Move logging folder from data to data/vendor

diag_logs
cnss_diag
ramdump

Bug: 36734870
Test: Capture logs and check no SELinux denial
Change-Id: Ic7a7c7052c06b82b88cdaf3057d65e8a6765284c

init.common.diag.rc.userdebug

@@ -2,9 +2,11 @@
 
 on post-fs-data
     # Modem logging collection
-    mkdir /data/diag_logs 0777 system system
+    mkdir /data/vendor/radio 0775 radio radio
+    mkdir /data/vendor/radio/diag_logs 0777 system system
     # WLAN logging collection
-    mkdir /data/cnss_diag 0777 system system
+    mkdir /data/vendor/wifi 0777 system system
+    mkdir /data/vendor/wifi/cnss_diag 0777 system system
     # SM DUMP logging collection
     mkdir /data/smlog_dump 0777 system system
 
@@ -111,7 +113,7 @@ service cnss_diag /vendor/bin/cnss_diag -q -u
     group system
     oneshot
 
-service cnss_diag_txt /vendor/bin/cnss_diag -s -f -m /data/cnss_diag/cnss_diag.conf
+service cnss_diag_txt /vendor/bin/cnss_diag -s -f -m /data/vendor/wifi/cnss_diag/cnss_diag.conf
     class late_start
     user system
     group system

init.common.rc

@@ -605,7 +605,7 @@ service ss_ramdump /vendor/bin/subsystem_ramdump
 
 on property:persist.sys.ssr.enable_ramdumps=1
     write /sys/module/subsystem_restart/parameters/enable_ramdumps 1
-    mkdir /data/ramdump 761 root system
+    mkdir /data/vendor/ramdump 761 root system
     start ss_ramdump
 
 on property:persist.sys.ssr.enable_ramdumps=0

sepolicy/cnss_diag.te

@@ -14,6 +14,6 @@ dontaudit cnss_diag self:udp_socket create;
 
 userdebug_or_eng(`
   allow cnss_diag diag_device:chr_file rw_file_perms;
-  allow cnss_diag cnss_diag_data_file:dir create_dir_perms;
-  allow cnss_diag cnss_diag_data_file:file create_file_perms;
+  allow cnss_diag cnss_vendor_data_file:dir create_dir_perms;
+  allow cnss_diag cnss_vendor_data_file:file create_file_perms;
 ')

sepolicy/file.te

@@ -4,8 +4,6 @@ type sysfs_nanoapp_cmd, sysfs_type, fs_type;
 type firmware_file, fs_type, contextmount_type;
 
 # /data
-type diag_logs, file_type, data_file_type, mlstrustedobject;
-type cnss_diag_data_file, file_type, data_file_type, mlstrustedobject;
 type smlog_dump_file, file_type, data_file_type;
 type location_data_file, file_type, data_file_type;
 type perfd_data_file, file_type, data_file_type;
@@ -17,6 +15,9 @@ type nanohub_lock_file, file_type, data_file_type;
 type sensors_cal_file, file_type;
 type sensors_saved_settings_file, file_type, data_file_type;
 type nfc_vendor_data_file, file_type, data_file_type;
+type radio_vendor_data_file, file_type, data_file_type, mlstrustedobject;
+type cnss_vendor_data_file, file_type, data_file_type, mlstrustedobject;
+type ramdump_vendor_data_file, file_type, data_file_type, mlstrustedobject;
 
 # /sys
 type sysfs_camera, sysfs_type, fs_type;

sepolicy/file_contexts

@@ -182,8 +182,6 @@
 /sys/kernel/debug/ion(/.*)?                      u:object_r:debugfs_ion:s0
 
 # /data
-/data/diag_logs(/.*)?            u:object_r:diag_logs:s0
-/data/cnss_diag(/.*)?            u:object_r:cnss_diag_data_file:s0
 /data/smlog_dump(/.*)?           u:object_r:smlog_dump_file:s0
 /data/nfc(/.*)?                  u:object_r:nfc_data_file:s0
 /data/time(/.*)?                 u:object_r:time_data_file:s0
@@ -198,7 +196,9 @@
 /data/system/nanohub_lock(/.*)?  u:object_r:nanohub_lock_file:s0
 /data/misc/sensorcal_saved\.json  u:object_r:sensors_saved_settings_file:s0
 /data/vendor/nfc(/.*)?           u:object_r:nfc_vendor_data_file:s0
-
+/data/vendor/radio(/.*)?         u:object_r:radio_vendor_data_file:s0
+/data/vendor/wifi(/.*)?          u:object_r:cnss_vendor_data_file:s0
+/data/vendor/ramdump(/.*)?       u:object_r:ramdump_vendor_data_file:s0
 
 # /
 

sepolicy/hrdump.te

@@ -12,8 +12,8 @@ set_prop(htc_ramdump, debug_prop)
 
 allow htc_ramdump rootfs:file { r_file_perms };
 allow htc_ramdump misc_block_device:blk_file { rw_file_perms };
-allow htc_ramdump ramdump_data_file:file { create_file_perms };
-allow htc_ramdump ramdump_data_file:dir { create_dir_perms };
+allow htc_ramdump ramdump_vendor_data_file:file { create_file_perms };
+allow htc_ramdump ramdump_vendor_data_file:dir { create_dir_perms };
 allow htc_ramdump block_device:dir { search };
 allow htc_ramdump ramdump_block_device:blk_file { open read };
 ')

sepolicy/logger_app.te

@@ -0,0 +1,19 @@
+type logger_app, domain;
+
+userdebug_or_eng(`
+  app_domain(logger_app)
+  net_domain(logger_app)
+
+  allow logger_app app_api_service:service_manager find;
+  allow logger_app surfaceflinger_service:service_manager find;
+
+  allow logger_app diag_device:chr_file rw_file_perms;
+
+  allow logger_app radio_vendor_data_file:file create_file_perms;
+  allow logger_app radio_vendor_data_file:dir create_dir_perms;
+
+  allow logger_app cnss_vendor_data_file:dir create_dir_perms;
+  allow logger_app cnss_vendor_data_file:file create_file_perms;
+
+  set_prop(logger_app, cnss_diag_prop);
+')

sepolicy/platform_app.te

@@ -4,15 +4,8 @@ userdebug_or_eng(`
    # accesses data owned by vendor components
    typeattribute platform_app vendordata_in_core_violators;
    # qxdmlogger rundiag perms
-   allow platform_app diag_logs:dir rw_dir_perms;
-   allow platform_app diag_logs:file create_file_perms;
-   allow platform_app diag_device:chr_file rw_file_perms;
-   allow platform_app cnss_diag_data_file:dir create_dir_perms;
-   allow platform_app cnss_diag_data_file:file create_file_perms;
    allow platform_app ramdump_data_file:dir { getattr open read remove_name rmdir search write };
    allow platform_app ramdump_data_file:file { getattr open read unlink write };
    dontaudit platform_app proc_sysrq:file getattr;
    dontaudit platform_app proc_iomem:file getattr;
-   set_prop(platform_app, cnss_diag_prop);
-   set_prop(platform_app, ramdump_prop);
 ')

sepolicy/ramdump_app.te

@@ -0,0 +1,12 @@
+type ramdump_app, domain;
+
+userdebug_or_eng(`
+  app_domain(ramdump_app)
+
+  allow ramdump_app app_api_service:service_manager find;
+
+  allow ramdump_app ramdump_vendor_data_file:file create_file_perms;
+  allow ramdump_app ramdump_vendor_data_file:dir create_dir_perms;
+
+  set_prop(ramdump_app, ramdump_prop);
+')

sepolicy/seapp_contexts

@@ -4,6 +4,9 @@ user=_app seinfo=google name=com.google.android.GoogleCamera domain=google_camer
 user=system seinfo=platform name=com.quicinc.cne.CNEService domain=qcneservice type=system_app_data_file
 user=system seinfo=platform name=com.google.SSRestartDetector domain=ssr_detector type=system_app_data_file
 
+user=_app seinfo=platform name=com.android.nexuslogger domain=logger_app type=app_data_file levelFrom=all
+user=_app seinfo=platform name=com.android.ramdump domain=ramdump_app type=app_data_file levelFrom=all
+
 # AtFwd and FastDormancy apps
 user=system seinfo=platform name=com.qualcomm.telephony domain=qtelephony type=system_app_data_file
 

sepolicy/ssr_detector.te

@@ -4,8 +4,8 @@ type ssr_detector, domain;
 app_domain(ssr_detector)
 
 userdebug_or_eng(`
-  allow ssr_detector ramdump_data_file:dir r_dir_perms;
-  allow ssr_detector ramdump_data_file:file r_file_perms;
+  allow ssr_detector ramdump_vendor_data_file:dir r_dir_perms;
+  allow ssr_detector ramdump_vendor_data_file:file r_file_perms;
   get_prop(ssr_detector, ssr_prop)
 ')
 

sepolicy/subsystem_ramdump.te

@@ -1,4 +1,4 @@
-# Policy for system/bin/subsystem_ramdump
+# Policy for vendor/bin/subsystem_ramdump
 type subsystem_ramdump_exec, exec_type, file_type;
 userdebug_or_eng(`
   type subsystem_ramdump, domain;
@@ -9,8 +9,8 @@ userdebug_or_eng(`
 
   r_dir_file(subsystem_ramdump, sysfs_type)
 
-  allow subsystem_ramdump ramdump_data_file:dir rw_dir_perms;
-  allow subsystem_ramdump ramdump_data_file:file create_file_perms;
+  allow subsystem_ramdump ramdump_vendor_data_file:dir rw_dir_perms;
+  allow subsystem_ramdump ramdump_vendor_data_file:file create_file_perms;
 
   set_prop(subsystem_ramdump, ssr_prop)
 ')