Gitiles
Code Review Sign In
gerrit.omnirom.org / android_device_google_gs-common / 62abd5daf8301fcefef0d60063babfa45b866dd3^! / . / bluetooth / dump / sepolicy / file_contexts
commit62abd5daf8301fcefef0d60063babfa45b866dd3[log] [tgz]
authorjonerlin <jonerlin@google.com>Wed Oct 23 14:44:06 2024 +0000
committerjonerlin <jonerlin@google.com>Mon Oct 28 14:51:40 2024 +0000
treeefd4ce0b3dc128a7503e5c5064de4be073e6408c
parent9590adf0c7a8f887c91db7d7c96351a51e5fe342 [diff] [blame]
add sepolicy rules for bluetooth common hal dumpstate

10-27 07:29:30.836000  1000  7403  7403 I auditd  : type=1400 audit(0.0:1002): avc:  denied  { search } for  comm="dump_bt" name="radio" dev="dm-52" ino=378 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
10-27 07:29:30.836000  1000  7403  7403 I dump_bt : type=1400 audit(0.0:1002): avc:  denied  { search } for  name="radio" dev="dm-52" ino=378 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
10-27 07:29:30.836000  1000  7403  7403 I auditd  : type=1400 audit(0.0:1003): avc:  denied  { write } for  comm="dump_bt" name="all_logs" dev="dm-52" ino=15632 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
10-27 07:29:30.836000  1000  7403  7403 I dump_bt : type=1400 audit(0.0:1003): avc:  denied  { write } for  name="all_logs" dev="dm-52" ino=15632 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
10-27 07:29:30.836000  1000  7403  7403 I auditd  : type=1400 audit(0.0:1004): avc:  denied  { add_name } for  comm="dump_bt" name="bt" scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
10-27 07:29:30.836000  1000  7403  7403 I dump_bt : type=1400 audit(0.0:1004): avc:  denied  { add_name } for  name="bt" scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
10-27 07:29:30.836000  1000  7403  7403 I auditd  : type=1400 audit(0.0:1005): avc:  denied  { create } for  comm="dump_bt" name="bt" scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
10-27 07:29:30.836000  1000  7403  7403 I dump_bt : type=1400 audit(0.0:1005): avc:  denied  { create } for  name="bt" scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
10-27 07:29:30.836000  1000  7403  7403 I auditd  : type=1400 audit(0.0:1006): avc:  denied  { read } for  comm="dump_bt" name="bluetooth" dev="dm-52" ino=405 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-27 07:29:30.836000  1000  7403  7403 I dump_bt : type=1400 audit(0.0:1006): avc:  denied  { read } for  name="bluetooth" dev="dm-52" ino=405 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-27 11:02:17.568000  1000  7510  7510 I auditd  : type=1400 audit(0.0:1005): avc:  denied  { open } for  comm="dump_bt" path="/data/vendor/bluetooth" dev="dm-52" ino=405 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-27 11:02:17.568000  1000  7510  7510 I dump_bt : type=1400 audit(0.0:1005): avc:  denied  { open } for  path="/data/vendor/bluetooth" dev="dm-52" ino=405 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-27 11:02:17.568000  1000  7510  7510 I auditd  : type=1400 audit(0.0:1006): avc:  denied  { read } for  comm="dump_bt" name="bt" dev="dm-52" ino=16645 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
10-27 11:02:17.568000  1000  7510  7510 I dump_bt : type=1400 audit(0.0:1006): avc:  denied  { read } for  name="bt" dev="dm-52" ino=16645 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=dir permissive=1
10-27 11:02:17.568000  1000  7510  7510 I auditd  : type=1400 audit(0.0:1007): avc:  denied  { search } for  comm="dump_bt" name="bluetooth" dev="dm-52" ino=405 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-27 11:02:17.568000  1000  7510  7510 I dump_bt : type=1400 audit(0.0:1007): avc:  denied  { search } for  name="bluetooth" dev="dm-52" ino=405 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-27 11:02:17.568000  1000  7510  7510 I auditd  : type=1400 audit(0.0:1008): avc:  denied  { read } for  comm="dump_bt" name="btsnoop_hci_vnd.log.last" dev="dm-52" ino=15209 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=file permissive=1
10-27 11:02:17.568000  1000  7510  7510 I dump_bt : type=1400 audit(0.0:1008): avc:  denied  { read } for  name="btsnoop_hci_vnd.log.last" dev="dm-52" ino=15209 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=file permissive=1
10-27 11:02:17.568000  1000  7510  7510 I auditd  : type=1400 audit(0.0:1009): avc:  denied  { open } for  comm="dump_bt" path="/data/vendor/bluetooth/btsnoop_hci_vnd.log.last" dev="dm-52" ino=15209 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=file permissive=1
10-27 11:02:17.568000  1000  7510  7510 I dump_bt : type=1400 audit(0.0:1009): avc:  denied  { open } for  path="/data/vendor/bluetooth/btsnoop_hci_vnd.log.last" dev="dm-52" ino=15209 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=file permissive=1
10-27 21:03:41.980000  1000  7526  7526 I auditd  : type=1400 audit(0.0:1015): avc:  denied  { create } for  comm="dump_bt" name="btsnoop_hci_vnd.log.last" scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1
10-27 21:03:41.980000  1000  7526  7526 I dump_bt : type=1400 audit(0.0:1015): avc:  denied  { create } for  name="btsnoop_hci_vnd.log.last" scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1
10-27 21:03:41.980000  1000  7526  7526 I auditd  : type=1400 audit(0.0:1016): avc:  denied  { write open } for  comm="dump_bt" path="/data/vendor/radio/logs/always-on/all_logs/bt/btsnoop_hci_vnd.log.last" dev="dm-52" ino=15548 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1
10-27 21:03:41.980000  1000  7526  7526 I dump_bt : type=1400 audit(0.0:1016): avc:  denied  { write open } for  path="/data/vendor/radio/logs/always-on/all_logs/bt/btsnoop_hci_vnd.log.last" dev="dm-52" ino=15548 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1
10-27 21:03:41.980000  1000  7526  7526 I auditd  : type=1400 audit(0.0:1017): avc:  denied  { getattr } for  comm="dump_bt" path="/data/vendor/bluetooth/btsnoop_hci_vnd.log.last" dev="dm-52" ino=11478 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=file permissive=1
10-27 21:03:41.980000  1000  7526  7526 I dump_bt : type=1400 audit(0.0:1017): avc:  denied  { getattr } for  path="/data/vendor/bluetooth/btsnoop_hci_vnd.log.last" dev="dm-52" ino=11478 scontext=u:r:dump_bt:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=file permissive=1
10-27 21:03:41.980000  1000  7526  7526 I auditd  : type=1400 audit(0.0:1018): avc:  denied  { getattr } for  comm="dump_bt" path="/data/vendor/radio/logs/always-on/all_logs/bt/btsnoop_hci_vnd.log.last" dev="dm-52" ino=15548 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1
10-27 21:03:41.980000  1000  7526  7526 I dump_bt : type=1400 audit(0.0:1018): avc:  denied  { getattr } for  path="/data/vendor/radio/logs/always-on/all_logs/bt/btsnoop_hci_vnd.log.last" dev="dm-52" ino=15548 scontext=u:r:dump_bt:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=file permissive=1
10-27 21:03:42.000000  1000  7526  7526 I auditd  : type=1400 audit(0.0:1019): avc:  denied  { search } for  comm="dump_bt" name="ssrdump" dev="dm-52" ino=425 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1
10-27 21:03:42.000000  1000  7526  7526 I dump_bt : type=1400 audit(0.0:1019): avc:  denied  { search } for  name="ssrdump" dev="dm-52" ino=425 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1
10-28 00:05:09.220000  1000  8227  8227 I auditd  : type=1400 audit(0.0:1062): avc:  denied  { read } for  comm="dump_bt" name="coredump" dev="dm-52" ino=426 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1
10-28 00:05:09.220000  1000  8227  8227 I dump_bt : type=1400 audit(0.0:1062): avc:  denied  { read } for  name="coredump" dev="dm-52" ino=426 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1
10-28 00:05:09.220000  1000  8227  8227 I auditd  : type=1400 audit(0.0:1063): avc:  denied  { open } for  comm="dump_bt" path="/data/vendor/ssrdump/coredump" dev="dm-52" ino=426 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1
10-28 00:05:09.220000  1000  8227  8227 I dump_bt : type=1400 audit(0.0:1063): avc:  denied  { open } for  path="/data/vendor/ssrdump/coredump" dev="dm-52" ino=426 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1
10-28 00:05:09.220000  1000  8227  8227 I auditd  : type=1400 audit(0.0:1064): avc:  denied  { search } for  comm="dump_bt" name="coredump" dev="dm-52" ino=426 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1
10-28 00:05:09.220000  1000  8227  8227 I dump_bt : type=1400 audit(0.0:1064): avc:  denied  { search } for  name="coredump" dev="dm-52" ino=426 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=dir permissive=1
10-28 00:05:09.220000  1000  8227  8227 I auditd  : type=1400 audit(0.0:1065): avc:  denied  { read } for  comm="dump_bt" name="coredump_bt_socdump_2024-10-28_00-04-17.bin" dev="dm-52" ino=15913 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=file permissive=1
10-28 00:05:09.220000  1000  8227  8227 I dump_bt : type=1400 audit(0.0:1065): avc:  denied  { read } for  name="coredump_bt_socdump_2024-10-28_00-04-17.bin" dev="dm-52" ino=15913 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=file permissive=1
10-28 00:05:09.220000  1000  8227  8227 I auditd  : type=1400 audit(0.0:1066): avc:  denied  { open } for  comm="dump_bt" path="/data/vendor/ssrdump/coredump/coredump_bt_socdump_2024-10-28_00-04-17.bin" dev="dm-52" ino=15913 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=file permissive=1
10-28 00:05:09.220000  1000  8227  8227 I dump_bt : type=1400 audit(0.0:1066): avc:  denied  { open } for  path="/data/vendor/ssrdump/coredump/coredump_bt_socdump_2024-10-28_00-04-17.bin" dev="dm-52" ino=15913 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=file permissive=1
10-28 07:01:56.708000  1000  7681  7681 I auditd  : type=1400 audit(0.0:1019): avc:  denied  { getattr } for  comm="dump_bt" path="/data/vendor/ssrdump/coredump/coredump_bt_socdump_2024-10-28_07-01-11.bin" dev="dm-52" ino=16414 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=file permissive=1
10-28 07:01:56.708000  1000  7681  7681 I dump_bt : type=1400 audit(0.0:1019): avc:  denied  { getattr } for  path="/data/vendor/ssrdump/coredump/coredump_bt_socdump_2024-10-28_07-01-11.bin" dev="dm-52" ino=16414 scontext=u:r:dump_bt:s0 tcontext=u:object_r:sscoredump_vendor_data_coredump_file:s0 tclass=file permissive=1
10-24 09:58:37.780000  1000  7820  7820 I auditd  : type=1400 audit(0.0:985): avc:  denied  { read } for  comm="dump_bt" name="bluetooth" dev="dm-51" ino=405 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-24 09:58:37.780000  1000  7820  7820 I dump_bt : type=1400 audit(0.0:985): avc:  denied  { read } for  name="bluetooth" dev="dm-51" ino=405 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-24 09:58:37.780000  1000  7820  7820 I auditd  : type=1400 audit(0.0:986): avc:  denied  { open } for  comm="dump_bt" path="/data/vendor/bluetooth" dev="dm-51" ino=405 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-24 09:58:37.780000  1000  7820  7820 I dump_bt : type=1400 audit(0.0:986): avc:  denied  { open } for  path="/data/vendor/bluetooth" dev="dm-51" ino=405 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-24 09:58:37.780000  1000  7820  7820 I auditd  : type=1400 audit(0.0:987): avc:  denied  { search } for  comm="dump_bt" name="bluetooth" dev="dm-51" ino=405 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-24 09:58:37.780000  1000  7820  7820 I dump_bt : type=1400 audit(0.0:987): avc:  denied  { search } for  name="bluetooth" dev="dm-51" ino=405 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1
10-24 09:58:37.780000  1000  7820  7820 I auditd  : type=1400 audit(0.0:988): avc:  denied  { read } for  comm="dump_bt" name="btsnoop_hci_vnd.log.last" dev="dm-51" ino=15291 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=file permissive=1
10-24 09:58:37.780000  1000  7820  7820 I dump_bt : type=1400 audit(0.0:988): avc:  denied  { read } for  name="btsnoop_hci_vnd.log.last" dev="dm-51" ino=15291 scontext=u:r:hal_dumpstate_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=file permissive=1

Bug: 373526518
Bug: 372146292
Test: build pass, get bugreport and check bt dumpstate log files
Flag: EXEMPT, mechanical change.
Change-Id: I65025ffdac1c3017c494ae2a9fe8deeb5c7ce970

diff --git a/bluetooth/dump/sepolicy/file_contexts b/bluetooth/dump/sepolicy/file_contexts
new file mode 100644
index 0000000..da28d10
--- /dev/null
+++ b/bluetooth/dump/sepolicy/file_contexts

@@ -0,0 +1,2 @@
+# bt common hal dump_bt service
+/vendor/bin/dump/dump_bt           u:object_r:dump_bt_exec:s0