common/qlogd.te

# qlogd
type qlogd, domain;
type qlogd_exec, exec_type, file_type;

# make transition from init to its domain
init_daemon_domain(qlogd)

# need to access sharemem log device for smem logs
allow qlogd smem_log_device:chr_file rw_file_perms;

# need to add more capabilities for qlogd
allow qlogd self:capability { setuid setgid dac_override dac_read_search
               sys_admin net_raw net_admin fowner fsetid kill sys_module };
allow qlogd self:capability2 { block_suspend syslog };
allow qlogd self:packet_socket { create ioctl bind getopt setopt };

# need to access system_data partitions for configration files
allow qlogd qlogd_data_file:dir rw_dir_perms;
allow qlogd qlogd_data_file:file create_file_perms;
allow qlogd system_file:file execute_no_trans;

# need to create and listen socket
allow qlogd qlogd_socket:sock_file create_file_perms;

# need to start shell execute files
allow qlogd shell_exec:file { execute read open execute_no_trans };

# need to create and write files in fuse partition
allow qlogd fuse:dir create_dir_perms;
allow qlogd fuse:file create_file_perms;

# need to capture kmsg
allow qlogd kernel:system syslog_mod;

# need for qdss log
userdebug_or_eng(`
  allow qlogd debugfs:file read;
  allow qlogd sysfs:file write;
  allow qlogd qdss_device:chr_file { open read };
')

# need for capture adb logs
unix_socket_connect(qlogd, logdr, logd)

# need for subsystem ramdump
allow qlogd device:dir r_dir_perms;
allow qlogd ramdump_device:chr_file { setattr rw_file_perms };

# need for qxdm log
allow qlogd diag_exec:file rx_file_perms;
allow qlogd sysfs_wake_lock:file ra_file_perms;

# need for tcpdump
userdebug_or_eng(`
  allow qlogd kernel:system module_request;
')