Skip to content
Snippets Groups Projects
Select Git revision
  • android-7.1.2_r28_klist
  • master default protected
  • pie-cts-release
  • pie-vts-release
  • pie-cts-dev
  • oreo-mr1-iot-release
  • sdk-release
  • oreo-m6-s4-release
  • oreo-m4-s12-release
  • pie-release
  • pie-r2-release
  • pie-r2-s1-release
  • oreo-vts-release
  • oreo-cts-release
  • oreo-dev
  • oreo-mr1-dev
  • pie-gsi
  • pie-platform-release
  • pie-dev
  • oreo-cts-dev
  • android-o-mr1-iot-release-1.0.4
  • android-9.0.0_r8
  • android-9.0.0_r7
  • android-9.0.0_r6
  • android-9.0.0_r5
  • android-8.1.0_r46
  • android-8.1.0_r45
  • android-n-iot-release-smart-display-r2
  • android-vts-8.1_r5
  • android-cts-8.1_r8
  • android-cts-8.0_r12
  • android-cts-7.1_r20
  • android-cts-7.0_r24
  • android-o-mr1-iot-release-1.0.3
  • android-cts-9.0_r1
  • android-8.1.0_r43
  • android-8.1.0_r42
  • android-n-iot-release-smart-display
  • android-p-preview-5
  • android-9.0.0_r3
40 results
Blame Permalink
  • Mark Salyzyn's avatar
    8ed750e9
    sepolicy: Add write_logd, read_logd & control_logd · 8ed750e9
    Mark Salyzyn authored 
    - Add write_logd, read_logd and control_logd macros added along
  with contexts for user space logd.
- Specify above on domain wide, or service-by-service basis
- Add logd rules.
- deprecate access_logcat as unused.
- 'allow <domain> zygote:unix_dgram_socket write;' rule added to
  deal with fd inheritance. ToDo: investigate means to allow
  references to close, and reopen in context of application
  or call setsockcreatecon() to label them in child context.

Change-Id: I35dbb9d5122c5ed9b8c8f128abf24a871d6b26d8
    8ed750e9
    History
    sepolicy: Add write_logd, read_logd & control_logd
    Mark Salyzyn authored 
    - Add write_logd, read_logd and control_logd macros added along
  with contexts for user space logd.
- Specify above on domain wide, or service-by-service basis
- Add logd rules.
- deprecate access_logcat as unused.
- 'allow <domain> zygote:unix_dgram_socket write;' rule added to
  deal with fd inheritance. ToDo: investigate means to allow
  references to close, and reopen in context of application
  or call setsockcreatecon() to label them in child context.

Change-Id: I35dbb9d5122c5ed9b8c8f128abf24a871d6b26d8
logd.te 822 B 
# android user-space log manager
type logd, domain;
type logd_exec, exec_type, file_type;

init_daemon_domain(logd)
allow logd self:unix_stream_socket *;

allow logd self:capability { setuid setgid sys_nice };

r_dir_file(logd, domain)

userdebug_or_eng(`
  # Debug output
  type_transition logd device:file logd_debug;
  allow logd device:dir rw_dir_perms;
  allow logd logd_debug:file create_file_perms;
')

###
### Neverallow rules
###
### logd should NEVER do any of this

# Block device access.
neverallow logd dev_type:blk_file { read write };

# ptrace any other app
neverallow logd domain:process ptrace;

# Write to /system.
neverallow logd system_file:dir_file_class_set write;

# Write to files in /data/data or system files on /data
neverallow logd { app_data_file system_data_file }:dir_file_class_set write;