1*e4a36f41SAndroid Build Coastguard Workertypeattribute logd coredomain; 2*e4a36f41SAndroid Build Coastguard Worker 3*e4a36f41SAndroid Build Coastguard Workerinit_daemon_domain(logd) 4*e4a36f41SAndroid Build Coastguard Worker 5*e4a36f41SAndroid Build Coastguard Worker# Access device logging gating property 6*e4a36f41SAndroid Build Coastguard Workerget_prop(logd, device_logging_prop) 7*e4a36f41SAndroid Build Coastguard Worker 8*e4a36f41SAndroid Build Coastguard Worker# logd is not allowed to write anywhere other than /data/misc/logd, and then 9*e4a36f41SAndroid Build Coastguard Worker# only on userdebug or eng builds 10*e4a36f41SAndroid Build Coastguard Workerneverallow logd { 11*e4a36f41SAndroid Build Coastguard Worker file_type 12*e4a36f41SAndroid Build Coastguard Worker -runtime_event_log_tags_file 13*e4a36f41SAndroid Build Coastguard Worker # shell_data_file access is needed to dump bugreports 14*e4a36f41SAndroid Build Coastguard Worker -shell_data_file 15*e4a36f41SAndroid Build Coastguard Worker userdebug_or_eng(`-coredump_file -misc_logd_file') 16*e4a36f41SAndroid Build Coastguard Worker with_native_coverage(`-method_trace_data_file') 17*e4a36f41SAndroid Build Coastguard Worker}:file { create write append }; 18*e4a36f41SAndroid Build Coastguard Worker 19*e4a36f41SAndroid Build Coastguard Worker# protect the event-log-tags file 20*e4a36f41SAndroid Build Coastguard Workerneverallow { 21*e4a36f41SAndroid Build Coastguard Worker domain 22*e4a36f41SAndroid Build Coastguard Worker -appdomain # covered below 23*e4a36f41SAndroid Build Coastguard Worker -bootstat 24*e4a36f41SAndroid Build Coastguard Worker -dumpstate 25*e4a36f41SAndroid Build Coastguard Worker -init 26*e4a36f41SAndroid Build Coastguard Worker -logd 27*e4a36f41SAndroid Build Coastguard Worker userdebug_or_eng(`-logpersist') 28*e4a36f41SAndroid Build Coastguard Worker -servicemanager 29*e4a36f41SAndroid Build Coastguard Worker -system_server 30*e4a36f41SAndroid Build Coastguard Worker -surfaceflinger 31*e4a36f41SAndroid Build Coastguard Worker -zygote 32*e4a36f41SAndroid Build Coastguard Worker} runtime_event_log_tags_file:file no_rw_file_perms; 33*e4a36f41SAndroid Build Coastguard Worker 34*e4a36f41SAndroid Build Coastguard Workerneverallow { 35*e4a36f41SAndroid Build Coastguard Worker appdomain 36*e4a36f41SAndroid Build Coastguard Worker -bluetooth 37*e4a36f41SAndroid Build Coastguard Worker -platform_app 38*e4a36f41SAndroid Build Coastguard Worker -priv_app 39*e4a36f41SAndroid Build Coastguard Worker -radio 40*e4a36f41SAndroid Build Coastguard Worker -shell 41*e4a36f41SAndroid Build Coastguard Worker userdebug_or_eng(`-su') 42*e4a36f41SAndroid Build Coastguard Worker -system_app 43*e4a36f41SAndroid Build Coastguard Worker} runtime_event_log_tags_file:file no_rw_file_perms; 44*e4a36f41SAndroid Build Coastguard Worker 45*e4a36f41SAndroid Build Coastguard Worker# Only binder communication between logd and system_server is allowed 46*e4a36f41SAndroid Build Coastguard Workerbinder_use(logd) 47*e4a36f41SAndroid Build Coastguard Workerbinder_service(logd) 48*e4a36f41SAndroid Build Coastguard Workerbinder_call(logd, system_server) 49*e4a36f41SAndroid Build Coastguard Worker 50*e4a36f41SAndroid Build Coastguard Workeradd_service(logd, logd_service) 51*e4a36f41SAndroid Build Coastguard Workerallow logd logcat_service:service_manager find; 52