Modify ramoops sepolicy due to some ramoops file paths are changed to vendor partition

Bug: 121294677 Sync and cherry-pick ag/4966918 to AOSP Change-Id: I82d564bfa8ae3c7c9dce6d9e87cfa014e1c04ad3 Merged-In: Id7ea3c744b5af06db299f60f1ac038d49d5b7ffb Signed-off-by: SalmaxChang <salmaxchang@google.com>
2026-02-01 15:09:54 +00:00 · 2018-09-07 18:11:02 +08:00
parent 4eb18c9485
commit e73d5d568d
16 changed files with 37 additions and 35 deletions
--- a/sepolicy/private/device.te
+++ b/sepolicy/private/device.te
@@ -1 +0,0 @@
-type ramoops_device, dev_type;
--- a/sepolicy/private/file_contexts
+++ b/sepolicy/private/file_contexts
@@ -1,8 +1,3 @@
 /system/bin/folio_daemon          u:object_r:folio_daemon_exec:s0
 /data/misc/elabel(/.*)?           u:object_r:elabel_data_file:s0
 /system/bin/init\.elabel\.sh      u:object_r:init_elabel_exec:s0
-/system/bin/ramoops               u:object_r:ramoops_exec:s0
-/system/bin/init\.ramoops\.sh     u:object_r:ramoops_exec:s0
-/dev/access-metadata              u:object_r:ramoops_device:s0
-/dev/access-ramoops               u:object_r:ramoops_device:s0
-/data/misc_ce/[0-9]+/ramoops(/.*)? u:object_r:ramoops_data_file:s0
--- a/sepolicy/private/genfs_contexts
+++ b/sepolicy/private/genfs_contexts
@@ -1,4 +0,0 @@
-genfscon sysfs /devices/virtual/ramoops/pstore/aes_key                  u:object_r:sysfs_pstore:s0
-genfscon sysfs /devices/virtual/ramoops/pstore/aes_key_iv               u:object_r:sysfs_pstore:s0
-genfscon sysfs /devices/virtual/ramoops/pstore/aes_key_tag              u:object_r:sysfs_pstore:s0
-genfscon sysfs /devices/virtual/ramoops/pstore/use_alt                  u:object_r:sysfs_pstore:s0
--- a/sepolicy/private/property.te
+++ b/sepolicy/private/property.te
@@ -1 +0,0 @@
-type ramoops_prop, property_type;
--- a/sepolicy/private/property_contexts
+++ b/sepolicy/private/property_contexts
@@ -1 +0,0 @@
-sys.ramoops.                  u:object_r:ramoops_prop:s0
--- a/sepolicy/private/ramoops.te
+++ b/sepolicy/private/ramoops.te
@@ -1,20 +0,0 @@
-type ramoops, domain, coredomain;
-type ramoops_exec, exec_type, file_type, system_file_type;
-
-init_daemon_domain(ramoops);
-
-# kmod=crypto-gcm(aes)
-dontaudit ramoops kernel:system module_request;
-
-allow ramoops ramoops_exec:file rx_file_perms;
-allow ramoops shell_exec:file rx_file_perms;
-allow ramoops toolbox_exec:file rx_file_perms;
-
-# Set the sys.ramoops.decrypted property
-typeattribute ramoops system_writes_vendor_properties_violators;
-set_prop(ramoops, ramoops_prop);
-
-allow ramoops sysfs_pstore:file rw_file_perms;
-allow ramoops ramoops_device:chr_file rw_file_perms;
-allow ramoops ramoops_data_file:file create_file_perms;
-allow ramoops ramoops_data_file:dir rw_dir_perms;
--- a/sepolicy/public/file.te
+++ b/sepolicy/public/file.te
@@ -1,2 +1 @@
 type elabel_data_file, file_type, data_file_type, core_data_file_type;
-type sysfs_pstore, sysfs_type, fs_type;
--- a/sepolicy/public/ramoops.te
+++ b/sepolicy/public/ramoops.te
@@ -1 +0,0 @@
-type ramoops_data_file, file_type, data_file_type, core_data_file_type;
--- a/sepolicy/vendor/device.te
+++ b/sepolicy/vendor/device.te
@@ -26,3 +26,4 @@ type ssr_device, dev_type;
 type thermal_device, dev_type;
 type wlan_device, dev_type;
 type xbl_block_device, dev_type;
+type ramoops_device, dev_type;
--- a/sepolicy/vendor/file.te
+++ b/sepolicy/vendor/file.te
@@ -91,3 +91,6 @@ typeattribute sysfs_batteryinfo mlstrustedobject;
 type proc_irq, fs_type, proc_type;
 type sysfs_irq, sysfs_type, fs_type;
 type irqbalance_socket, file_type;
+
+type sysfs_pstore, sysfs_type, fs_type;
+type ramoops_vendor_data_file, file_type, data_file_type;
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
@@ -36,6 +36,8 @@
 /dev/mnh_sm                                     u:object_r:easel_device:s0
 /dev/easelcomm-client                           u:object_r:easel_device:s0
 /dev/pn81a                                      u:object_r:pn81a_device:s0
+/dev/access-metadata                            u:object_r:ramoops_device:s0
+/dev/access-ramoops                             u:object_r:ramoops_device:s0

 # dev socket nodes
 /dev/socket/chre                                u:object_r:chre_socket:s0
@@ -176,6 +178,8 @@
 /vendor/etc/init\.insmod\.cfg                                        u:object_r:init-insmod-sh_exec:s0
 /vendor/bin/init\.power\.sh     u:object_r:init_power_exec:s0
 /vendor/bin/init\.radio\.sh     u:object_r:init_radio_exec:s0
+/vendor/bin/ramoops             u:object_r:ramoops_exec:s0
+/vendor/bin/init\.ramoops\.sh   u:object_r:ramoops_exec:s0

 /vendor/bin/hw/android\.hardware\.bluetooth@1\.0-service-qti          u:object_r:hal_bluetooth_default_exec:s0
 /vendor/bin/hw/android\.hardware\.drm@1\.1-service\.widevine          u:object_r:hal_drm_widevine_exec:s0
@@ -252,6 +256,7 @@
 /data/vendor/sensors(/.*)?             u:object_r:sensors_vendor_data_file:s0
 /data/vendor/audio(/.*)?               u:object_r:audio_vendor_data_file:s0
 /data/vendor/mediadrm(/.*)?            u:object_r:mediadrm_vendor_data_file:s0
+/data/vendor_ce/[0-9]+/ramoops(/.*)?   u:object_r:ramoops_vendor_data_file:s0

 # /
 /tombstones             u:object_r:rootfs:s0
--- a/sepolicy/vendor/genfs_contexts
+++ b/sepolicy/vendor/genfs_contexts
@@ -98,3 +98,8 @@ genfscon debugfs /ufshcd0                             u:object_r:debugfs_ufs:s0
 genfscon debugfs /fg/sram                             u:object_r:debugfs_fg_sram:s0
 genfscon debugfs /dma_buf/bufinfo                     u:object_r:debugfs_dma_bufinfo:s0
 genfscon debugfs /tzdbg	                              u:object_r:debugfs_tzdbg:s0
+
+genfscon sysfs /devices/virtual/ramoops/pstore/aes_key                  u:object_r:sysfs_pstore:s0
+genfscon sysfs /devices/virtual/ramoops/pstore/aes_key_iv               u:object_r:sysfs_pstore:s0
+genfscon sysfs /devices/virtual/ramoops/pstore/aes_key_tag              u:object_r:sysfs_pstore:s0
+genfscon sysfs /devices/virtual/ramoops/pstore/use_alt                  u:object_r:sysfs_pstore:s0
--- a/sepolicy/vendor/property.te
+++ b/sepolicy/vendor/property.te
@@ -24,3 +24,4 @@ type vendor_wifi_version, property_type;
 type vendor_usb_config_prop, property_type;
 type vendor_charge_prop, property_type;
 type persist_nfc_prop, property_type;
+type vendor_ramoops_prop, property_type;
--- a/sepolicy/vendor/property_contexts
+++ b/sepolicy/vendor/property_contexts
@@ -207,3 +207,6 @@ ro.vendor.bluetooth.wipower             u:object_r:vendor_bluetooth_prop:s0

 # persist_nfc_prop
 persist.nfc. u:object_r:persist_nfc_prop:s0
+
+# ramoops
+vendor.ramoops.                    u:object_r:vendor_ramoops_prop:s0
--- a/sepolicy/vendor/ramoops.te
+++ b/sepolicy/vendor/ramoops.te
@@ -0,0 +1,19 @@
+type ramoops, domain;
+type ramoops_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(ramoops);
+
+# kmod=crypto-gcm(aes)
+dontaudit ramoops kernel:system module_request;
+
+allow ramoops ramoops_exec:file rx_file_perms;
+allow ramoops vendor_shell_exec:file rx_file_perms;
+allow ramoops vendor_toolbox_exec:file rx_file_perms;
+
+# Set the sys.ramoops.decrypted property
+set_prop(ramoops, vendor_ramoops_prop);
+
+allow ramoops sysfs_pstore:file rw_file_perms;
+allow ramoops ramoops_device:chr_file rw_file_perms;
+allow ramoops ramoops_vendor_data_file:file create_file_perms;
+allow ramoops ramoops_vendor_data_file:dir rw_dir_perms;
--- a/sepolicy/vendor/vendor_init.te
+++ b/sepolicy/vendor/vendor_init.te
@@ -4,7 +4,6 @@ allow vendor_init {
  dhcp_data_file
  elabel_data_file
  media_rw_data_file
-  ramoops_data_file
  system_data_file
  tombstone_data_file
  wifi_data_file
				`@@ -1 +0,0 @@`
				`type ramoops_data_file, file_type, data_file_type, core_data_file_type;`