Merge "Move logging folder from data to data/vendor"

2026-02-01 07:50:47 +00:00 · 2017-04-11 16:52:20 +00:00
parent 465d8985b9 33e42325ff
commit c708f9fe23
13 changed files with 60 additions and 37 deletions
--- a/init.hardware.diag.rc.userdebug
+++ b/init.hardware.diag.rc.userdebug
@@ -19,7 +19,8 @@ on post-fs-data
    mkdir /data/vendor/radio 0775 radio radio
    mkdir /data/vendor/radio/diag_logs 0777 system system
    # WLAN logging collection
-    mkdir /data/cnss_diag 0777 system system
+    mkdir /data/vendor/wifi 0777 system system
+    mkdir /data/vendor/wifi/cnss_diag 0777 system system

 on boot
    chmod 666 /dev/diag
--- a/init.hardware.rc
+++ b/init.hardware.rc
@@ -458,7 +458,7 @@ service ss_ramdump /vendor/bin/subsystem_ramdump

 on property:persist.sys.ssr.enable_ramdumps=1
    write /sys/module/subsystem_restart/parameters/enable_ramdumps 1
-    mkdir /data/ramdump 761 root system
+    mkdir /data/vendor/ramdump 761 root system
    start ss_ramdump

 on property:persist.sys.ssr.enable_ramdumps=0
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -39,7 +39,8 @@ type persist_sensors_file, file_type;
 type netmgr_data_file, file_type, data_file_type;

 type nfc_vendor_data_file, file_type, data_file_type;
-
 type radio_vendor_data_file, file_type, data_file_type, mlstrustedobject;
+type cnss_vendor_data_file, file_type, data_file_type, mlstrustedobject;
+type ramdump_vendor_data_file, file_type, data_file_type, mlstrustedobject;

 type ramdump_data_file, file_type, data_file_type, mlstrustedobject;
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -150,7 +150,7 @@
 /system/bin/init\.radio\.sh            u:object_r:init_radio_exec:s0
 /system/bin/location-mq-s              u:object_r:location_exec:s0
 /system/bin/lowi-server                u:object_r:location_exec:s0
-/system/bin/ramdump                    u:object_r:ramdump_exec:s0
+/vendor/bin/ramdump                    u:object_r:ramdump_exec:s0

 # files in /vendor
 /vendor/bin/hw/android\.hardware\.dumpstate@1\.0-service.wahoo      u:object_r:hal_dumpstate_impl_exec:s0
@@ -195,12 +195,14 @@

 # data files
 /data/misc/radio(/.*)?                 u:object_r:radio_data_file:s0
-/data/vendor/radio(/.*)?               u:object_r:radio_vendor_data_file:s0
 /data/misc/netmgr(/.*)?                u:object_r:netmgr_data_file:s0
 /data/misc/location(/.*)?              u:object_r:location_data_file:s0
 /data/ramdump(/.*)?                    u:object_r:ramdump_data_file:s0
 /data/nfc(/.*)?                        u:object_r:nfc_data_file:s0
 /data/vendor/nfc(/.*)?                 u:object_r:nfc_vendor_data_file:s0
+/data/vendor/radio(/.*)?               u:object_r:radio_vendor_data_file:s0
+/data/vendor/wifi(/.*)?                u:object_r:cnss_vendor_data_file:s0
+/data/vendor/ramdump(/.*)?             u:object_r:ramdump_vendor_data_file:s0

 # /
 /tombstones             u:object_r:rootfs:s0
--- a/sepolicy/logger_app.te
+++ b/sepolicy/logger_app.te
@@ -7,6 +7,11 @@ userdebug_or_eng(`
  allow logger_app app_api_service:service_manager find;
  allow logger_app surfaceflinger_service:service_manager find;

-  allow logger_app radio_vendor_data_file:file { create open unlink getattr setattr read write };
-  allow logger_app radio_vendor_data_file:dir { create open rmdir add_name remove_name getattr setattr search read write };
+  allow logger_app diag_device:chr_file rw_file_perms;
+
+  allow logger_app radio_vendor_data_file:file create_file_perms;
+  allow logger_app radio_vendor_data_file:dir create_dir_perms;
+
+  allow logger_app cnss_vendor_data_file:dir create_dir_perms;
+  allow logger_app cnss_vendor_data_file:file create_file_perms;
 ')
--- a/sepolicy/platform_app.te
+++ b/sepolicy/platform_app.te
@@ -1,3 +0,0 @@
-userdebug_or_eng(`
-  get_prop(platform_app, ramdump_prop)
-')
--- a/sepolicy/ramdump.te
+++ b/sepolicy/ramdump.te
@@ -8,8 +8,8 @@ userdebug_or_eng(`

  allow ramdump self:capability sys_rawio;

-  allow ramdump ramdump_data_file:dir w_dir_perms;
-  allow ramdump ramdump_data_file:file create_file_perms;
+  allow ramdump ramdump_vendor_data_file:dir create_dir_perms;
+  allow ramdump ramdump_vendor_data_file:file create_file_perms;
  allow ramdump proc:file r_file_perms;

  allow ramdump misc_block_device:blk_file rw_file_perms;
--- a/sepolicy/ramdump_app.te
+++ b/sepolicy/ramdump_app.te
@@ -0,0 +1,13 @@
+type ramdump_app, domain;
+
+userdebug_or_eng(`
+  app_domain(ramdump_app)
+
+  allow ramdump_app app_api_service:service_manager find;
+
+  allow ramdump_app ramdump_vendor_data_file:file create_file_perms;
+  allow ramdump_app ramdump_vendor_data_file:dir create_dir_perms;
+
+  set_prop(ramdump_app, ramdump_prop);
+  get_prop(system_app, ssr_prop)
+')
--- a/sepolicy/seapp_contexts
+++ b/sepolicy/seapp_contexts
@@ -1 +1,3 @@
+user=system seinfo=platform name=com.google.SSRestartDetector domain=ssr_detector_app type=system_app_data_file
 user=_app seinfo=platform name=com.android.nexuslogger domain=logger_app type=app_data_file levelFrom=all
+user=_app seinfo=platform name=com.android.ramdump domain=ramdump_app type=app_data_file levelFrom=all
--- a/sepolicy/ssr_detector.te
+++ b/sepolicy/ssr_detector.te
@@ -0,0 +1,16 @@
+# SSRestartDetector app
+type ssr_detector_app, domain;
+
+userdebug_or_eng(`
+  app_domain(ssr_detector_app)
+
+  allow ssr_detector_app ramdump_vendor_data_file:dir r_dir_perms;
+  allow ssr_detector_app ramdump_vendor_data_file:file r_file_perms;
+  get_prop(ssr_detector_app, ssr_prop)
+
+  allow ssr_detector_app { app_api_service }:service_manager find;
+
+  # Read and write /data/data subdirectory.
+  allow ssr_detector_app system_app_data_file:dir create_dir_perms;
+  allow ssr_detector_app system_app_data_file:{ file lnk_file } create_file_perms;
+')
--- a/sepolicy/subsystem_ramdump.te
+++ b/sepolicy/subsystem_ramdump.te
@@ -1,18 +1,17 @@
-type subsystem_ramdump, domain;
 type subsystem_ramdump_exec, exec_type, file_type;

-init_daemon_domain(subsystem_ramdump);
-
 userdebug_or_eng(`
-permissive subsystem_ramdump;
+  type subsystem_ramdump, domain;

-allow subsystem_ramdump device:dir r_dir_perms;
-allow subsystem_ramdump ramdump_device:chr_file r_file_perms;
+  init_daemon_domain(subsystem_ramdump);

-r_dir_file(subsystem_ramdump, sysfs_type);
+  allow subsystem_ramdump device:dir r_dir_perms;
+  allow subsystem_ramdump ramdump_device:chr_file r_file_perms;

-allow subsystem_ramdump ramdump_data_file:dir rw_dir_perms;
-allow subsystem_ramdump ramdump_data_file:file create_file_perms;
+  r_dir_file(subsystem_ramdump, sysfs_type);

-set_prop(subsystem_ramdump, ssr_prop);
+  allow subsystem_ramdump ramdump_vendor_data_file:dir rw_dir_perms;
+  allow subsystem_ramdump ramdump_vendor_data_file:file create_file_perms;
+
+  set_prop(subsystem_ramdump, ssr_prop);
 ')
--- a/sepolicy/system_app.te
+++ b/sepolicy/system_app.te
@@ -4,12 +4,3 @@ unix_socket_connect(system_app, cnd, cnd)

 get_prop(system_app, cnd_prop)
 allow system_app cne_service:service_manager add;
-
-userdebug_or_eng(`
-  # TODO(b/36734870): Remove this once system_app no longer directly
-  # accesses data owned by vendor components
-  typeattribute system_app vendordata_in_core_violators;
-  allow system_app ramdump_data_file:dir r_dir_perms;
-  allow system_app ramdump_data_file:file r_file_perms;
-  get_prop(system_app, ssr_prop)
-')
--- a/sepolicy/wcnss_service.te
+++ b/sepolicy/wcnss_service.te
@@ -22,12 +22,8 @@ allowxperm wcnss_service self:udp_socket ioctl { SIOCIWFIRSTPRIV_05 SIOCSIFFLAGS
 allow wcnss_service self:netlink_generic_socket create_socket_perms_no_ioctl;
 allow wcnss_service self:netlink_socket create_socket_perms_no_ioctl;

-# TODO(b/36683225): Remove this once wcnss_service stops accessing data
-# outside /data/vendor.
-typeattribute wcnss_service coredata_in_vendor_violators;
-
-allow wcnss_service wifi_data_file:dir rw_dir_perms;
-allow wcnss_service wifi_data_file:file create_file_perms;
+allow wcnss_service cnss_vendor_data_file:dir rw_dir_perms;
+allow wcnss_service cnss_vendor_data_file:file create_file_perms;

 allow wcnss_service proc_net:file getattr;