logd: allow access to system files

- allow access for /data/system/packages.xml.
- deprecate access to /dev/logd_debug (can use /dev/kmsg for debugging)
- allow access to /dev/socket/logd for 'logd --reinit'

Bug: 19681572
Change-Id: Iac57fff1aabc3b061ad2cc27969017797f8bef54

file.te

@@ -142,7 +142,6 @@ type fwmarkd_socket, file_type, mlstrustedobject;
 type gps_socket, file_type;
 type installd_socket, file_type;
 type lmkd_socket, file_type;
-type logd_debug, file_type, mlstrustedobject;
 type logd_socket, file_type, mlstrustedobject;
 type logdr_socket, file_type, mlstrustedobject;
 type logdw_socket, file_type, mlstrustedobject;

file_contexts

@@ -86,7 +86,6 @@
 /dev/socket/gps		u:object_r:gps_socket:s0
 /dev/socket/installd	u:object_r:installd_socket:s0
 /dev/socket/lmkd        u:object_r:lmkd_socket:s0
-/dev/logd_debug		u:object_r:logd_debug:s0
 /dev/socket/logd	u:object_r:logd_socket:s0
 /dev/socket/logdr	u:object_r:logdr_socket:s0
 /dev/socket/logdw	u:object_r:logdw_socket:s0

logd.te

@@ -9,18 +9,14 @@ allow logd self:capability2 syslog;
 allow logd self:netlink_audit_socket { create_socket_perms nlmsg_write };
 allow logd kernel:system syslog_read;
 allow logd kmsg_device:chr_file w_file_perms;
+allow logd system_data_file:file r_file_perms;
 
 r_dir_file(logd, domain)
 
-userdebug_or_eng(`
-  # Debug output
-  type_transition logd device:file logd_debug;
-  allow logd device:dir rw_dir_perms;
-  allow logd logd_debug:file create_file_perms;
-')
-
 allow logd kernel:system syslog_mod;
 
+control_logd(logd)
+
 ###
 ### Neverallow rules
 ###

te_macros

@@ -301,9 +301,6 @@ define(`userdebug_or_eng', ifelse(target_build_variant, `eng', $1, ifelse(target
 # Ability to write to android log
 # daemon via sockets
 define(`write_logd', `
-userdebug_or_eng(`
-  allow $1 logd_debug:file w_file_perms;
-')
 unix_socket_send($1, logdw, logd)
 allow $1 pmsg_device:chr_file w_file_perms;
 ')