update new sdk

2020-07-15 19:27:51 +08:00 · 2020-07-15 19:27:51 +08:00 · 744c72c133
commit 744c72c133
parent f33907443a
1643 changed files with 83006 additions and 28021 deletions
--- a/android/system/sepolicy/prebuilts/api/26.0/nonplat_sepolicy.cil
+++ b/android/system/sepolicy/prebuilts/api/26.0/nonplat_sepolicy.cil
--- a/android/system/sepolicy/prebuilts/api/26.0/private/bg_kmsg.te
+++ b/android/system/sepolicy/prebuilts/api/26.0/private/bg_kmsg.te
@ -0,0 +1,3 @@
+typeattribute bg_kmsg coredomain;
+
+init_daemon_domain(bg_kmsg)
--- a/android/system/sepolicy/prebuilts/api/26.0/private/file_contexts
+++ b/android/system/sepolicy/prebuilts/api/26.0/private/file_contexts
@ -266,6 +266,7 @@
 /system/etc/selinux/plat_sepolicy.cil       u:object_r:sepolicy_file:s0
 /system/etc/selinux/plat_and_mapping_sepolicy\.cil\.sha256 u:object_r:sepolicy_file:s0
 /system/bin/vr_hwc               u:object_r:vr_hwc_exec:s0
+/system/bin/bg_kmsg.sh u:object_r:bg_kmsg_exec:s0

 #############################
 # Vendor files
--- a/android/system/sepolicy/prebuilts/api/26.0/private/init.te
+++ b/android/system/sepolicy/prebuilts/api/26.0/private/init.te
@ -17,6 +17,8 @@ domain_trans(init, { rootfs toolbox_exec }, modprobe)
 # case where logpersistd is actually logcat -f in logd context (nee: logcatd)
 userdebug_or_eng(`
  domain_auto_trans(init, logcat_exec, logpersist)
+  allow init misc_logd_file:dir { remove_name };
+  allow init misc_logd_file:file { read unlink };
 ')

 # Creating files on sysfs is impossible so this isn't a threat
--- a/android/system/sepolicy/prebuilts/api/26.0/private/logpersist.te
+++ b/android/system/sepolicy/prebuilts/api/26.0/private/logpersist.te
@ -20,5 +20,5 @@ userdebug_or_eng(`

 # logpersist is allowed to write to /data/misc/log for userdebug and eng builds
 neverallow logpersist { file_type userdebug_or_eng(`-misc_logd_file -coredump_file') }:file { create write append };
-neverallow { domain -init userdebug_or_eng(`-logpersist -logd -dumpstate') } misc_logd_file:file no_rw_file_perms;
-neverallow { domain -init userdebug_or_eng(`-logpersist -logd') } misc_logd_file:dir { add_name link relabelfrom remove_name rename reparent rmdir write };
+neverallow { domain -init userdebug_or_eng(`-logpersist -logd -dumpstate -bg_kmsg') } misc_logd_file:file no_rw_file_perms;
+neverallow { domain -init userdebug_or_eng(`-logpersist -logd -bg_kmsg') } misc_logd_file:dir { add_name link relabelfrom remove_name rename reparent rmdir write };
--- a/android/system/sepolicy/prebuilts/api/26.0/public/bg_kmsg.te
+++ b/android/system/sepolicy/prebuilts/api/26.0/public/bg_kmsg.te
@ -0,0 +1,18 @@
+type bg_kmsg, domain;
+type bg_kmsg_exec, exec_type, file_type;
+
+
+
+userdebug_or_eng(`
+	allow bg_kmsg self:capability dac_override;
+	allow bg_kmsg shell_exec:file rx_file_perms;
+	allow bg_kmsg system_file:file rx_file_perms;
+	allow bg_kmsg toolbox_exec:file rx_file_perms;
+
+	allow bg_kmsg misc_logd_file:file create_file_perms;
+	allow bg_kmsg misc_logd_file:dir rw_dir_perms;
+
+	allow bg_kmsg self:capability2 syslog;
+	allow bg_kmsg proc:file {read open};
+	allow bg_kmsg kernel:system syslog_mod;
+')