From 98bdcd0076ecb52d12cfb576e6d2aeca32657ad2 Mon Sep 17 00:00:00 2001
From: Ecco Park <eccopark@google.com>
Date: Thu, 14 Sep 2017 16:32:21 -0700
Subject: [PATCH] selinux: add the BT logging permission for Pixel logger on
 marlin

Denial message:

09-13 18:55:11.249  7554  7577 W libc    : Unable to set property
"persist.service.bdroid.snooplog" to "true": error code: 0x18
09-13 18:55:11.250  7554  7577 E AndroidRuntime: FATAL EXCEPTION:
LoggingService
09-13 18:55:11.250  7554  7577 E AndroidRuntime: Process:
com.android.pixellogger, PID: 7554
09-13 18:55:11.250  7554  7577 E AndroidRuntime:
java.lang.RuntimeException: failed to set system property
09-13 18:55:11.250  7554  7577 E AndroidRuntime: 	at
android.os.SystemProperties.native_set(Native Method)
09-13 18:55:11.250  7554  7577 E AndroidRuntime: 	at
android.os.SystemProperties.set(SystemProperties.java:171)
09-13 18:55:11.250  7554  7577 E AndroidRuntime: 	at
com.android.pixellogger.data.logger.vendor.qct.ModemLogger$1.onStart(ModemLogger.java:79)
09-13 18:55:11.250  7554  7577 E AndroidRuntime: 	at
com.android.pixellogger.data.logger.vendor.qct.ModemLogger.lambda$startLogging$0$ModemLogger(ModemLogger.java:186)
09-13 18:55:11.250  7554  7577 E AndroidRuntime: 	at
com.android.pixellogger.data.logger.vendor.qct.ModemLogger$$Lambda$0.accept(Unknown
Source:6)
09-13 18:55:11.250  7554  7577 E AndroidRuntime: 	at
java.util.HashMap.forEach(HashMap.java:1292)
09-13 18:55:11.250  7554  7577 E AndroidRuntime: 	at
com.android.pixellogger.data.logger.vendor.qct.ModemLogger.startLogging(ModemLogger.java:183)
09-13 18:55:11.250  7554  7577 E AndroidRuntime: 	at
com.android.pixellogger.service.logging.LoggingService$StartLoggingRunnable.run(LoggingService.java:458)
09-13 18:55:11.250  7554  7577 E AndroidRuntime: 	at
android.os.Handler.handleCallback(Handler.java:790)
09-13 18:55:11.250  7554  7577 E AndroidRuntime: 	at
android.os.Handler.dispatchMessage(Handler.java:99)
09-13 18:55:11.250  7554  7577 E AndroidRuntime: 	at
android.os.Looper.loop(Looper.java:164)
09-13 18:55:11.250  7554  7577 E AndroidRuntime: 	at
android.os.HandlerThread.run(HandlerThread.java:65)
09-13 18:55:11.251  1147  2530 W ActivityManager:   Force finishing
activity com.android.pixellogger/.ui.main.MainActivity
09-13 18:55:11.257  1147  1206 I ActivityManager: Showing crash dialog
for package com.android.pixellogger u0
09-13 21:38:45.198  2084  2084 W wcnss_filter: type=1400
audit(0.0:1174):
avc: denied { read } for name="timestamp_switch" dev="sysfs" ino=27539
scontext=u:r:wcnss_filter:s0
tcontext=u:object_r:sysfs_timestamp_switch:s0 tclass=file permissive=0

09-13 21:30:50.451  2031  2031 W wcnss_filter: type=1400
audit(0.0:1390): avc: denied { search } for name="diagchar" dev="sysfs"
ino=27213 scontext=u:r:wcnss_filter:s0 tcontext=u:object_r:sysfs_diag:s0
tclass=dir permissive=0

Change-Id: I201ea77dd7e46fb75e7066cda1db7aca0d66c73a
Signed-off-by: Ecco Park <eccopark@google.com>
---
 init.common.diag.rc.userdebug | 9 +++++++++
 sepolicy/file.te              | 1 +
 sepolicy/genfs_contexts       | 1 +
 sepolicy/logger_app.te        | 1 +
 sepolicy/property.te          | 1 +
 sepolicy/property_contexts    | 1 +
 sepolicy/wcnss_filter.te      | 2 ++
 7 files changed, 16 insertions(+)

diff --git a/init.common.diag.rc.userdebug b/init.common.diag.rc.userdebug
index a678b810d..d792b498d 100644
--- a/init.common.diag.rc.userdebug
+++ b/init.common.diag.rc.userdebug
@@ -125,3 +125,12 @@ on property:persist.sys.crash_rcu=true
 
 on property:persist.sys.crash_rcu=false
     write /proc/sys/kernel/panic_on_rcu_stall 0
+
+
+on property:sys.logger.bluetooth=true
+   setprop persist.service.bdroid.snooplog true
+   setprop persist.service.bdroid.fwsnoop true
+
+on property:sys.logger.bluetooth=false
+   setprop persist.service.bdroid.snooplog false
+   setprop persist.service.bdroid.fwsnoop false
diff --git a/sepolicy/file.te b/sepolicy/file.te
index a7f02af0d..b18705b44 100644
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -36,6 +36,7 @@ type sysfs_soc, sysfs_type, fs_type, mlstrustedobject;
 type sysfs_timestamp_switch, sysfs_type, fs_type;
 type sysfs_video, sysfs_type, fs_type;
 type sysfs_wifi, sysfs_type, fs_type, mlstrustedobject;
+type sysfs_diag, fs_type, sysfs_type;
 
 # debugfs
 type debugfs_msm_core, debugfs_type, fs_type;
diff --git a/sepolicy/genfs_contexts b/sepolicy/genfs_contexts
index 2517b9011..9e1bee18b 100644
--- a/sepolicy/genfs_contexts
+++ b/sepolicy/genfs_contexts
@@ -54,6 +54,7 @@ genfscon sysfs /devices/soc/qpnp-smbcharger-16/power_supply/battery/capacity u:o
 genfscon sysfs /devices/virtual/timed_output/vibrator/voltage_level   u:object_r:sysfs_vibrator:s0
 genfscon sysfs /module/diagchar/parameters/timestamp_switch           u:object_r:sysfs_timestamp_switch:s0
 genfscon sysfs /devices/soc/qpnp-smbcharger-16/power_supply/battery/system_temp_level u:object_r:sysfs_msm_subsys:s0
+genfscon sysfs /module/diagchar                       u:object_r:sysfs_diag:s0
 
 # debugfs
 genfscon debugfs /kgsl/proc                u:object_r:debugfs_kgsl:s0
diff --git a/sepolicy/logger_app.te b/sepolicy/logger_app.te
index 2813feb2d..5d87df77f 100644
--- a/sepolicy/logger_app.te
+++ b/sepolicy/logger_app.te
@@ -17,4 +17,5 @@ userdebug_or_eng(`
   allow logger_app cnss_vendor_data_file:file create_file_perms;
 
   set_prop(logger_app, cnss_diag_prop);
+  set_prop(logger_app, bluetooth_log_prop)
 ')
diff --git a/sepolicy/property.te b/sepolicy/property.te
index 5866416b3..91bb598ca 100644
--- a/sepolicy/property.te
+++ b/sepolicy/property.te
@@ -9,3 +9,4 @@ type thermal_prop, property_type;
 type ramdump_prop, property_type;
 type sys_time_prop, property_type;
 type post_boot_prop, property_type;
+type bluetooth_log_prop, property_type;
diff --git a/sepolicy/property_contexts b/sepolicy/property_contexts
index 325b4cde1..68e9df431 100644
--- a/sepolicy/property_contexts
+++ b/sepolicy/property_contexts
@@ -14,3 +14,4 @@ sys.qcom.thermalcfg        u:object_r:thermal_prop:s0
 ctl.thermal-engine         u:object_r:thermal_prop:s0
 sys.time.set               u:object_r:sys_time_prop:s0
 sys.post_boot.parsed       u:object_r:post_boot_prop:s0
+sys.logger.bluetooth       u:object_r:bluetooth_log_prop:s0
diff --git a/sepolicy/wcnss_filter.te b/sepolicy/wcnss_filter.te
index 2b949b33e..e96fa320f 100644
--- a/sepolicy/wcnss_filter.te
+++ b/sepolicy/wcnss_filter.te
@@ -15,6 +15,8 @@ allow wcnss_filter proc_sysrq:file w_file_perms;
 # access to /dev/diag on debug builds
 userdebug_or_eng(`
   allow wcnss_filter diag_device:chr_file rw_file_perms;
+  allow wcnss_filter sysfs_timestamp_switch:file r_file_perms;
+  r_dir_file(wcnss_filter, sysfs_diag)
 ')
 
 # Allow reading Bluetooth-related system properties