From b7246ac0b624da3cc65586f3a9aa255e6c959262 Mon Sep 17 00:00:00 2001
From: Steven Moreland <smoreland@google.com>
Date: Thu, 10 Jan 2019 13:59:37 -0800
Subject: [PATCH] system/etc/event-log-tags available to all

This was a regression in Q, and the file is an implementation of
liblog.

Bug: 113083310
Test: use tags from vendor and see no denials

Change-Id: I726cc1fcfad39afc197b21e431a687a3e4c8ee4a
---
 private/compat/28.0/28.0.ignore.cil | 1 +
 private/file_contexts               | 1 +
 public/domain.te                    | 3 +++
 public/file.te                      | 2 ++
 4 files changed, 7 insertions(+)

diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index 7a0dafa45..569ea1eef 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -80,6 +80,7 @@
     sensor_privacy_service
     server_configurable_flags_data_file
     super_block_device
+    system_event_log_tags_file
     system_lmk_prop
     system_suspend_hwservice
     staging_data_file
diff --git a/private/file_contexts b/private/file_contexts
index 853d0a709..196c762f2 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -287,6 +287,7 @@
 /system/bin/hw/android\.frameworks\.bufferhub@1\.0-service    u:object_r:fwk_bufferhub_exec:s0
 /system/bin/hw/android\.hidl\.allocator@1\.0-service          u:object_r:hal_allocator_default_exec:s0
 /system/bin/hw/android\.system\.suspend@1\.0-service          u:object_r:hal_system_suspend_default_exec:s0
+/system/etc/event-log-tags              u:object_r:system_event_log_tags_file:s0
 /system/etc/ld\.config.*                u:object_r:system_linker_config_file:s0
 /system/etc/seccomp_policy(/.*)?        u:object_r:system_seccomp_policy_file:s0
 /system/etc/security/cacerts(/.*)?      u:object_r:system_security_cacerts_file:s0
diff --git a/public/domain.te b/public/domain.te
index ab6610f14..6592c7ce5 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -125,6 +125,8 @@ allow domain system_linker_exec:file { execute read open getattr map };
 allow domain system_linker_config_file:file r_file_perms;
 allow domain system_lib_file:file { execute read open getattr map };
 
+allow domain system_event_log_tags_file:file r_file_perms;
+
 allow { appdomain coredomain } system_file:file { execute read open getattr map };
 
 # Make sure system/vendor split doesn not affect non-treble
@@ -1032,6 +1034,7 @@ full_treble_only(`
     -file_contexts_file
     -netutils_wrapper_exec
     -property_contexts_file
+    -system_event_log_tags_file
     -system_lib_file
     with_asan(`-system_asan_options_file')
     -system_linker_exec
diff --git a/public/file.te b/public/file.te
index 86a85dc61..2d266107a 100644
--- a/public/file.te
+++ b/public/file.te
@@ -135,6 +135,8 @@ type unlabeled, file_type;
 type system_file, system_file_type, file_type;
 # Default type for /system/asan.options
 type system_asan_options_file, system_file_type, file_type;
+# Type for /system/etc/event-log-tags (liblog implementation detail)
+type system_event_log_tags_file, system_file_type, file_type;
 # Default type for anything under /system/lib[64].
 type system_lib_file, system_file_type, file_type;
 # Default type for linker executable /system/bin/linker[64].
-- 
GitLab