1# ============================================== 2# MTK Policy Rule 3# ============================================== 4 5# New added for move to /system 6type emdlogger_exec, system_file_type, exec_type, file_type; 7typeattribute emdlogger coredomain; 8 9init_daemon_domain(emdlogger) 10binder_use(emdlogger) 11binder_service(emdlogger) 12 13# for modem logging sdcard access 14allow emdlogger sdcard_type:dir { create_dir_perms }; 15allow emdlogger sdcard_type:file { create_file_perms }; 16 17# modem logger socket access 18allow emdlogger platform_app:unix_stream_socket connectto; 19allow emdlogger shell_exec:file { rx_file_perms }; 20allow emdlogger system_file:file execute_no_trans; 21allow emdlogger zygote_exec:file { rx_file_perms }; 22 23#modem logger SD logging in factory mode 24allow emdlogger vfat:dir create_dir_perms; 25allow emdlogger vfat:file create_file_perms; 26 27#modem logger permission in storage in android M version 28allow emdlogger mnt_user_file:dir search; 29allow emdlogger mnt_user_file:lnk_file read; 30allow emdlogger storage_file:lnk_file read; 31 32#permission for storage link access in vzw Project 33allow emdlogger mnt_media_rw_file:dir search; 34 35 36#permission for use SELinux API 37#avc: denied { read } for pid=576 comm="emdlogger1" name="selinux_version" dev="rootfs" 38allow emdlogger rootfs:file r_file_perms; 39 40#permission for storage access storage 41allow emdlogger storage_file:dir { create_dir_perms }; 42allow emdlogger tmpfs:lnk_file read; 43allow emdlogger storage_file:file { create_file_perms }; 44 45# Allow read avc: denied { read } for name="mddb" dev="mmcblk0p25" ino=681 46# scontext=u:r:emdlogger:s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=0 47allow emdlogger system_file:dir read; 48 49# permission for android N policy 50allow emdlogger toolbox_exec:file rx_file_perms; 51 52# purpose: allow emdlogger to access storage in N version 53allow emdlogger media_rw_data_file:file { create_file_perms }; 54allow emdlogger media_rw_data_file:dir { create_dir_perms }; 55 56## purpose: avc: denied { read } for name="plat_file_contexts" 57#allow emdlogger file_contexts_file:file { read getattr open }; 58 59## Android P migration 60## purpose: denied { read } for name="cmdline" dev="proc" 61#denied { search } for name="android" dev="sysfs" 62#for name="compatible" dev="sysfs" ino=2985 scontext=u 63#:r:emdlogger:s0 tcontext=u:object_r:sysfs_dt_firmware_android:s0 64#avc: denied { open } for path="/system/etc/mddb" 65#avc: denied { read } for name="u:object_r:vendor_default_prop:s0" 66allow emdlogger proc_cmdline:file { read getattr open }; 67allow emdlogger sysfs_dt_firmware_android:dir { read open search }; 68allow emdlogger tmpfs:dir write; 69allow emdlogger sysfs_dt_firmware_android:file { read open getattr }; 70allow emdlogger system_file:dir open; 71# GOOGLE: Commented out for b/169606103 72#get_prop(emdlogger, vendor_default_prop) 73set_prop(emdlogger, system_mtk_persist_mtklog_prop) 74set_prop(emdlogger, system_mtk_mdl_prop) 75set_prop(emdlogger, system_mtk_mdl_start_prop) 76set_prop(emdlogger, system_mtk_debug_mdlogger_prop) 77set_prop(emdlogger, system_mtk_persist_mdlog_prop) 78set_prop(emdlogger, system_mtk_mdl_pulllog_prop) 79set_prop(emdlogger, usb_prop) 80set_prop(emdlogger, debug_prop) 81set_prop(emdlogger, usb_control_prop) 82 83## Android Q migration 84## purpose: read modem db and filter folder and file 85allow emdlogger mddb_filter_data_file:dir { r_dir_perms }; 86allow emdlogger mddb_filter_data_file:file { r_file_perms }; 87 88# save log into /data/debuglogger 89allow emdlogger debuglog_data_file:dir {relabelto create_dir_perms}; 90allow emdlogger debuglog_data_file:file create_file_perms; 91# get persist.sys. proeprty 92get_prop(emdlogger, system_prop) 93