From 3399e5d7bbc6036c8e19eb82dd967596eac71f01 Mon Sep 17 00:00:00 2001 From: Ecco Park Date: Tue, 31 Jan 2017 18:02:52 -0800 Subject: [PATCH] Dumpstate: Fix selinux permission error for hal_dumpstate_impl Dumpstate for marlin has been broken since hidlization because of selinux permission For modem log, create the property(ro.radio.log_loc) so that dumpstate refer this prop to read the modem logs. Test: 1) generated dumpstate-board.txt without any permission error 2) modem sim is detected properly Bug: 31982882 Fixes: 34076823 Fixes: 34831632 Change-Id: Id2f2700ea0e138274726f9ec142747fb02fa28a8 Signed-off-by: Ecco Park --- device-common.mk | 3 ++- dumpstate/DumpstateDevice.cpp | 35 ++++++++++++++----------------- init.common.diag.rc.userdebug | 2 ++ sepolicy/domain.te | 1 + sepolicy/dumpstate.te | 4 ++++ sepolicy/file.te | 6 ++++++ sepolicy/file_contexts | 9 ++++++++ sepolicy/hal_dumpstate_impl.te | 38 +++++++++++++++++++++++++++++++++- sepolicy/kernel.te | 2 ++ sepolicy/qsee_logger.te | 1 + sepolicy/rild.te | 2 ++ sepolicy/smlog_dump.te | 7 +++++++ sepolicy/system_server.te | 4 ++++ 13 files changed, 93 insertions(+), 21 deletions(-) create mode 100644 sepolicy/dumpstate.te create mode 100644 sepolicy/qsee_logger.te create mode 100644 sepolicy/smlog_dump.te diff --git a/device-common.mk b/device-common.mk index 1a1b3eb65..54f10aa4f 100644 --- a/device-common.mk +++ b/device-common.mk @@ -324,7 +324,8 @@ PRODUCT_PROPERTY_OVERRIDES += \ ifneq (,$(filter userdebug eng, $(TARGET_BUILD_VARIANT))) PRODUCT_PROPERTY_OVERRIDES += \ persist.radio.smlog_switch=1 \ - ro.radio.log_prefix="htc_smlog_" + ro.radio.log_prefix="htc_smlog_" \ + ro.radio.log_loc="/data/smlog_dump" endif # Set snapshot timer to 3 second diff --git a/dumpstate/DumpstateDevice.cpp b/dumpstate/DumpstateDevice.cpp index b3323a7dc..18be72cd8 100755 --- a/dumpstate/DumpstateDevice.cpp +++ b/dumpstate/DumpstateDevice.cpp @@ -28,6 +28,7 @@ #include "DumpstateUtil.h" #define MODEM_LOG_PREFIX_PROPERTY "ro.radio.log_prefix" +#define MODEM_LOG_LOC_PROPERTY "ro.radio.log_loc" #define MODEM_LOGGING_SWITCH "persist.radio.smlog_switch" using android::os::dumpstate::CommandOptions; @@ -46,33 +47,30 @@ namespace { static void getModemLogs(int fd) { bool modemLogsEnabled = 0; - + std::string modemLogDir = android::base::GetProperty(MODEM_LOG_LOC_PROPERTY, ""); + if (modemLogDir.empty()) { + ALOGD("No modem log place is set\n"); + return; + } /* Check if smlog_dump tool exist */ - if (!PropertiesHelper::IsUserBuild() && !access("/system/bin/smlog_dump", F_OK)) { + if (!PropertiesHelper::IsUserBuild() && !access("/system/bin/smlog_dump", X_OK)) { modemLogsEnabled = android::base::GetBoolProperty(MODEM_LOGGING_SWITCH, false); /* Execute SMLOG DUMP if SMLOG is enabled */ if (modemLogsEnabled) { - // TODO: uses a temporary path instead - std::string bugreportDir = "/bugreports"; - CommandOptions options = CommandOptions::WithTimeout(120).AsRoot().Build(); - RunCommandToFd(fd, "SMLOG DUMP", { "smlog_dump", "-d", "-o", bugreportDir.c_str() }, options); - + CommandOptions options = CommandOptions::WithTimeout(120).Build(); + RunCommandToFd(fd, "SMLOG DUMP", { "smlog_dump", "-d", "-o", modemLogDir.c_str() }, options); // Remove smlog folders older than 10 days. std::string filePrefix = android::base::GetProperty(MODEM_LOG_PREFIX_PROPERTY, ""); if (!filePrefix.empty()) { std::string removeCommand = "/system/bin/find " + - bugreportDir + "/" + filePrefix + "* -mtime +10 -delete"; + modemLogDir + "/" + filePrefix + "* -mtime +10 -delete"; RunCommandToFd(fd, "RM OLD SMLOG", - { "/system/bin/sh", "-c", removeCommand.c_str()}, - CommandOptions::AS_ROOT); + { "/system/bin/sh", "-c", removeCommand.c_str() }); } } - RunCommandToFd(fd, "RM OLD SMLOG", - { "/system/bin/sh", "-c", "/system/bin/find /data/smlog_* -delete" }, - CommandOptions::AS_ROOT); } } @@ -98,18 +96,17 @@ Return DumpstateDevice::dumpstateBoard(const hidl_handle& handle) { DumpFileToFd(fd, "RPM Stats", "/d/rpm_stats"); DumpFileToFd(fd, "Power Management Stats", "/d/rpm_master_stats"); DumpFileToFd(fd, "SMD Log", "/d/ipc_logging/smd/log"); - RunCommandToFd(fd, "ION HEAPS", {"/system/bin/sh", "-c", "for d in $(ls -d /d/ion/*); do for f in $(ls $d); do echo --- $d/$f; cat $d/$f; done; done"}, CommandOptions::AS_ROOT); + RunCommandToFd(fd, "ION HEAPS", {"/system/bin/sh", "-c", "for d in $(ls -d /d/ion/*); do for f in $(ls $d); do echo --- $d/$f; cat $d/$f; done; done"}); DumpFileToFd(fd, "dmabuf info", "/d/dma_buf/bufinfo"); - RunCommandToFd(fd, "Temperatures", {"/system/bin/sh", "-c", "for f in `ls /sys/class/thermal` ; do type=`cat /sys/class/thermal/$f/type` ; temp=`cat /sys/class/thermal/$f/temp` ; echo \"$type: $temp\" ; done"}, CommandOptions::AS_ROOT); + RunCommandToFd(fd, "Temperatures", {"/system/bin/sh", "-c", "for f in `ls /sys/class/thermal` ; do type=`cat /sys/class/thermal/$f/type` ; temp=`cat /sys/class/thermal/$f/temp` ; echo \"$type: $temp\" ; done"}); DumpFileToFd(fd, "cpu0-1 time-in-state", "/sys/devices/system/cpu/cpu0/cpufreq/stats/time_in_state"); - RunCommandToFd(fd, "cpu0-1 cpuidle", {"/system/bin/sh", "-c", "for d in $(ls -d /sys/devices/system/cpu/cpu0/cpuidle/state*); do echo \"$d: `cat $d/name` `cat $d/desc` `cat $d/time` `cat $d/usage`\"; done"}, CommandOptions::AS_ROOT); + RunCommandToFd(fd, "cpu0-1 cpuidle", {"/system/bin/sh", "-c", "for d in $(ls -d /sys/devices/system/cpu/cpu0/cpuidle/state*); do echo \"$d: `cat $d/name` `cat $d/desc` `cat $d/time` `cat $d/usage`\"; done"}); DumpFileToFd(fd, "cpu2-3 time-in-state", "/sys/devices/system/cpu/cpu2/cpufreq/stats/time_in_state"); - RunCommandToFd(fd, "cpu2-3 cpuidle", {"/system/bin/sh", "-c", "for d in $(ls -d /sys/devices/system/cpu/cpu2/cpuidle/state*); do echo \"$d: `cat $d/name` `cat $d/desc` `cat $d/time` `cat $d/usage`\"; done"}, CommandOptions::AS_ROOT); + RunCommandToFd(fd, "cpu2-3 cpuidle", {"/system/bin/sh", "-c", "for d in $(ls -d /sys/devices/system/cpu/cpu2/cpuidle/state*); do echo \"$d: `cat $d/name` `cat $d/desc` `cat $d/time` `cat $d/usage`\"; done"}); DumpFileToFd(fd, "MDP xlogs", "/d/mdp/xlog/dump"); - RunCommandToFd(fd, "RAMDUMP LIST", {"/system/bin/sh", "-c", "cat /data/data/com.android.ramdump/files/RAMDUMP_LIST"}, CommandOptions::AS_ROOT); /* Check if qsee_logger tool exists */ - if (!access("/system/bin/qsee_logger", F_OK)) { + if (!access("/system/bin/qsee_logger", X_OK)) { RunCommandToFd(fd, "FP LOGS", {"qsee_logger", "-d"}); } diff --git a/init.common.diag.rc.userdebug b/init.common.diag.rc.userdebug index ba4f5e0f8..7a8a1e675 100644 --- a/init.common.diag.rc.userdebug +++ b/init.common.diag.rc.userdebug @@ -5,6 +5,8 @@ on post-fs-data mkdir /data/diag_logs 0777 system system # WLAN logging collection mkdir /data/cnss_diag 0777 system system + # SM DUMP logging collection + mkdir /data/smlog_dump 0777 system system # Copy OEM adb_keys if /data/misc/adb/adb_keys does not exist copy /data/misc/adb/adb_keys /data/misc/adb/adb_keys_temp diff --git a/sepolicy/domain.te b/sepolicy/domain.te index 4aa0dbe52..dd051d354 100644 --- a/sepolicy/domain.te +++ b/sepolicy/domain.te @@ -1,3 +1,4 @@ get_prop(domain, camera_prop) dontaudit domain self:capability sys_module; +allow domain debugfs_ion:dir search; diff --git a/sepolicy/dumpstate.te b/sepolicy/dumpstate.te new file mode 100644 index 000000000..72935eb43 --- /dev/null +++ b/sepolicy/dumpstate.te @@ -0,0 +1,4 @@ +userdebug_or_eng(` +allow dumpstate smlog_dump_file:dir create_dir_perms; +allow dumpstate smlog_dump_file:file create_file_perms; +') diff --git a/sepolicy/file.te b/sepolicy/file.te index 28a79f644..6a63b1fad 100644 --- a/sepolicy/file.te +++ b/sepolicy/file.te @@ -6,6 +6,7 @@ type firmware_file, fs_type, contextmount_type; # /data type diag_logs, file_type, data_file_type, mlstrustedobject; type cnss_diag_data_file, file_type, data_file_type, mlstrustedobject; +type smlog_dump_file, file_type, data_file_type; type location_data_file, file_type, data_file_type; type perfd_data_file, file_type, data_file_type; type ramdump_data_file, file_type, data_file_type, mlstrustedobject; @@ -35,6 +36,11 @@ type debugfs_rmt_storage, debugfs_type, fs_type; type debugfs_sps, debugfs_type, fs_type; type debugfs_rpm, debugfs_type, fs_type; type debugfs_kgsl, debugfs_type, fs_type; +type debugfs_ipc, debugfs_type, fs_type; +type debugfs_bufinfo, debugfs_type, fs_type; +type debugfs_mdp, debugfs_type, fs_type; +type debugfs_ion, debugfs_type, fs_type; +type debugfs_qsee_log, debugfs_type, fs_type; # /proc type proc_kernel_sched, fs_type; diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index 245614cd4..0a31e43d4 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -109,6 +109,8 @@ /system/bin/subsystem_ramdump u:object_r:subsystem_ramdump_exec:s0 /system/bin/ssr_setup u:object_r:ssr_setup_exec:s0 /system/bin/ramdump u:object_r:htc_ramdump_exec:s0 +/system/bin/smlog_dump u:object_r:smlog_dump_exec:s0 +/system/bin/qsee_logger u:object_r:qsee_logger_exec:s0 /system/bin/init\.mid\.sh u:object_r:init_mid_exec:s0 /system/bin/init\.power\.sh u:object_r:init_power_exec:s0 @@ -134,6 +136,7 @@ /sys/module/msm_core(/.*)? u:object_r:sysfs_msm_core:s0 /sys/devices/soc/70000\.qcom,msm-core(/.*)? u:object_r:sysfs_msm_core:s0 /sys/module/msm_thermal(/.*)? u:object_r:sysfs_thermal:s0 +/sys/class/thermal(/.*)? u:object_r:sysfs_thermal:s0 /sys/module/msm_performance(/.*)? u:object_r:sysfs_perf:s0 /sys/devices/virtual/net(/.*)? u:object_r:sysfs_net:s0 /sys/module/subsystem_restart(/.*)? u:object_r:sysfs_msm_subsys_restart:s0 @@ -169,10 +172,16 @@ /sys/kernel/debug/rpm_stats u:object_r:debugfs_rpm:s0 /sys/kernel/debug/rpm_master_stats u:object_r:debugfs_rpm:s0 /sys/kernel/debug/kgsl(/.*)? u:object_r:debugfs_kgsl:s0 +/sys/kernel/debug/ipc_logging(/.*)? u:object_r:debugfs_ipc:s0 +/sys/kernel/debug/dma_buf/bufinfo u:object_r:debugfs_bufinfo:s0 +/sys/kernel/debug/mdp/xlog/dump u:object_r:debugfs_mdp:s0 +/sys/kernel/debug/tzdbg/qsee_log u:object_r:debugfs_qsee_log:s0 +/sys/kernel/debug/ion(/.*)? u:object_r:debugfs_ion:s0 # /data /data/diag_logs(/.*)? u:object_r:diag_logs:s0 /data/cnss_diag(/.*)? u:object_r:cnss_diag_data_file:s0 +/data/smlog_dump(/.*)? u:object_r:smlog_dump_file:s0 /data/nfc(/.*)? u:object_r:nfc_data_file:s0 /data/time(/.*)? u:object_r:time_data_file:s0 /data/ramdump(/.*)? u:object_r:ramdump_data_file:s0 diff --git a/sepolicy/hal_dumpstate_impl.te b/sepolicy/hal_dumpstate_impl.te index 414b0e383..04a7b74d0 100644 --- a/sepolicy/hal_dumpstate_impl.te +++ b/sepolicy/hal_dumpstate_impl.te @@ -5,4 +5,40 @@ type hal_dumpstate_impl_exec, exec_type, file_type; init_daemon_domain(hal_dumpstate_impl) # supress audit messages for attempting access to /firmware -dontaudit dumpstate firmware_file:dir search; \ No newline at end of file +dontaudit hal_dumpstate_impl firmware_file:dir search; + +# Execute dump scripts +allow hal_dumpstate_impl shell_exec:file rx_file_perms; +allow hal_dumpstate_impl toolbox_exec:file rx_file_perms; +# system file execution +#allow hal_dumpstate_impl system_data_file:dir r_dir_perms; + +# smlog_dump +allow hal_dumpstate_impl smlog_dump_exec:file rx_file_perms; +userdebug_or_eng(` +allow hal_dumpstate_impl smlog_dump_file:dir rw_dir_perms; +allow hal_dumpstate_impl smlog_dump_file:file create_file_perms; +') +allow hal_dumpstate_impl uio_device:chr_file rw_file_perms; +r_dir_file(hal_dumpstate_impl, sysfs_uio) +r_dir_file(hal_dumpstate_impl, sysfs_rmtfs) +r_dir_file(hal_dumpstate_impl, sysfs_msm_subsys) + +# Access to files for dumping +allow hal_dumpstate_impl sysfs:dir r_dir_perms; +# rpm stat +allow hal_dumpstate_impl debugfs_rpm:file r_file_perms; +allow hal_dumpstate_impl debugfs_bufinfo:file r_file_perms; +# qsee_logger +allow hal_dumpstate_impl qsee_logger_exec:file rx_file_perms; +allow hal_dumpstate_impl debugfs_qsee_log:file r_file_perms; +# MDP logs +allow hal_dumpstate_impl debugfs_mdp:file r_file_perms; +# ION HEAPS +r_dir_file(hal_dumpstate_impl, debugfs_ion) +# ipc +r_dir_file(hal_dumpstate_impl, debugfs_ipc) +# Temperatures +r_dir_file(hal_dumpstate_impl, sysfs_thermal) +# CPU stat +r_dir_file(hal_dumpstate_impl, sysfs_devices_system_cpu) diff --git a/sepolicy/kernel.te b/sepolicy/kernel.te index 561091796..4359e2681 100644 --- a/sepolicy/kernel.te +++ b/sepolicy/kernel.te @@ -1,5 +1,7 @@ r_dir_file(kernel, firmware_file) +# ipc +allow kernel debugfs_ipc:dir search; # for diag over socket userdebug_or_eng(` diff --git a/sepolicy/qsee_logger.te b/sepolicy/qsee_logger.te new file mode 100644 index 000000000..50f9eba17 --- /dev/null +++ b/sepolicy/qsee_logger.te @@ -0,0 +1 @@ +type qsee_logger_exec, exec_type, file_type; diff --git a/sepolicy/rild.te b/sepolicy/rild.te index a7ce84104..827586a4f 100644 --- a/sepolicy/rild.te +++ b/sepolicy/rild.te @@ -14,6 +14,8 @@ unix_socket_connect(rild, netmgrd, netmgrd) r_dir_file(rild, sysfs_type) allow rild time:unix_stream_socket connectto; +# smlog_dump +allow rild smlog_dump_exec:file rx_file_perms; allowxperm rild self:udp_socket ioctl priv_sock_ioctls; allow rild self:socket ioctl; diff --git a/sepolicy/smlog_dump.te b/sepolicy/smlog_dump.te new file mode 100644 index 000000000..d6be16524 --- /dev/null +++ b/sepolicy/smlog_dump.te @@ -0,0 +1,7 @@ +type smlog_dump_exec, exec_type, file_type; + +type smlog_dump, domain; +allow smlog_dump smlog_dump_file:dir r_dir_perms; +allow smlog_dump smlog_dump_file:file create_file_perms; +r_dir_file(smlog_dump, sysfs_uio) +r_dir_file(smlog_dump, sysfs_rmtfs) diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te index 1c0f60210..bc4b3a983 100644 --- a/sepolicy/system_server.te +++ b/sepolicy/system_server.te @@ -42,6 +42,10 @@ set_prop(system_server, sensors_prop) allow system_server thermal-engine:unix_stream_socket connectto; allow system_server thermal_socket:sock_file write; + +# rpm +r_dir_file(system_server, debugfs_rpm) + userdebug_or_eng(` allow system_server diag_device:chr_file rw_file_perms; ')