Merge "sepolicy: to support vendor logging on user build"
diff --git a/vendor/google/hal_dumpstate_impl.te b/vendor/google/hal_dumpstate_impl.te
index 0a8b5cf..ffd619a 100644
--- a/vendor/google/hal_dumpstate_impl.te
+++ b/vendor/google/hal_dumpstate_impl.te
@@ -71,12 +71,8 @@
# Access to modem files
userdebug_or_eng(`
- allow hal_dumpstate_impl modem_dump_file:dir create_dir_perms;
- allow hal_dumpstate_impl modem_dump_file:file create_file_perms;
allow hal_dumpstate_impl netmgrd_data_file:dir r_dir_perms;
allow hal_dumpstate_impl netmgrd_data_file:file r_file_perms;
- allow hal_dumpstate_impl vendor_radio_data_file:dir r_dir_perms;
- allow hal_dumpstate_impl vendor_radio_data_file:file r_file_perms;
allow hal_dumpstate_impl tcpdump_vendor_data_file:dir create_dir_perms;
allow hal_dumpstate_impl tcpdump_vendor_data_file:file create_file_perms;
allow hal_dumpstate_impl ssr_log_file:dir search;
@@ -84,9 +80,14 @@
allow hal_dumpstate_impl mpss_rfs_data_file:dir r_dir_perms;
allow hal_dumpstate_impl mpss_rfs_data_file:file r_file_perms;
- set_prop(hal_dumpstate_impl, vendor_modem_diag_prop)
set_prop(hal_dumpstate_impl, vendor_tcpdump_log_prop)
')
+allow hal_dumpstate_impl modem_dump_file:dir create_dir_perms;
+allow hal_dumpstate_impl modem_dump_file:file create_file_perms;
+allow hal_dumpstate_impl vendor_radio_data_file:dir r_dir_perms;
+allow hal_dumpstate_impl vendor_radio_data_file:file r_file_perms;
+
+set_prop(hal_dumpstate_impl, vendor_modem_diag_prop)
# Access to modem stat
domain_auto_trans(hal_dumpstate_impl, modem_svc_exec, modem_svc)
@@ -136,19 +137,14 @@
allow hal_dumpstate_impl sensors_vendor_data_file:file r_file_perms;
')
-dontaudit hal_dumpstate_impl modem_dump_file:dir create_dir_perms;
-dontaudit hal_dumpstate_impl modem_dump_file:file create_file_perms;
dontaudit hal_dumpstate_impl netmgrd_data_file:dir r_dir_perms;
dontaudit hal_dumpstate_impl netmgrd_data_file:file r_file_perms;
-dontaudit hal_dumpstate_impl vendor_radio_data_file:dir r_dir_perms;
-dontaudit hal_dumpstate_impl vendor_radio_data_file:file r_file_perms;
dontaudit hal_dumpstate_impl tcpdump_vendor_data_file:dir create_dir_perms;
dontaudit hal_dumpstate_impl tcpdump_vendor_data_file:file create_file_perms;
dontaudit hal_dumpstate_impl ssr_log_file:dir search;
dontaudit hal_dumpstate_impl ssr_log_file:file r_file_perms;
dontaudit hal_dumpstate_impl mpss_rfs_data_file:dir r_dir_perms;
dontaudit hal_dumpstate_impl mpss_rfs_data_file:file r_file_perms;
-dontaudit hal_dumpstate_impl vendor_modem_diag_prop:file r_file_perms;
dontaudit hal_dumpstate_impl vendor_tcpdump_log_prop:file r_file_perms;
dontaudit hal_dumpstate_impl sensors_vendor_data_file:dir r_dir_perms;
dontaudit hal_dumpstate_impl sensors_vendor_data_file:file r_file_perms;
diff --git a/vendor/qcom/common/diag.te b/vendor/qcom/common/diag.te
index afaa9e0..3ad8432 100644
--- a/vendor/qcom/common/diag.te
+++ b/vendor/qcom/common/diag.te
@@ -1,5 +1,4 @@
type diag, domain;
type diag_exec, exec_type, vendor_file_type, file_type;
-userdebug_or_eng(`
- init_daemon_domain(diag)
-')
+
+init_daemon_domain(diag)
diff --git a/vendor/qcom/common/kernel.te b/vendor/qcom/common/kernel.te
index 20294c4..2a6ca76 100644
--- a/vendor/qcom/common/kernel.te
+++ b/vendor/qcom/common/kernel.te
@@ -1,7 +1,5 @@
# For diag over socket
-userdebug_or_eng(`
- allow kernel self:qipcrtr_socket create;
-')
+allow kernel self:qipcrtr_socket create;
allow kernel debugfs_batteryinfo:dir search;
allow kernel debugfs_wlan:dir search;
diff --git a/vendor/qcom/common/qlogd.te b/vendor/qcom/common/qlogd.te
index d18b6d6..c023983 100644
--- a/vendor/qcom/common/qlogd.te
+++ b/vendor/qcom/common/qlogd.te
@@ -5,14 +5,12 @@
# make transition from init to its domain
init_daemon_domain(qlogd)
-userdebug_or_eng(`
- allow qlogd diag_device:chr_file rw_file_perms;
+allow qlogd diag_device:chr_file rw_file_perms;
- allow qlogd vendor_radio_data_file:file create_file_perms;
- allow qlogd vendor_radio_data_file:dir create_dir_perms;
+allow qlogd vendor_radio_data_file:file create_file_perms;
+allow qlogd vendor_radio_data_file:dir create_dir_perms;
- set_prop(qlogd, vendor_modem_diag_prop)
+set_prop(qlogd, vendor_modem_diag_prop)
- allow qlogd self:socket create_socket_perms;
- allowxperm qlogd self:socket ioctl msm_sock_ipc_ioctls;
-')
+allow qlogd self:socket create_socket_perms;
+allowxperm qlogd self:socket ioctl msm_sock_ipc_ioctls;