system/etc/event-log-tags available to all
This was a regression in Q, and the file is an implementation of
liblog.
Bug: 113083310
Test: use tags from vendor and see no denials
Change-Id: I726cc1fcfad39afc197b21e431a687a3e4c8ee4a
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index 7a0dafa..569ea1e 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -80,6 +80,7 @@
sensor_privacy_service
server_configurable_flags_data_file
super_block_device
+ system_event_log_tags_file
system_lmk_prop
system_suspend_hwservice
staging_data_file
diff --git a/private/file_contexts b/private/file_contexts
index 853d0a7..196c762 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -287,6 +287,7 @@
/system/bin/hw/android\.frameworks\.bufferhub@1\.0-service u:object_r:fwk_bufferhub_exec:s0
/system/bin/hw/android\.hidl\.allocator@1\.0-service u:object_r:hal_allocator_default_exec:s0
/system/bin/hw/android\.system\.suspend@1\.0-service u:object_r:hal_system_suspend_default_exec:s0
+/system/etc/event-log-tags u:object_r:system_event_log_tags_file:s0
/system/etc/ld\.config.* u:object_r:system_linker_config_file:s0
/system/etc/seccomp_policy(/.*)? u:object_r:system_seccomp_policy_file:s0
/system/etc/security/cacerts(/.*)? u:object_r:system_security_cacerts_file:s0
diff --git a/public/domain.te b/public/domain.te
index ab6610f..6592c7c 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -125,6 +125,8 @@
allow domain system_linker_config_file:file r_file_perms;
allow domain system_lib_file:file { execute read open getattr map };
+allow domain system_event_log_tags_file:file r_file_perms;
+
allow { appdomain coredomain } system_file:file { execute read open getattr map };
# Make sure system/vendor split doesn not affect non-treble
@@ -1032,6 +1034,7 @@
-file_contexts_file
-netutils_wrapper_exec
-property_contexts_file
+ -system_event_log_tags_file
-system_lib_file
with_asan(`-system_asan_options_file')
-system_linker_exec
diff --git a/public/file.te b/public/file.te
index 86a85dc..2d26610 100644
--- a/public/file.te
+++ b/public/file.te
@@ -135,6 +135,8 @@
type system_file, system_file_type, file_type;
# Default type for /system/asan.options
type system_asan_options_file, system_file_type, file_type;
+# Type for /system/etc/event-log-tags (liblog implementation detail)
+type system_event_log_tags_file, system_file_type, file_type;
# Default type for anything under /system/lib[64].
type system_lib_file, system_file_type, file_type;
# Default type for linker executable /system/bin/linker[64].