tee_client/system/tlogcat.te

# Copyright (c) 2023 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License

type tlogcat, native_system_domain, domain;

allow tlogcat dev_tee_log:chr_file { read open ioctl };
allow tlogcat data_log:dir { create search setattr getattr read open write add_name remove_name relabelto rmdir };
#avc:  denied  { ioctl } for  pid=677 comm="tlogcat" path="/data/log/tee/teeOS_log-0" dev="sdd80" ino=125 ioctlcmd=0x5413 scontext=u:r:tlogcat:s0 tcontext=u:object_r:data_log:s0 tclass=file permissive=1
allow tlogcat data_log:file { open read write getattr setattr append rename create unlink ioctl };
allow tlogcat data_log:lnk_file { getattr };

#avc:  denied  { read } for  pid=654 comm="tlogcat" name="u:object_r:debug_param:s0" dev="tmpfs" ino=74 scontext=u:r:tlogcat:s0 tcontext=u:object_r:debug_param:s0 tclass=file permissive=1
#avc:  denied  { open } for  pid=654 comm="tlogcat" path="/dev/__parameters__/u:object_r:debug_param:s0" dev="tmpfs" ino=74 scontext=u:r:tlogcat:s0 tcontext=u:object_r:debug_param:s0 tclass=file permissive=1
#avc:  denied  { map } for  pid=654 comm="tlogcat" path="/dev/__parameters__/u:object_r:debug_param:s0" dev="tmpfs" ino=74 scontext=u:r:tlogcat:s0 tcontext=u:object_r:debug_param:s0 tclass=file permissive=1
allow tlogcat debug_param:file { read open map };
#avc:  denied  { search } for  pid=677 comm="tlogcat" name="/" dev="sdd80" ino=3 scontext=u:r:tlogcat:s0 tcontext=u:object_r:data_file:s0 tclass=dir permissive=1
allow tlogcat data_file:dir { search };
#avc:  denied  { search } for  pid=677 comm="tlogcat" name="socket" dev="tmpfs" ino=38 scontext=u:r:tlogcat:s0 tcontext=u:object_r:dev_unix_socket:s0 tclass=dir permissive=1
allow tlogcat dev_unix_socket:dir { search };
#avc:  denied  { read } for  pid=677 comm="tlogcat" name="u:object_r:hilog_param:s0" dev="tmpfs" ino=63 scontext=u:r:tlogcat:s0 tcontext=u:object_r:hilog_param:s0 tclass=file permissive=1
#avc:  denied  { open } for  pid=677 comm="tlogcat" path="/dev/__parameters__/u:object_r:hilog_param:s0" dev="tmpfs" ino=63 scontext=u:r:tlogcat:s0 tcontext=u:object_r:hilog_param:s0 tclass=file permissive=1
#avc:  denied  { map } for  pid=677 comm="tlogcat" path="/dev/__parameters__/u:object_r:hilog_param:s0" dev="tmpfs" ino=63 scontext=u:r:tlogcat:s0 tcontext=u:object_r:hilog_param:s0 tclass=file permissive=1
allow tlogcat hilog_param:file { map open read };
#avc:  denied  { read } for  pid=677 comm="tlogcat" name="overcommit_memory" dev="proc" ino=3092 scontext=u:r:tlogcat:s0 tcontext=u:object_r:proc_file:s0 tclass=file permissive=1
#avc:  denied  { open } for  pid=677 comm="tlogcat" path="/proc/sys/vm/overcommit_memory" dev="proc" ino=3092 scontext=u:r:tlogcat:s0 tcontext=u:object_r:proc_file:s0 tclass=file permissive=1
allow tlogcat proc_file:file { open read };
#avc:  denied  { entrypoint } for  pid=677 comm="init" path="/system/bin/tlogcat" dev="sdd76" ino=428 scontext=u:r:tlogcat:s0 tcontext=u:object_r:system_bin_file:s0 tclass=file permissive=1
#avc:  denied  { map } for  pid=677 comm="tlogcat" path="/system/bin/tlogcat" dev="sdd76" ino=428 scontext=u:r:tlogcat:s0 tcontext=u:object_r:system_bin_file:s0 tclass=file permissive=1
#avc:  denied  { read } for  pid=677 comm="tlogcat" path="/system/bin/tlogcat" dev="sdd76" ino=428 scontext=u:r:tlogcat:s0 tcontext=u:object_r:system_bin_file:s0 tclass=file permissive=1
#avc:  denied  { execute } for  pid=677 comm="tlogcat" path="/system/bin/tlogcat" dev="sdd76" ino=428 scontext=u:r:tlogcat:s0 tcontext=u:object_r:system_bin_file:s0 tclass=file permissive=1
allow tlogcat system_bin_file:file { entrypoint execute map read };

typeattribute tlogcat public_violator_data_log_dir_createwrite;
typeattribute tlogcat public_violator_data_log_file_createwrite;