Evolution-x-devices/device_google_wahoo
2
0
Fork 0
mirror of https://github.com/Evolution-X-Devices/device_google_wahoo synced 2026-02-01 15:09:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Adding userdebug/eng diag access for following domains

Browse Source 
World access to diag_device for userdebug/eng builds was revoked due to
potential for dangerous use from 3rd party code so this
CL grants access back to the domains that requested it.

denied { read write } for pid=832 comm="qti" name="diag" dev="tmpfs" ino
=9583 scontext=u:r:qti:s0 tcontext=u:object_r:diag_device:s0 tclass=chr_
file

denied { read write } for pid=808 comm="thermal-engine" name="diag" dev=
"tmpfs" ino=9583 scontext=u:r:thermal-engine:s0 tcontext=u:object_r:diag
_device:s0 tclass=chr_file

denied { read write } for pid=877 comm="cnss_diag" name="diag" dev="tmpf
s" ino=9583 scontext=u:r:wcnss_service:s0 tcontext=u:object_r:diag_devic
e:s0 tclass=chr_file

denied { read write } for pid=816 comm="imsqmidaemon" name="diag" dev="t
mpfs" ino=9583 scontext=u:r:ims:s0 tcontext=u:object_r:diag_device:s0 tc
lass=chr_file

denied { read write } for pid=753 comm="android.hardwar" name="diag" dev
="tmpfs" ino=9583 scontext=u:r:hal_sensors_default:s0 tcontext=u:object_
r:diag_device:s0 tclass=chr_file

denied { read write } for pid=772 comm="sensors.qcom" name="diag" dev="t
mpfs" ino=9583 scontext=u:r:sensors:s0 tcontext=u:object_r:diag_device:s
0 tclass=chr_file

denied { read write } for pid=677 comm="time_daemon" name="diag" dev="tm
pfs" ino=9583 scontext=u:r:time_daemon:s0 tcontext=u:object_r:diag_devic
e:s0 tclass=chr_file

denied { read write } for pid=618 comm="android.hardwar" name="diag" dev
="tmpfs" ino=9583 scontext=u:r:hal_graphics_composer_default:s0 tcontext
=u:object_r:diag_device:s0 tclass=chr_file

denied { read write } for pid=854 comm="rild" name="diag" dev="tmpfs" in
o=10642 scontext=u:r:rild:s0 tcontext=u:object_r:diag_device:s0 tclass=c
hr_file

denied { read write } for pid=828 comm="netmgrd" name="diag" dev="tmpfs"
ino=10642 scontext=u:r:netmgrd:s0 tcontext=u:object_r:diag_device:s0 tcl
ass=chr_file

denied { read write } for pid=826 comm="cnd" name="diag" dev="tmpfs" ino
=10642 scontext=u:r:cnd:s0 tcontext=u:object_r:diag_device:s0 tclass=chr
_file

denied { read write } for pid=1559 comm="iptables-wrappe" path="/dev/dia
g" dev="tmpfs" ino=17555 scontext=u:r:netutils_wrapper:s0 tcontext=u:obj
ect_r:diag_device:s0 tclass=chr_file

Test: domains that need diag_device access can get access to it
Change-Id: I6b2473958d10145ed981c5fbcb2ebd3232fcee0e
Merged-In: I6b2473958d10145ed981c5fbcb2ebd3232fcee0e
(cherry picked from commit c760b34307)
This commit is contained in:
Max Bires
2017-10-10 16:23:15 -07:00
committed by Jeff Vander Stoep
parent d9bf00f0fa
commit a72c9eda39
12 changed files with 42 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
sepolicy/vendor/cnd.te vendored
View File

@@ -29,3 +29,8 @@ hwbinder_use(cnd)
get_prop(cnd, hwservicemanager_prop)
binder_call(cnd, dataservice_app)
binder_call(cnd, ims)
userdebug_or_eng(`
allow cnd diag_device:chr_file rw_file_perms;
')
dontaudit cnd diag_device:chr_file rw_file_perms;

2
sepolicy/vendor/hal_graphics_composer_default.te vendored
View File

@@ -31,4 +31,6 @@ allow hal_graphics_composer_default display_vendor_data_file:file create_file_pe
userdebug_or_eng(`
allow hal_graphics_composer_default debugfs_mdp:dir r_dir_perms;
allow hal_graphics_composer_default debugfs_mdp:file r_file_perms;
allow hal_graphics_composer_default diag_device:chr_file rw_file_perms;
')
dontaudit hal_graphics_composer_default diag_device:chr_file rw_file_perms;

2
sepolicy/vendor/hal_sensors_default.te vendored
View File

@@ -12,4 +12,6 @@ allow hal_sensors_default qdsp_device:chr_file r_file_perms;
userdebug_or_eng(`
r_dir_file(hal_sensors_default, sysfs_diag)
allow hal_sensors_default sysfs_timestamp_switch:file r_file_perms;
allow hal_sensors_default diag_device:chr_file rw_file_perms;
')
dontaudit hal_sensors_default diag_device:chr_file rw_file_perms;

5
sepolicy/vendor/ims.te vendored
View File

@@ -33,3 +33,8 @@ r_dir_file(ims, sysfs_diag)
hwbinder_use(ims)
allow ims hal_cne_hwservice:hwservice_manager find;
binder_call(ims, cnd)
userdebug_or_eng(`
allow ims diag_device:chr_file rw_file_perms;
')
dontaudit ims diag_device:chr_file rw_file_perms;

2
sepolicy/vendor/netmgrd.te vendored
View File

@@ -40,7 +40,9 @@ domain_auto_trans(netmgrd, netutils_wrapper_exec, netutils_wrapper)
allow netmgrd sysfs_timestamp_switch:file { read open };
userdebug_or_eng(`
r_dir_file(netmgrd, sysfs_diag)
allow netmgrd diag_device:chr_file rw_file_perms;
')
dontaudit netmgrd diag_device:chr_file rw_file_perms;
#Ignore if device loading for private IOCTL failed
dontaudit netmgrd kernel:system { module_request };

5
sepolicy/vendor/netutils_wrapper.te vendored
View File

@@ -5,3 +5,8 @@ allow netutils_wrapper netmgrd:fifo_file { getattr read write append };
dontaudit netutils_wrapper netmgrd:netlink_socket { getattr read write append };
dontaudit netutils_wrapper kernel:system module_request;
dontaudit netutils_wrapper self:capability sys_module;
userdebug_or_eng(`
allow netutils_wrapper diag_device:chr_file rw_file_perms;
')
dontaudit netutils_wrapper diag_device:chr_file rw_file_perms;

5
sepolicy/vendor/qti.te vendored
View File

@@ -14,3 +14,8 @@ allow qti self:socket create_socket_perms;
allowxperm qti self:socket ioctl msm_sock_ipc_ioctls;
r_dir_file(qti, sysfs_msm_subsys)
userdebug_or_eng(`
allow qti diag_device:chr_file rw_file_perms;
')
dontaudit qti diag_device:chr_file rw_file_perms;

2
sepolicy/vendor/rild.te vendored
View File

@@ -21,7 +21,9 @@ allow rild time_daemon:unix_stream_socket connectto;
userdebug_or_eng(`
domain_auto_trans(rild, smlog_dump_exec, smlog_dump)
allow rild diag_device:chr_file rw_file_perms;
')
dontaudit rild diag_device:chr_file rw_file_perms;
allow rild radio_vendor_data_file:dir rw_dir_perms;
allow rild radio_vendor_data_file:file create_file_perms;

2
sepolicy/vendor/sensors.te vendored
View File

@@ -29,4 +29,6 @@ r_dir_file(sensors, sysfs_msm_subsys)
userdebug_or_eng(`
r_dir_file(sensors, sysfs_diag)
allow sensors sysfs_timestamp_switch:file r_file_perms;
allow sensors diag_device:chr_file rw_file_perms;
')
dontaudit sensors diag_device:chr_file rw_file_perms;

5
sepolicy/vendor/thermal-engine.te vendored
View File

@@ -28,3 +28,8 @@ allowxperm thermal-engine self:socket ioctl msm_sock_ipc_ioctls;
# reboot/shutdown for thermal limits exceeded
set_prop(thermal-engine, powerctl_prop)
userdebug_or_eng(`
allow thermal-engine diag_device:chr_file rw_file_perms;
')
dontaudit thermal-engine diag_device:chr_file rw_file_perms;

5
sepolicy/vendor/time_daemon.te vendored
View File

@@ -23,3 +23,8 @@ allow time_daemon persist_file:dir search;
allow time_daemon self:socket create_socket_perms;
allowxperm time_daemon self:socket ioctl msm_sock_ipc_ioctls;
userdebug_or_eng(`
allow time_daemon diag_device:chr_file rw_file_perms;
')
dontaudit time_daemon diag_device:chr_file rw_file_perms;

2
sepolicy/vendor/wcnss_service.te vendored
View File

@@ -31,7 +31,9 @@ userdebug_or_eng(`
r_dir_file(wcnss_service, proc_wifi_dbg)
r_dir_file(wcnss_service, sysfs_diag)
allow wcnss_service sysfs_timestamp_switch:file r_file_perms;
allow wcnss_service diag_device:chr_file rw_file_perms;
')
dontaudit wcnss_service diag_device:chr_file rw_file_perms;
allow wcnss_service sysfs_soc:dir search;
allow wcnss_service sysfs_soc:file r_file_perms;