public/logpersist.te - LeafOS-Project/android_system_sepolicy - Gitiles

 # android debug logging, logpersist domains
 type logpersist, domain;

 ###
 ### Neverallow rules
 ###
 ### logpersist should NEVER do any of this

 # Block device access.
 neverallow logpersist dev_type:blk_file { read write };

 # ptrace any other app
 neverallow logpersist domain:process ptrace;

 # Write to files in /data/data or system files on /data except misc_logd_file
 neverallow logpersist { app_data_file system_data_file }:dir_file_class_set write;

 # Only init is allowed to enter the logpersist domain via exec()
 #neverallow { domain -init } logpersist:process transition;
 #neverallow * logpersist:process dyntransition;
	# android debug logging, logpersist domains
	type logpersist, domain;

	###
	### Neverallow rules
	###
	### logpersist should NEVER do any of this

	# Block device access.
	neverallow logpersist dev_type:blk_file { read write };

	# ptrace any other app
	neverallow logpersist domain:process ptrace;

	# Write to files in /data/data or system files on /data except misc_logd_file
	neverallow logpersist { app_data_file system_data_file }:dir_file_class_set write;

	# Only init is allowed to enter the logpersist domain via exec()
	#neverallow { domain -init } logpersist:process transition;
	#neverallow * logpersist:process dyntransition;