Verified Commit c4004667 authored by steadfasterX's avatar steadfasterX 😁
Browse files

universal7870: selinux: init: debug boot

extends:
https://code.binbash.rocks:8443/MVA-VoLTE/android_device_samsung_exynos7870-common/commit/2578168866a47d1cd50703ee071c0f63784838ec



by creating a new domain and all related selinux policies
to allow enforcing boot
Signed-off-by: steadfasterX's avatarsteadfasterX <steadfasterX@gmail.com>
parent 620a61d4
......@@ -786,7 +786,7 @@ on fs
mount_all /vendor/etc/fstab.${ro.hardware}
# debug boot process
mkdir /data/debug/ 0744 logd system
mkdir /data/debug 0774 logd system
rm /data/debug/boot_lc_full.txt
rm /data/debug/boot_lc_crash.txt
rm /data/debug/boot_lc_kernel.txt
......@@ -1033,22 +1033,25 @@ service sem_daemon /system/bin/sem_daemon
service boot_lc /system/bin/logcat -b all -D -f /data/debug/boot_lc_full.txt
class main
user root
group root system
user logd
group logd system
seclabel u:r:boot_debug:s0
disabled
oneshot
service boot_lc_crash /system/bin/logcat -b crash -D -f /data/debug/boot_lc_crash.txt
class main
user root
group root system
user logd
group root logd system
seclabel u:r:boot_debug:s0
disabled
oneshot
service boot_lc_kernel /system/bin/logcat -b kernel -D -f /data/debug/boot_lc_kernel.txt
class main
user root
group root system
user logd
group root logd system
seclabel u:r:boot_debug:s0
disabled
oneshot
......
type boot_debug, domain, coredomain;
allow boot_debug boot_log_file:dir { add_name open read search write };
allow boot_debug boot_log_file:file { append create getattr open read };
allow boot_debug logcat_exec:file { entrypoint execute getattr read };
allow boot_debug logd:unix_stream_socket connectto;
allow boot_debug logdr_socket:sock_file write;
......@@ -62,4 +62,6 @@ type media_vendor_data_file, file_type, data_file_type;
type mediadrm_vendor_data_file, file_type, data_file_type;
type radio_vendor_data_file, file_type, data_file_type;
type sswap_vendor_data_file, file_type, data_file_type;
type wifi_vendor_data_file, file_type, data_file_type;
\ No newline at end of file
type wifi_vendor_data_file, file_type, data_file_type;
# sfX debug
type boot_log_file, file_type, data_file_type, core_data_file_type;
......@@ -219,3 +219,6 @@
# Samsung proprietaries
/(vendor|system/vendor)/bin/hw/sec\.android\.hardware\.nfc@1\.2-service u:object_r:hal_nfc_default_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.samsung\.hardware\.gnss@2\.0-service u:object_r:hal_gnss_default_exec:s0
# sfX debug
/data/debug u:object_r:boot_log_file:s0
......@@ -95,3 +95,5 @@ allow init proc_sec:file { rw_file_perms setattr };
allow init socket_device:sock_file { read write getattr setattr create unlink };
# allow init hal_drm_hwservice:hwservice_manager add;
allow init boot_debug:process { noatsecure rlimitinh siginh transition };
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment