From 05806470b7f9ed9108823afd60efd1a3595b66a6 Mon Sep 17 00:00:00 2001
From: Mark Salyzyn <salyzyn@google.com>
Date: Wed, 16 Mar 2016 08:11:49 -0700
Subject: [PATCH] Add recovery_persist & recovery_refresh

(cherry pick from commit 16fe52c90caae18c0d91918d6bfc471f2e637207)

One time executables. recovery_refresh can be used at any time to
ensure recovery logs in pmsg are re-placed at the end of the FIFO.
recovery_persist takes the recovery logs in pmsg and drops them
into /data/misc/recovery/ directory.

Bug: 27176738
Change-Id: Ife3cf323930fb7a6a5d1704667961f9d42bfc5ac
---
 file.te             |  1 +
 file_contexts       |  3 +++
 recovery_persist.te | 31 +++++++++++++++++++++++++++++++
 recovery_refresh.te | 29 +++++++++++++++++++++++++++++
 4 files changed, 64 insertions(+)
 create mode 100644 recovery_persist.te
 create mode 100644 recovery_refresh.te

diff --git a/file.te b/file.te
index 53fac044e..2fff54b7f 100644
--- a/file.te
+++ b/file.te
@@ -139,6 +139,7 @@ type misc_user_data_file, file_type, data_file_type;
 type net_data_file, file_type, data_file_type;
 type nfc_data_file, file_type, data_file_type;
 type radio_data_file, file_type, data_file_type, mlstrustedobject;
+type recovery_data_file, file_type, data_file_type;
 type shared_relro_file, file_type, data_file_type;
 type systemkeys_data_file, file_type, data_file_type;
 type vpn_data_file, file_type, data_file_type;
diff --git a/file_contexts b/file_contexts
index 9ffc3c3ee..b3e4e93f3 100644
--- a/file_contexts
+++ b/file_contexts
@@ -181,6 +181,8 @@
 /system/bin/debuggerd	u:object_r:debuggerd_exec:s0
 /system/bin/debuggerd64	u:object_r:debuggerd_exec:s0
 /system/bin/wpa_supplicant	u:object_r:wpa_exec:s0
+/system/bin/recovery-persist     u:object_r:recovery_persist_exec:s0
+/system/bin/recovery-refresh     u:object_r:recovery_refresh_exec:s0
 /system/bin/sdcard      u:object_r:sdcardd_exec:s0
 /system/bin/dhcpcd      u:object_r:dhcp_exec:s0
 /system/bin/dhcpcd-6.8.2	u:object_r:dhcp_exec:s0
@@ -278,6 +280,7 @@
 /data/misc/logd(/.*)?           u:object_r:misc_logd_file:s0
 /data/misc/media(/.*)?          u:object_r:media_data_file:s0
 /data/misc/net(/.*)?            u:object_r:net_data_file:s0
+/data/misc/recovery(/.*)?       u:object_r:recovery_data_file:s0
 /data/misc/shared_relro(/.*)?   u:object_r:shared_relro_file:s0
 /data/misc/sms(/.*)?            u:object_r:radio_data_file:s0
 /data/misc/systemkeys(/.*)?     u:object_r:systemkeys_data_file:s0
diff --git a/recovery_persist.te b/recovery_persist.te
new file mode 100644
index 000000000..19a240f89
--- /dev/null
+++ b/recovery_persist.te
@@ -0,0 +1,31 @@
+# android recovery persistent log manager
+type recovery_persist, domain;
+type recovery_persist_exec, exec_type, file_type;
+
+init_daemon_domain(recovery_persist)
+
+allow recovery_persist pstorefs:dir search;
+allow recovery_persist pstorefs:file r_file_perms;
+
+allow recovery_persist recovery_data_file:file create_file_perms;
+allow recovery_persist recovery_data_file:dir create_dir_perms;
+
+###
+### Neverallow rules
+###
+### recovery_persist should NEVER do any of this
+
+# Block device access.
+neverallow recovery_persist dev_type:blk_file { read write };
+
+# ptrace any other app
+neverallow recovery_persist domain:process ptrace;
+
+# Write to /system.
+neverallow recovery_persist system_file:dir_file_class_set write;
+
+# Write to files in /data/data
+neverallow recovery_persist { app_data_file system_data_file }:dir_file_class_set write;
+
+# recovery_persist is not allowed to write anywhere other than recovery_data_file
+neverallow recovery_persist { file_type -recovery_data_file -recovery_persist_tmpfs userdebug_or_eng(`-coredump_file') }:file write;
diff --git a/recovery_refresh.te b/recovery_refresh.te
new file mode 100644
index 000000000..9fae1104c
--- /dev/null
+++ b/recovery_refresh.te
@@ -0,0 +1,29 @@
+# android recovery refresh log manager
+type recovery_refresh, domain;
+type recovery_refresh_exec, exec_type, file_type;
+
+init_daemon_domain(recovery_refresh)
+
+allow recovery_refresh pstorefs:dir search;
+allow recovery_refresh pstorefs:file r_file_perms;
+# NB: domain inherits write_logd which hands us write to pmsg_device
+
+###
+### Neverallow rules
+###
+### recovery_refresh should NEVER do any of this
+
+# Block device access.
+neverallow recovery_refresh dev_type:blk_file { read write };
+
+# ptrace any other app
+neverallow recovery_refresh domain:process ptrace;
+
+# Write to /system.
+neverallow recovery_refresh system_file:dir_file_class_set write;
+
+# Write to files in /data/data or system files on /data
+neverallow recovery_refresh { app_data_file system_data_file }:dir_file_class_set write;
+
+# recovery_refresh is not allowed to write anywhere
+neverallow recovery_refresh { file_type -recovery_refresh_tmpfs userdebug_or_eng(`-coredump_file') }:file write;
-- 
GitLab