| # qlogd |
| type qlogd, domain; |
| type qlogd_exec, exec_type, file_type; |
| |
| # make transition from init to its domain |
| init_daemon_domain(qlogd) |
| |
| # need to access sharemem log device for smem logs |
| allow qlogd smem_log_device:chr_file rw_file_perms; |
| |
| # need to add more capabilities for qlogd |
| allow qlogd self:capability { setuid setgid dac_override dac_read_search |
| sys_admin net_raw net_admin fowner fsetid kill sys_module }; |
| allow qlogd self:capability2 { block_suspend syslog }; |
| allow qlogd self:packet_socket { create ioctl bind getopt setopt }; |
| |
| # need to access system_data partitions for configration files |
| allow qlogd qlogd_data_file:dir rw_dir_perms; |
| allow qlogd qlogd_data_file:file create_file_perms; |
| allow qlogd system_file:file execute_no_trans; |
| |
| # need to create and listen socket |
| allow qlogd qlogd_socket:sock_file create_file_perms; |
| |
| # need to start shell execute files |
| allow qlogd shell_exec:file { execute read open execute_no_trans }; |
| |
| # need to create and write files in fuse partition |
| allow qlogd fuse:dir create_dir_perms; |
| allow qlogd fuse:file create_file_perms; |
| |
| # need to capture kmsg |
| allow qlogd kernel:system syslog_mod; |
| |
| # need for qdss log |
| userdebug_or_eng(` |
| allow qlogd debugfs:file read; |
| allow qlogd sysfs:file write; |
| allow qlogd qdss_device:chr_file { open read }; |
| ') |
| |
| # need for capture adb logs |
| unix_socket_connect(qlogd, logdr, logd) |
| |
| # need for subsystem ramdump |
| allow qlogd device:dir r_dir_perms; |
| allow qlogd ramdump_device:chr_file { setattr rw_file_perms }; |
| |
| # need for qxdm log |
| allow qlogd diag_exec:file rx_file_perms; |
| allow qlogd sysfs_wake_lock:file ra_file_perms; |
| |
| # need for tcpdump |
| userdebug_or_eng(` |
| allow qlogd kernel:system module_request; |
| ') |