Define UWB snoop log in sepolicy Bug: 341014812 Test: manual, bugreport attached in the associated bugreport Change-Id: I6e96663345263f2587d7ae2e73b7007b2bdcd640

commit: dd2e2ba8666ce3ad04c0104590d7b024641c1d76 [log] [tgz]
author: Nattharat Jariyanuntanaet <nattharatj@google.com> Wed May 15 08:16:16 2024 +0000
committer: Nattharat Jariyanuntanaet <nattharatj@google.com> Mon May 20 08:42:31 2024 +0000
tree: 183e400b620bd95f10aee7a803a7ecd876f0c2e3
parent: 60f55289f88da59391e248a4df22f1993aebd4e7 [diff] [blame]
diff --git a/private/dumpstate.te b/private/dumpstate.te
index 2d7a1c9..90c168e 100644
--- a/private/dumpstate.te
+++ b/private/dumpstate.te

@@ -365,6 +365,12 @@
 allow dumpstate nfc_logs_data_file:dir r_dir_perms;
 allow dumpstate nfc_logs_data_file:file r_file_perms;
 
+# For uwb
+allow dumpstate apex_module_data_file:dir search;
+allow dumpstate apex_system_server_data_file:dir search;
+allow dumpstate apex_uwb_data_file:dir r_dir_perms;
+allow dumpstate apex_uwb_data_file:file r_file_perms;
+
 # Dumpstate calls screencap, which grabs a screenshot. Needs gpu access
 allow dumpstate gpu_device:chr_file rw_file_perms;
 allow dumpstate gpu_device:dir r_dir_perms;
@@ -558,3 +564,21 @@
   -traceur_app
   -dumpstate
 } dumpstate_service:service_manager find;
+
+# only dumpstate, system_server and related others to access apex_uwb_data_file
+neverallow {
+  domain
+  -dumpstate
+  -system_server
+  -apexd
+  -init
+  -vold_prepare_subdirs
+} apex_uwb_data_file:dir no_rw_file_perms;
+neverallow {
+  domain
+  -dumpstate
+  -system_server
+  -apexd
+  -init
+  -vold_prepare_subdirs
+} apex_uwb_data_file:file no_rw_file_perms;
commit	dd2e2ba8666ce3ad04c0104590d7b024641c1d76	[log] [tgz]
author	Nattharat Jariyanuntanaet <nattharatj@google.com>	Wed May 15 08:16:16 2024 +0000
committer	Nattharat Jariyanuntanaet <nattharatj@google.com>	Mon May 20 08:42:31 2024 +0000
tree	183e400b620bd95f10aee7a803a7ecd876f0c2e3
parent	60f55289f88da59391e248a4df22f1993aebd4e7 [diff] [blame]