Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a7fb0952 authored by Mike Ma's avatar Mike Ma
Browse files

Relax permissions on /data/misc/logd 

Incidentd needs to access /data/misc/logd to get persisted logs for
debugging purposes. Relax permissions on /data/misc/logd to allow
group (log) to access the dir and read its files. Effectively change
to:
drwxr-x--- logd log /data/misc/logd
-rw-r----- logd log /data/misc/logd/logcat*

Since this dir stores the past output of logcat, anyone that can run
logcat can be granted access to this dir. Access to this dir is further
guarded by SELinux. So it is safe.

Bug: 147924172
Test: Build, flash, reboot. Verify that the files have the right
      permissions.

Change-Id: I4d2aa9d5883d1ef14411b2b3902f0ca7c641dd7e
parent d6289bdf

logcat/logcat.cpp

+1 −1
Original line number Diff line number Diff line
@@ -110,7 +110,7 @@ class Logcat { 
#endif



static int openLogFile(const char* pathname, size_t sizeKB) {

    int fd = open(pathname, O_WRONLY | O_APPEND | O_CREAT | O_CLOEXEC, S_IRUSR | S_IWUSR);

    int fd = open(pathname, O_WRONLY | O_APPEND | O_CREAT | O_CLOEXEC, S_IRUSR | S_IWUSR | S_IRGRP);

    if (fd < 0) {

        return fd;

    }

logcat/logcatd

+4 −0
Original line number Diff line number Diff line
@@ -4,6 +4,10 @@ 
# first reads the 'last' logcat to persistent storage with `-L` then run logcat again without

# `-L` to read the current logcat buffers to persistent storage.



# init sets the umask to 077 for forked processes. logpersist needs to create files that are group

# readable. So relax the umask to only disallow group wx and world rwx.

umask 037



has_last="false"

for arg in "$@"; do

  if [ "$arg" == "-L" -o "$arg" == "--last" ]; then

logcat/logcatd.rc

+2 −2
Original line number Diff line number Diff line
@@ -30,8 +30,8 @@ on load_persist_props_action 
    setprop logd.logpersistd.enable true



on property:logd.logpersistd.enable=true && property:logd.logpersistd=logcatd

    # all exec/services are called with umask(077), so no gain beyond 0700

    mkdir /data/misc/logd 0700 logd log

    # log group should be able to read persisted logs

    mkdir /data/misc/logd 0750 logd log

    start logcatd



# stop logcatd service and clear data

logd/logtagd.rc

+1 −1
Original line number Diff line number Diff line
@@ -2,7 +2,7 @@ 
# logtagd event log tag service (debug only)

#

on post-fs-data

    mkdir /data/misc/logd 0700 logd log

    mkdir /data/misc/logd 0750 logd log

    write /data/misc/logd/event-log-tags ""

    chown logd log /data/misc/logd/event-log-tags

    chmod 0600 /data/misc/logd/event-log-tags