xref: /aosp_15_r20/system/sepolicy/prebuilts/api/29.0/private/logd.te (revision e4a36f4174b17bbab9dc043f4a65dc8d87377290) 
1*e4a36f41SAndroid Build Coastguard Workertypeattribute logd coredomain;
2*e4a36f41SAndroid Build Coastguard Worker
3*e4a36f41SAndroid Build Coastguard Workerinit_daemon_domain(logd)
4*e4a36f41SAndroid Build Coastguard Worker
5*e4a36f41SAndroid Build Coastguard Worker# logd is not allowed to write anywhere other than /data/misc/logd, and then
6*e4a36f41SAndroid Build Coastguard Worker# only on userdebug or eng builds
7*e4a36f41SAndroid Build Coastguard Workerneverallow logd {
8*e4a36f41SAndroid Build Coastguard Worker  file_type
9*e4a36f41SAndroid Build Coastguard Worker  -runtime_event_log_tags_file
10*e4a36f41SAndroid Build Coastguard Worker  userdebug_or_eng(`-coredump_file -misc_logd_file')
11*e4a36f41SAndroid Build Coastguard Worker  with_native_coverage(`-method_trace_data_file')
12*e4a36f41SAndroid Build Coastguard Worker}:file { create write append };
13*e4a36f41SAndroid Build Coastguard Worker
14*e4a36f41SAndroid Build Coastguard Worker# protect the event-log-tags file
15*e4a36f41SAndroid Build Coastguard Workerneverallow {
16*e4a36f41SAndroid Build Coastguard Worker  domain
17*e4a36f41SAndroid Build Coastguard Worker  -appdomain # covered below
18*e4a36f41SAndroid Build Coastguard Worker  -bootstat
19*e4a36f41SAndroid Build Coastguard Worker  -dumpstate
20*e4a36f41SAndroid Build Coastguard Worker  -init
21*e4a36f41SAndroid Build Coastguard Worker  -logd
22*e4a36f41SAndroid Build Coastguard Worker  userdebug_or_eng(`-logpersist')
23*e4a36f41SAndroid Build Coastguard Worker  -servicemanager
24*e4a36f41SAndroid Build Coastguard Worker  -system_server
25*e4a36f41SAndroid Build Coastguard Worker  -surfaceflinger
26*e4a36f41SAndroid Build Coastguard Worker  -zygote
27*e4a36f41SAndroid Build Coastguard Worker} runtime_event_log_tags_file:file no_rw_file_perms;
28*e4a36f41SAndroid Build Coastguard Worker
29*e4a36f41SAndroid Build Coastguard Workerneverallow {
30*e4a36f41SAndroid Build Coastguard Worker  appdomain
31*e4a36f41SAndroid Build Coastguard Worker  -bluetooth
32*e4a36f41SAndroid Build Coastguard Worker  -platform_app
33*e4a36f41SAndroid Build Coastguard Worker  -priv_app
34*e4a36f41SAndroid Build Coastguard Worker  -radio
35*e4a36f41SAndroid Build Coastguard Worker  -shell
36*e4a36f41SAndroid Build Coastguard Worker  userdebug_or_eng(`-su')
37*e4a36f41SAndroid Build Coastguard Worker  -system_app
38*e4a36f41SAndroid Build Coastguard Worker} runtime_event_log_tags_file:file no_rw_file_perms;
39