1 typeattribute logpersist coredomain; 2 3 # android debug log storage in logpersist domains (eng and userdebug only) 4 userdebug_or_eng(` 5 6 r_dir_file(logpersist, cgroup) 7 8 allow logpersist misc_logd_file:file create_file_perms; 9 allow logpersist misc_logd_file:dir rw_dir_perms; 10 11 allow logpersist self:global_capability_class_set sys_nice; 12 allow logpersist pstorefs:dir search; 13 allow logpersist pstorefs:file r_file_perms; 14 15 control_logd(logpersist) 16 unix_socket_connect(logpersist, logdr, logd) 17 read_runtime_log_tags(logpersist) 18 19 ') 20 21 # logpersist is allowed to write to /data/misc/log for userdebug and eng builds 22 neverallow logpersist { file_type userdebug_or_eng(`-misc_logd_file -coredump_file') }:file { create write append }; 23 neverallow { domain -init userdebug_or_eng(`-logpersist -logd -dumpstate') } misc_logd_file:file no_rw_file_perms; 24 neverallow { domain -init userdebug_or_eng(`-logpersist -logd') } misc_logd_file:dir { add_name link relabelfrom remove_name rename reparent rmdir write }; 25
