marlin: Subsystem restart tracker
Allow subsystem restart tracker system app to access msm_sub_sys and
ramdump
denials fixed:
1) type=1400 audit(0.0:78): avc: denied { read } for name="ramdump"
dev="sda35" ino=458753 scontext=u:r:system_app:s0
tcontext=u:object_r:ramdump_data_file:s0 tclass=dir permissive=0
2) avc: denied { search } for pid=4228 comm="FileObserver"
name="msm_subsys" dev="sysfs" ino=16433 scontext=u:r:system_app:s0
tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir permissive=0
BUG=29242442
Change-Id: Icee9e24c63dd4273f49e0f03beae7156dac19f29
diff --git a/device-common.mk b/device-common.mk
index ab24844..ac97cc3 100644
--- a/device-common.mk
+++ b/device-common.mk
@@ -54,6 +54,7 @@
#Android EGL implementation
PRODUCT_PACKAGES += libGLES_android
+PRODUCT_PACKAGES += SSRestartDetector
# graphics
PRODUCT_PROPERTY_OVERRIDES += \
diff --git a/init.common.rc b/init.common.rc
index 8c93e02..97fd351 100755
--- a/init.common.rc
+++ b/init.common.rc
@@ -533,7 +533,7 @@
on property:persist.sys.ssr.enable_ramdumps=1
write /sys/module/subsystem_restart/parameters/enable_ramdumps 1
- mkdir /data/ramdump 760 root root
+ mkdir /data/ramdump 760 root system
start ss_ramdump
on property:persist.sys.ssr.enable_ramdumps=0
diff --git a/sepolicy/system_app.te b/sepolicy/system_app.te
index 1d6181e..4b032f6 100644
--- a/sepolicy/system_app.te
+++ b/sepolicy/system_app.te
@@ -3,3 +3,9 @@
allow system_app cne_service:service_manager add;
allow system_app time:unix_stream_socket connectto;
get_prop(system_app, hw_sku_prop);
+userdebug_or_eng(`
+ allow system_app ramdump_data_file:dir r_dir_perms;
+ allow system_app ramdump_data_file:file r_file_perms;
+ r_dir_file(system_app, sysfs_msm_subsys)
+ get_prop(system_app, ssr_prop)
+')
