
+allow con_monitor_app radio_vendor_data_file:dir rw_dir_perms;
+allow con_monitor_app radio_vendor_data_file:file create_file_perms;
--- a/sepolicy/vendor/property_contexts
+++ b/sepolicy/vendor/property_contexts
@@ -21,6 +21,7 @@ ctl.vendor.thermal-engine  u:object_r:thermal_prop:s0
 persist.sys.modem.diag.    u:object_r:modem_diag_prop:s0
 sys.modem.diag.            u:object_r:modem_diag_prop:s0
 persist.radio.enable_tel_mon  u:object_r:tel_mon_prop:s0
+persist.radio.poweranomaly.start u:object_r:tel_mon_prop:s0
 sys.time.set               u:object_r:sys_time_prop:s0
 persist.radio.atfwd.start  u:object_r:atfwd_start_prop:s0
 sys.logger.bluetooth       u:object_r:bluetooth_log_prop:s0
--- a/sepolicy/vendor/rild.te
+++ b/sepolicy/vendor/rild.te
@@ -27,3 +27,5 @@ dontaudit rild diag_device:chr_file rw_file_perms;

 allow rild radio_vendor_data_file:dir rw_dir_perms;
 allow rild radio_vendor_data_file:file create_file_perms;
+
+get_prop(rild, tel_mon_prop)
--- a/sepolicy/vendor/seapp_contexts
+++ b/sepolicy/vendor/seapp_contexts
@@ -24,3 +24,6 @@ user=_app seinfo=platform name=com.qualcomm.timeservice domain=timeservice_app t

 # Domain for easelservice app
 user=_app seinfo=easel name=com.google.android.imaging.easel.service domain=easelservice_app type=app_data_file levelFrom=user
+
+#Domain for connectivity monitor
+user=radio seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all