1*e4a36f41SAndroid Build Coastguard Workertypeattribute logd coredomain; 2*e4a36f41SAndroid Build Coastguard Worker 3*e4a36f41SAndroid Build Coastguard Workerinit_daemon_domain(logd) 4*e4a36f41SAndroid Build Coastguard Worker 5*e4a36f41SAndroid Build Coastguard Worker# Access device logging gating property 6*e4a36f41SAndroid Build Coastguard Workerget_prop(logd, device_logging_prop) 7*e4a36f41SAndroid Build Coastguard Worker 8*e4a36f41SAndroid Build Coastguard Worker# logd is not allowed to write anywhere other than /data/misc/logd, and then 9*e4a36f41SAndroid Build Coastguard Worker# only on userdebug or eng builds 10*e4a36f41SAndroid Build Coastguard Workerneverallow logd { 11*e4a36f41SAndroid Build Coastguard Worker file_type 12*e4a36f41SAndroid Build Coastguard Worker -runtime_event_log_tags_file 13*e4a36f41SAndroid Build Coastguard Worker userdebug_or_eng(`-coredump_file -misc_logd_file') 14*e4a36f41SAndroid Build Coastguard Worker with_native_coverage(`-method_trace_data_file') 15*e4a36f41SAndroid Build Coastguard Worker}:file { create write append }; 16*e4a36f41SAndroid Build Coastguard Worker 17*e4a36f41SAndroid Build Coastguard Worker# protect the event-log-tags file 18*e4a36f41SAndroid Build Coastguard Workerneverallow { 19*e4a36f41SAndroid Build Coastguard Worker domain 20*e4a36f41SAndroid Build Coastguard Worker -appdomain # covered below 21*e4a36f41SAndroid Build Coastguard Worker -bootstat 22*e4a36f41SAndroid Build Coastguard Worker -dumpstate 23*e4a36f41SAndroid Build Coastguard Worker -init 24*e4a36f41SAndroid Build Coastguard Worker -logd 25*e4a36f41SAndroid Build Coastguard Worker userdebug_or_eng(`-logpersist') 26*e4a36f41SAndroid Build Coastguard Worker -servicemanager 27*e4a36f41SAndroid Build Coastguard Worker -system_server 28*e4a36f41SAndroid Build Coastguard Worker -surfaceflinger 29*e4a36f41SAndroid Build Coastguard Worker -zygote 30*e4a36f41SAndroid Build Coastguard Worker} runtime_event_log_tags_file:file no_rw_file_perms; 31*e4a36f41SAndroid Build Coastguard Worker 32*e4a36f41SAndroid Build Coastguard Workerneverallow { 33*e4a36f41SAndroid Build Coastguard Worker appdomain 34*e4a36f41SAndroid Build Coastguard Worker -bluetooth 35*e4a36f41SAndroid Build Coastguard Worker -platform_app 36*e4a36f41SAndroid Build Coastguard Worker -priv_app 37*e4a36f41SAndroid Build Coastguard Worker -radio 38*e4a36f41SAndroid Build Coastguard Worker -shell 39*e4a36f41SAndroid Build Coastguard Worker userdebug_or_eng(`-su') 40*e4a36f41SAndroid Build Coastguard Worker -system_app 41*e4a36f41SAndroid Build Coastguard Worker} runtime_event_log_tags_file:file no_rw_file_perms; 42