Dumpstate: Fix selinux permission error for hal_dumpstate_impl

Dumpstate for marlin has been broken since hidlization because of selinux permission For modem log, create the property(ro.radio.log_loc) so that dumpstate refer this prop to read the modem logs. Test: generated dumpstate-board.txt without any permission error Bug: 31982882 Fixes: 34076823 Change-Id: Iddb3a7c4e89bd6ac890aa89e2cad2e8c67e77bcc Signed-off-by: Ecco Park <eccopark@google.com>
LineageOS · Jan 28, 2017 · eb95c13 · eb95c13
1 parent 6118bcb
commit eb95c13
Show file tree

Hide file tree

Showing 9 changed files with 88 additions and 21 deletions.
diff --git a/device-common.mk b/device-common.mk
@@ -322,7 +322,8 @@ PRODUCT_PROPERTY_OVERRIDES += \
 ifneq (,$(filter userdebug eng, $(TARGET_BUILD_VARIANT)))
 PRODUCT_PROPERTY_OVERRIDES += \
     persist.radio.smlog_switch=1 \
-    ro.radio.log_prefix="htc_smlog_"
+    ro.radio.log_prefix="htc_smlog_" \
+    ro.radio.log_loc="/data/smlog_dump"
 endif
 
 # Set snapshot timer to 3 second

diff --git a/dumpstate/DumpstateDevice.cpp b/dumpstate/DumpstateDevice.cpp
@@ -28,6 +28,7 @@
 #include "DumpstateUtil.h"
 
 #define MODEM_LOG_PREFIX_PROPERTY "ro.radio.log_prefix"
+#define MODEM_LOG_LOC_PROPERTY "ro.radio.log_loc"
 #define MODEM_LOGGING_SWITCH "persist.radio.smlog_switch"
 
 using android::os::dumpstate::CommandOptions;
@@ -46,33 +47,30 @@ namespace {
 static void getModemLogs(int fd)
 {
     bool modemLogsEnabled = 0;
-
+    std::string modem_log_dir = android::base::GetProperty(MODEM_LOG_LOC_PROPERTY, "");
+    if (modem_log_dir.empty()) {
+        ALOGD("No modem log place is set\n");
+        return;
+    }
     /* Check if smlog_dump tool exist */
-    if (!PropertiesHelper::IsUserBuild() && !access("/system/bin/smlog_dump", F_OK)) {
+    if (!PropertiesHelper::IsUserBuild() && !access("/system/bin/smlog_dump", X_OK)) {
         modemLogsEnabled = android::base::GetBoolProperty(MODEM_LOGGING_SWITCH, false);
 
         /* Execute SMLOG DUMP if SMLOG is enabled */
         if (modemLogsEnabled) {
-            // TODO: uses a temporary path instead
-            std::string bugreportDir = "/bugreports";
-            CommandOptions options = CommandOptions::WithTimeout(120).AsRoot().Build();
-            RunCommandToFd(fd, "SMLOG DUMP", { "smlog_dump", "-d", "-o", bugreportDir.c_str() }, options);
-
+            CommandOptions options = CommandOptions::WithTimeout(120).Build();
+            RunCommandToFd(fd, "SMLOG DUMP", { "smlog_dump", "-d", "-o", modem_log_dir.c_str() }, options);
             // Remove smlog folders older than 10 days.
             std::string filePrefix = android::base::GetProperty(MODEM_LOG_PREFIX_PROPERTY, "");
             if (!filePrefix.empty()) {
 
                 std::string removeCommand = "/system/bin/find " +
-                    bugreportDir + "/" + filePrefix + "* -mtime +10 -delete";
+                    modem_log_dir + "/" + filePrefix + "* -mtime +10 -delete";
 
                 RunCommandToFd(fd, "RM OLD SMLOG",
-                              { "/system/bin/sh", "-c", removeCommand.c_str()},
-                              CommandOptions::AS_ROOT);
+                { "/system/bin/sh", "-c", removeCommand.c_str() });
             }
         }
-        RunCommandToFd(fd, "RM OLD SMLOG",
-                      { "/system/bin/sh", "-c", "/system/bin/find /data/smlog_* -delete" },
-                      CommandOptions::AS_ROOT);
     }
 }
 
@@ -98,18 +96,17 @@ Return<void> DumpstateDevice::dumpstateBoard(const hidl_handle& handle) {
     DumpFileToFd(fd, "RPM Stats", "/d/rpm_stats");
     DumpFileToFd(fd, "Power Management Stats", "/d/rpm_master_stats");
     DumpFileToFd(fd, "SMD Log", "/d/ipc_logging/smd/log");
-    RunCommandToFd(fd, "ION HEAPS", {"/system/bin/sh", "-c", "for d in $(ls -d /d/ion/*); do for f in $(ls $d); do echo --- $d/$f; cat $d/$f; done; done"}, CommandOptions::AS_ROOT);
+    RunCommandToFd(fd, "ION HEAPS", {"/system/bin/sh", "-c", "for d in $(ls -d /d/ion/*); do for f in $(ls $d); do echo --- $d/$f; cat $d/$f; done; done"});
     DumpFileToFd(fd, "dmabuf info", "/d/dma_buf/bufinfo");
-    RunCommandToFd(fd, "Temperatures", {"/system/bin/sh", "-c", "for f in `ls /sys/class/thermal` ; do type=`cat /sys/class/thermal/$f/type` ; temp=`cat /sys/class/thermal/$f/temp` ; echo \"$type: $temp\" ; done"}, CommandOptions::AS_ROOT);
+    RunCommandToFd(fd, "Temperatures", {"/system/bin/sh", "-c", "for f in `ls /sys/class/thermal` ; do type=`cat /sys/class/thermal/$f/type` ; temp=`cat /sys/class/thermal/$f/temp` ; echo \"$type: $temp\" ; done"});
     DumpFileToFd(fd, "cpu0-1 time-in-state", "/sys/devices/system/cpu/cpu0/cpufreq/stats/time_in_state");
-    RunCommandToFd(fd, "cpu0-1 cpuidle", {"/system/bin/sh", "-c", "for d in $(ls -d /sys/devices/system/cpu/cpu0/cpuidle/state*); do echo \"$d: `cat $d/name` `cat $d/desc` `cat $d/time` `cat $d/usage`\"; done"}, CommandOptions::AS_ROOT);
+    RunCommandToFd(fd, "cpu0-1 cpuidle", {"/system/bin/sh", "-c", "for d in $(ls -d /sys/devices/system/cpu/cpu0/cpuidle/state*); do echo \"$d: `cat $d/name` `cat $d/desc` `cat $d/time` `cat $d/usage`\"; done"});
     DumpFileToFd(fd, "cpu2-3 time-in-state", "/sys/devices/system/cpu/cpu2/cpufreq/stats/time_in_state");
-    RunCommandToFd(fd, "cpu2-3 cpuidle", {"/system/bin/sh", "-c", "for d in $(ls -d /sys/devices/system/cpu/cpu2/cpuidle/state*); do echo \"$d: `cat $d/name` `cat $d/desc` `cat $d/time` `cat $d/usage`\"; done"}, CommandOptions::AS_ROOT);
+    RunCommandToFd(fd, "cpu2-3 cpuidle", {"/system/bin/sh", "-c", "for d in $(ls -d /sys/devices/system/cpu/cpu2/cpuidle/state*); do echo \"$d: `cat $d/name` `cat $d/desc` `cat $d/time` `cat $d/usage`\"; done"});
     DumpFileToFd(fd, "MDP xlogs", "/d/mdp/xlog/dump");
-    RunCommandToFd(fd, "RAMDUMP LIST", {"/system/bin/sh", "-c", "cat /data/data/com.android.ramdump/files/RAMDUMP_LIST"}, CommandOptions::AS_ROOT);
 
     /* Check if qsee_logger tool exists */
-    if (!access("/system/bin/qsee_logger", F_OK)) {
+    if (!access("/system/bin/qsee_logger", X_OK)) {
       RunCommandToFd(fd, "FP LOGS", {"qsee_logger", "-d"});
     }
 

diff --git a/init.common.diag.rc.userdebug b/init.common.diag.rc.userdebug
@@ -5,6 +5,8 @@ on post-fs-data
     mkdir /data/diag_logs 0777 system system
     # WLAN logging collection
     mkdir /data/cnss_diag 0777 system system
+    # SM DUMP logging collection
+    mkdir /data/smlog_dump 0777 system system
 
     # Copy OEM adb_keys if /data/misc/adb/adb_keys does not exist
     copy /data/misc/adb/adb_keys /data/misc/adb/adb_keys_temp

diff --git a/sepolicy/dumpstate.te b/sepolicy/dumpstate.te
@@ -0,0 +1,4 @@
+userdebug_or_eng(`
+allow dumpstate smlog_dump_file:dir create_dir_perms;
+allow dumpstate smlog_dump_file:file create_file_perms;
+')
diff --git a/sepolicy/file.te b/sepolicy/file.te
@@ -6,6 +6,7 @@ type firmware_file, fs_type, contextmount_type;
 # /data
 type diag_logs, file_type, data_file_type, mlstrustedobject;
 type cnss_diag_data_file, file_type, data_file_type, mlstrustedobject;
+type smlog_dump_file, file_type, data_file_type;
 type location_data_file, file_type, data_file_type;
 type perfd_data_file, file_type, data_file_type;
 type ramdump_data_file, file_type, data_file_type, mlstrustedobject;
@@ -33,6 +34,12 @@ type sysfs_power_management, sysfs_type, fs_type;
 type debugfs_msm_core, debugfs_type, fs_type;
 type debugfs_rmt_storage, debugfs_type, fs_type;
 type debugfs_sps, debugfs_type, fs_type;
+type debugfs_rpm, debugfs_type, fs_type;
+type debugfs_ipc, debugfs_type, fs_type;
+type debugfs_bufinfo, debugfs_type, fs_type;
+type debugfs_mdp, debugfs_type, fs_type;
+type debugfs_ion, debugfs_type, fs_type;
+type debugfs_qsee_log, debugfs_type, fs_type;
 
 # /proc
 type proc_kernel_sched, fs_type;

diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
@@ -109,6 +109,8 @@
 /system/bin/subsystem_ramdump      u:object_r:subsystem_ramdump_exec:s0
 /system/bin/ssr_setup              u:object_r:ssr_setup_exec:s0
 /system/bin/ramdump                u:object_r:htc_ramdump_exec:s0
+/system/bin/smlog_dump             u:object_r:smlog_dump_exec:s0
+/system/bin/qsee_logger            u:object_r:qsee_logger_exec:s0
 
 /system/bin/init\.mid\.sh          u:object_r:init_mid_exec:s0
 /system/bin/init\.power\.sh        u:object_r:init_power_exec:s0
@@ -134,6 +136,8 @@
 /sys/module/msm_core(/.*)?                       u:object_r:sysfs_msm_core:s0
 /sys/devices/soc/70000\.qcom,msm-core(/.*)?      u:object_r:sysfs_msm_core:s0
 /sys/module/msm_thermal(/.*)?                    u:object_r:sysfs_thermal:s0
+/sys/class/thermal(/.*)?                         u:object_r:sysfs_thermal:s0
+/sys/class/uio(/.*)?                             u:object_r:sysfs_uio:s0
 /sys/module/msm_performance(/.*)?                u:object_r:sysfs_perf:s0
 /sys/devices/virtual/net(/.*)?                   u:object_r:sysfs_net:s0
 /sys/module/subsystem_restart(/.*)?              u:object_r:sysfs_msm_subsys_restart:s0
@@ -166,10 +170,18 @@
 /sys/kernel/debug/msm_core(/.*)?                 u:object_r:debugfs_msm_core:s0
 /sys/kernel/debug/rmt_storage(/.*)?              u:object_r:debugfs_rmt_storage:s0
 /sys/kernel/debug/sps(/.*)?                      u:object_r:debugfs_sps:s0
+/sys/kernel/debug/rpm_stats                      u:object_r:debugfs_rpm:s0
+/sys/kernel/debug/rpm_master_stats               u:object_r:debugfs_rpm:s0
+/sys/kernel/debug/ipc_logging(/.*)?              u:object_r:debugfs_ipc:s0
+/sys/kernel/debug/dma_buf/bufinfo                u:object_r:debugfs_bufinfo:s0
+/sys/kernel/debug/mdp/xlog/dump                  u:object_r:debugfs_mdp:s0
+/sys/kernel/debug/tzdbg/qsee_log                 u:object_r:debugfs_qsee_log:s0
+/sys/kernel/debug/ion(/.*)?                      u:object_r:debugfs_ion:s0
 
 # /data
 /data/diag_logs(/.*)?            u:object_r:diag_logs:s0
 /data/cnss_diag(/.*)?            u:object_r:cnss_diag_data_file:s0
+/data/smlog_dump(/.*)?           u:object_r:smlog_dump_file:s0
 /data/nfc(/.*)?                  u:object_r:nfc_data_file:s0
 /data/time(/.*)?                 u:object_r:time_data_file:s0
 /data/ramdump(/.*)?              u:object_r:ramdump_data_file:s0

diff --git a/sepolicy/hal_dumpstate_impl.te b/sepolicy/hal_dumpstate_impl.te
@@ -5,4 +5,40 @@ type hal_dumpstate_impl_exec, exec_type, file_type;
 init_daemon_domain(hal_dumpstate_impl)
 
 # supress audit messages for attempting access to /firmware
-dontaudit dumpstate firmware_file:dir search;
+dontaudit hal_dumpstate_impl firmware_file:dir search;
+
+# Execute dump scripts
+allow hal_dumpstate_impl shell_exec:file rx_file_perms;
+allow hal_dumpstate_impl toolbox_exec:file rx_file_perms;
+# system file execution
+#allow hal_dumpstate_impl system_data_file:dir r_dir_perms;
+
+# smlog_dump
+allow hal_dumpstate_impl smlog_dump_exec:file rx_file_perms;
+userdebug_or_eng(`
+allow hal_dumpstate_impl smlog_dump_file:dir rw_dir_perms;
+allow hal_dumpstate_impl smlog_dump_file:file create_file_perms;
+')
+allow hal_dumpstate_impl uio_device:chr_file rw_file_perms;
+r_dir_file(hal_dumpstate_impl, sysfs_uio)
+r_dir_file(hal_dumpstate_impl, sysfs_rmtfs)
+r_dir_file(hal_dumpstate_impl, sysfs_msm_subsys)
+
+# Access to files for dumping
+allow hal_dumpstate_impl  sysfs:dir r_dir_perms;
+# rpm stat
+allow hal_dumpstate_impl debugfs_rpm:file r_file_perms;
+allow hal_dumpstate_impl debugfs_bufinfo:file r_file_perms;
+# qsee_logger
+allow hal_dumpstate_impl qsee_logger_exec:file rx_file_perms;
+allow hal_dumpstate_impl debugfs_qsee_log:file r_file_perms;
+# MDP logs
+allow hal_dumpstate_impl debugfs_mdp:file r_file_perms;
+# ION HEAPS
+r_dir_file(hal_dumpstate_impl, debugfs_ion)
+# ipc
+r_dir_file(hal_dumpstate_impl, debugfs_ipc)
+# Temperatures
+r_dir_file(hal_dumpstate_impl, sysfs_thermal)
+# CPU stat
+r_dir_file(hal_dumpstate_impl, sysfs_devices_system_cpu)
diff --git a/sepolicy/qsee_logger.te b/sepolicy/qsee_logger.te
@@ -0,0 +1 @@
+type qsee_logger_exec, exec_type, file_type;
diff --git a/sepolicy/smlog_dump.te b/sepolicy/smlog_dump.te
@@ -0,0 +1,7 @@
+type smlog_dump_exec, exec_type, file_type;
+
+type smlog_dump, domain;
+allow smlog_dump smlog_dump_file:dir r_dir_perms;
+allow smlog_dump smlog_dump_file:file create_file_perms;
+r_dir_file(smlog_dump, sysfs_uio)
+r_dir_file(smlog_dump, sysfs_rmtfs)