wangxl | 5b6293a | 2015-02-03 21:10:20 +0800 | [diff] [blame^] | 1 | # qlogd |
| 2 | type qlogd, domain; |
| 3 | type qlogd_exec, exec_type, file_type; |
| 4 | |
| 5 | # make transition from init to its domain |
| 6 | init_daemon_domain(qlogd) |
| 7 | |
| 8 | # need to access sharemem log device for smem logs |
| 9 | allow qlogd smem_log_device:chr_file rw_file_perms; |
| 10 | |
| 11 | # need to add more capabilities for qlogd |
| 12 | allow qlogd self:capability { setuid setgid dac_override dac_read_search |
| 13 | sys_admin net_raw net_admin fowner fsetid kill sys_module }; |
| 14 | allow qlogd self:capability2 { block_suspend syslog }; |
| 15 | allow qlogd self:packet_socket { create ioctl bind getopt setopt }; |
| 16 | |
| 17 | # need to access system_data partitions for configration files |
| 18 | allow qlogd qlogd_data_file:dir rw_dir_perms; |
| 19 | allow qlogd qlogd_data_file:file create_file_perms; |
| 20 | allow qlogd system_file:file execute_no_trans; |
| 21 | |
| 22 | # need to create and listen socket |
| 23 | allow qlogd qlogd_socket:sock_file create_file_perms; |
| 24 | |
| 25 | # need to start shell execute files |
| 26 | allow qlogd shell_exec:file { execute read open execute_no_trans }; |
| 27 | |
| 28 | # need to create and write files in fuse partition |
| 29 | allow qlogd fuse:dir create_dir_perms; |
| 30 | allow qlogd fuse:file create_file_perms; |
| 31 | |
| 32 | # need to capture kmsg |
| 33 | allow qlogd kernel:system syslog_mod; |
| 34 | |
| 35 | # need for qdss log |
| 36 | userdebug_or_eng(` |
| 37 | allow qlogd debugfs:file read; |
| 38 | allow qlogd sysfs:file write; |
| 39 | allow qlogd qdss_device:chr_file { open read }; |
| 40 | ') |
| 41 | |
| 42 | # need for capture adb logs |
| 43 | unix_socket_connect(qlogd, logdr, logd) |
| 44 | |
| 45 | # need for subsystem ramdump |
| 46 | allow qlogd device:dir r_dir_perms; |
| 47 | allow qlogd ramdump_device:chr_file { setattr rw_file_perms }; |
| 48 | |
| 49 | # need for qxdm log |
| 50 | allow qlogd diag_exec:file rx_file_perms; |
| 51 | allow qlogd sysfs_wake_lock:file ra_file_perms; |
| 52 | |
| 53 | # need for tcpdump |
| 54 | userdebug_or_eng(` |
| 55 | allow qlogd kernel:system module_request; |
| 56 | ') |