From 61d665af16ea54a3a650da4e443c6d9e251b05cf Mon Sep 17 00:00:00 2001
From: Mark Salyzyn <salyzyn@google.com>
Date: Tue, 10 Mar 2015 13:46:37 -0700
Subject: [PATCH] logd: allow access to system files

- allow access for /data/system/packages.xml.
- deprecate access to /dev/logd_debug (can use /dev/kmsg for debugging)
- allow access to /dev/socket/logd for 'logd --reinit'

Bug: 19681572
Change-Id: Iac57fff1aabc3b061ad2cc27969017797f8bef54
---
 file.te       |  1 -
 file_contexts |  1 -
 logd.te       | 10 +++-------
 te_macros     |  3 ---
 4 files changed, 3 insertions(+), 12 deletions(-)

diff --git a/file.te b/file.te
index 5ac2b66b5..fe2821355 100644
--- a/file.te
+++ b/file.te
@@ -142,7 +142,6 @@ type fwmarkd_socket, file_type, mlstrustedobject;
 type gps_socket, file_type;
 type installd_socket, file_type;
 type lmkd_socket, file_type;
-type logd_debug, file_type, mlstrustedobject;
 type logd_socket, file_type, mlstrustedobject;
 type logdr_socket, file_type, mlstrustedobject;
 type logdw_socket, file_type, mlstrustedobject;
diff --git a/file_contexts b/file_contexts
index d51047686..ce55cc874 100644
--- a/file_contexts
+++ b/file_contexts
@@ -86,7 +86,6 @@
 /dev/socket/gps		u:object_r:gps_socket:s0
 /dev/socket/installd	u:object_r:installd_socket:s0
 /dev/socket/lmkd        u:object_r:lmkd_socket:s0
-/dev/logd_debug		u:object_r:logd_debug:s0
 /dev/socket/logd	u:object_r:logd_socket:s0
 /dev/socket/logdr	u:object_r:logdr_socket:s0
 /dev/socket/logdw	u:object_r:logdw_socket:s0
diff --git a/logd.te b/logd.te
index 70a894ca7..8c28b48a1 100644
--- a/logd.te
+++ b/logd.te
@@ -9,18 +9,14 @@ allow logd self:capability2 syslog;
 allow logd self:netlink_audit_socket { create_socket_perms nlmsg_write };
 allow logd kernel:system syslog_read;
 allow logd kmsg_device:chr_file w_file_perms;
+allow logd system_data_file:file r_file_perms;
 
 r_dir_file(logd, domain)
 
-userdebug_or_eng(`
-  # Debug output
-  type_transition logd device:file logd_debug;
-  allow logd device:dir rw_dir_perms;
-  allow logd logd_debug:file create_file_perms;
-')
-
 allow logd kernel:system syslog_mod;
 
+control_logd(logd)
+
 ###
 ### Neverallow rules
 ###
diff --git a/te_macros b/te_macros
index 35dfb4d01..fae0e3a5e 100644
--- a/te_macros
+++ b/te_macros
@@ -301,9 +301,6 @@ define(`userdebug_or_eng', ifelse(target_build_variant, `eng', $1, ifelse(target
 # Ability to write to android log
 # daemon via sockets
 define(`write_logd', `
-userdebug_or_eng(`
-  allow $1 logd_debug:file w_file_perms;
-')
 unix_socket_send($1, logdw, logd)
 allow $1 pmsg_device:chr_file w_file_perms;
 ')
-- 
GitLab