Merge "sepolicy: to support vendor logging on user build"

commit: 92597cde2cddcfe9eb029a1a5523fd1ccad7385a [log] [tgz]
author: Treehugger Robot <treehugger-gerrit@google.com> Wed Feb 12 09:11:36 2020 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Wed Feb 12 09:11:36 2020 +0000
tree: 007733d56a322d385b2c0e42301c56301c0f3119
parent: 5d5ee96a1f4308fa02cc9bac2166ad324a98206f [diff]
parent: 5c5d20d1bbc3cb0899bba8a7200dc0397869a34b [diff]
diff --git a/vendor/google/hal_dumpstate_impl.te b/vendor/google/hal_dumpstate_impl.te
index 0a8b5cf..ffd619a 100644
--- a/vendor/google/hal_dumpstate_impl.te
+++ b/vendor/google/hal_dumpstate_impl.te

@@ -71,12 +71,8 @@
 
 # Access to modem files
 userdebug_or_eng(`
-  allow hal_dumpstate_impl modem_dump_file:dir create_dir_perms;
-  allow hal_dumpstate_impl modem_dump_file:file create_file_perms;
   allow hal_dumpstate_impl netmgrd_data_file:dir r_dir_perms;
   allow hal_dumpstate_impl netmgrd_data_file:file r_file_perms;
-  allow hal_dumpstate_impl vendor_radio_data_file:dir r_dir_perms;
-  allow hal_dumpstate_impl vendor_radio_data_file:file r_file_perms;
   allow hal_dumpstate_impl tcpdump_vendor_data_file:dir create_dir_perms;
   allow hal_dumpstate_impl tcpdump_vendor_data_file:file create_file_perms;
   allow hal_dumpstate_impl ssr_log_file:dir search;
@@ -84,9 +80,14 @@
   allow hal_dumpstate_impl mpss_rfs_data_file:dir r_dir_perms;
   allow hal_dumpstate_impl mpss_rfs_data_file:file r_file_perms;
 
-  set_prop(hal_dumpstate_impl, vendor_modem_diag_prop)
   set_prop(hal_dumpstate_impl, vendor_tcpdump_log_prop)
 ')
+allow hal_dumpstate_impl modem_dump_file:dir create_dir_perms;
+allow hal_dumpstate_impl modem_dump_file:file create_file_perms;
+allow hal_dumpstate_impl vendor_radio_data_file:dir r_dir_perms;
+allow hal_dumpstate_impl vendor_radio_data_file:file r_file_perms;
+
+set_prop(hal_dumpstate_impl, vendor_modem_diag_prop)
 
 # Access to modem stat
 domain_auto_trans(hal_dumpstate_impl, modem_svc_exec, modem_svc)
@@ -136,19 +137,14 @@
   allow hal_dumpstate_impl sensors_vendor_data_file:file r_file_perms;
 ')
 
-dontaudit hal_dumpstate_impl modem_dump_file:dir create_dir_perms;
-dontaudit hal_dumpstate_impl modem_dump_file:file create_file_perms;
 dontaudit hal_dumpstate_impl netmgrd_data_file:dir r_dir_perms;
 dontaudit hal_dumpstate_impl netmgrd_data_file:file r_file_perms;
-dontaudit hal_dumpstate_impl vendor_radio_data_file:dir r_dir_perms;
-dontaudit hal_dumpstate_impl vendor_radio_data_file:file r_file_perms;
 dontaudit hal_dumpstate_impl tcpdump_vendor_data_file:dir create_dir_perms;
 dontaudit hal_dumpstate_impl tcpdump_vendor_data_file:file create_file_perms;
 dontaudit hal_dumpstate_impl ssr_log_file:dir search;
 dontaudit hal_dumpstate_impl ssr_log_file:file r_file_perms;
 dontaudit hal_dumpstate_impl mpss_rfs_data_file:dir r_dir_perms;
 dontaudit hal_dumpstate_impl mpss_rfs_data_file:file r_file_perms;
-dontaudit hal_dumpstate_impl vendor_modem_diag_prop:file r_file_perms;
 dontaudit hal_dumpstate_impl vendor_tcpdump_log_prop:file r_file_perms;
 dontaudit hal_dumpstate_impl sensors_vendor_data_file:dir r_dir_perms;
 dontaudit hal_dumpstate_impl sensors_vendor_data_file:file r_file_perms;

diff --git a/vendor/qcom/common/diag.te b/vendor/qcom/common/diag.te
index afaa9e0..3ad8432 100644
--- a/vendor/qcom/common/diag.te
+++ b/vendor/qcom/common/diag.te

@@ -1,5 +1,4 @@
 type diag, domain;
 type diag_exec, exec_type, vendor_file_type, file_type;
-userdebug_or_eng(`
-  init_daemon_domain(diag)
-')
+
+init_daemon_domain(diag)

diff --git a/vendor/qcom/common/kernel.te b/vendor/qcom/common/kernel.te
index 20294c4..2a6ca76 100644
--- a/vendor/qcom/common/kernel.te
+++ b/vendor/qcom/common/kernel.te

@@ -1,7 +1,5 @@
 # For diag over socket
-userdebug_or_eng(`
-  allow kernel self:qipcrtr_socket create;
-')
+allow kernel self:qipcrtr_socket create;
 
 allow kernel debugfs_batteryinfo:dir search;
 allow kernel debugfs_wlan:dir search;

diff --git a/vendor/qcom/common/qlogd.te b/vendor/qcom/common/qlogd.te
index d18b6d6..c023983 100644
--- a/vendor/qcom/common/qlogd.te
+++ b/vendor/qcom/common/qlogd.te

@@ -5,14 +5,12 @@
 # make transition from init to its domain
 init_daemon_domain(qlogd)
 
-userdebug_or_eng(`
-  allow qlogd diag_device:chr_file rw_file_perms;
+allow qlogd diag_device:chr_file rw_file_perms;
 
-  allow qlogd vendor_radio_data_file:file create_file_perms;
-  allow qlogd vendor_radio_data_file:dir create_dir_perms;
+allow qlogd vendor_radio_data_file:file create_file_perms;
+allow qlogd vendor_radio_data_file:dir create_dir_perms;
 
-  set_prop(qlogd, vendor_modem_diag_prop)
+set_prop(qlogd, vendor_modem_diag_prop)
 
-  allow qlogd self:socket create_socket_perms;
-  allowxperm qlogd self:socket ioctl msm_sock_ipc_ioctls;
-')
+allow qlogd self:socket create_socket_perms;
+allowxperm qlogd self:socket ioctl msm_sock_ipc_ioctls;
commit	92597cde2cddcfe9eb029a1a5523fd1ccad7385a	[log] [tgz]
author	Treehugger Robot <treehugger-gerrit@google.com>	Wed Feb 12 09:11:36 2020 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Wed Feb 12 09:11:36 2020 +0000
tree	007733d56a322d385b2c0e42301c56301c0f3119
parent	5d5ee96a1f4308fa02cc9bac2166ad324a98206f [diff]
parent	5c5d20d1bbc3cb0899bba8a7200dc0397869a34b [diff]