selinux: add pstore
Used to record the Android log messages, then on reboot
provide a means to triage user-space actitivies leading
up to a panic. A companion to the pstore console logs.
Change-Id: I9b94ee3d5e94e0c4590ba8453b4ac1ebdfc7603f
diff --git a/device.te b/device.te
index 20e95a5..9ff30d5 100644
--- a/device.te
+++ b/device.te
@@ -9,6 +9,7 @@
type camera_device, dev_type;
type dm_device, dev_type;
type loop_device, dev_type;
+type pmsg_device, dev_type, mlstrustedobject;
type radio_device, dev_type;
type ram_device, dev_type;
type vold_device, dev_type;
diff --git a/file_contexts b/file_contexts
index a733759..04fa4c7 100644
--- a/file_contexts
+++ b/file_contexts
@@ -66,6 +66,7 @@
/dev/mpuirq u:object_r:gps_device:s0
/dev/mtd(/.*)? u:object_r:mtd_device:s0
/dev/mtp_usb u:object_r:mtp_device:s0
+/dev/pmsg0 u:object_r:pmsg_device:s0
/dev/pn544 u:object_r:nfc_device:s0
/dev/ppp u:object_r:ppp_device:s0
/dev/ptmx u:object_r:ptmx_device:s0
diff --git a/shell.te b/shell.te
index 3e30adc..a69d475 100644
--- a/shell.te
+++ b/shell.te
@@ -9,9 +9,12 @@
# XXX Transition into its own domain?
app_domain(shell)
-# logd access
+# logcat
read_logd(shell)
control_logd(shell)
+# logcat -L (directly, or via dumpstate)
+allow shell pstorefs:dir search;
+allow shell pstorefs:file r_file_perms;
# read files in /data/anr
allow shell anr_data_file:dir r_dir_perms;
diff --git a/te_macros b/te_macros
index 016333e..b665f3f 100644
--- a/te_macros
+++ b/te_macros
@@ -328,6 +328,7 @@
allow $1 logd_debug:file w_file_perms;
')
unix_socket_send($1, logdw, logd)
+allow $1 pmsg_device:chr_file w_file_perms;
')
#####################################