1typeattribute logd coredomain; 2 3init_daemon_domain(logd) 4 5# Access device logging gating property 6get_prop(logd, device_logging_prop) 7 8# logd is not allowed to write anywhere other than /data/misc/logd, and then 9# only on userdebug or eng builds 10neverallow logd { 11 file_type 12 -runtime_event_log_tags_file 13 userdebug_or_eng(`-coredump_file -misc_logd_file') 14 with_native_coverage(`-method_trace_data_file') 15}:file { create write append }; 16 17# protect the event-log-tags file 18neverallow { 19 domain 20 -appdomain # covered below 21 -bootstat 22 -dumpstate 23 -init 24 -logd 25 userdebug_or_eng(`-logpersist') 26 -servicemanager 27 -system_server 28 -surfaceflinger 29 -zygote 30} runtime_event_log_tags_file:file no_rw_file_perms; 31 32neverallow { 33 appdomain 34 -bluetooth 35 -platform_app 36 -priv_app 37 -radio 38 -shell 39 userdebug_or_eng(`-su') 40 -system_app 41} runtime_event_log_tags_file:file no_rw_file_perms; 42