2018-11-02 22:34:06 +01:00
|
|
|
typeattribute runas_app coredomain;
|
|
|
|
|
|
|
|
app_domain(runas_app)
|
|
|
|
untrusted_app_domain(runas_app)
|
|
|
|
net_domain(runas_app)
|
|
|
|
bluetooth_domain(runas_app)
|
|
|
|
|
2018-12-21 19:03:50 +01:00
|
|
|
# The ability to call exec() on files in the apps home directories
|
2019-01-08 01:37:24 +01:00
|
|
|
# when using run-as on a debuggable app. Used to run lldb/ndk-gdb/simpleperf,
|
|
|
|
# which are copied to the apps home directories.
|
2018-12-21 19:03:50 +01:00
|
|
|
allow runas_app app_data_file:file execute_no_trans;
|
2019-01-08 01:37:24 +01:00
|
|
|
|
|
|
|
# Allow lldb/ndk-gdb/simpleperf to read maps of debuggable app processes.
|
|
|
|
r_dir_file(runas_app, untrusted_app_all)
|
|
|
|
|
|
|
|
# Allow lldb/ndk-gdb/simpleperf to ptrace attach to debuggable app processes.
|
2023-01-20 09:02:19 +01:00
|
|
|
allow runas_app untrusted_app_all:process { ptrace sigkill signal sigstop };
|
allow runas_app untrusted_app_all:unix_stream_socket connectto
system/sepolicy commit ffa2b61330c93bac780cde9eb5bc72ae60cd910b
introduced the runas_app SELinux domain, which changed how we perform
debugging and profiling of Android applications. This broke Android
Studio's profiling tool.
Android Studio's profiling tool has the run-as spawned application
connect to an app created unix domain sockets in the
abstract namespace.
Note: this differs from system/sepolicy commit
3e5668f173374a98ff13b94523960c5bf14c8b72, which allows connections in
the reverse direction (from app to runas_app). That change (b/123297648)
was made for a different part of Android Studio, Android Studio Instant
Run.
Addresses the following denial:
2019-02-08 00:59:14.563 15560-15560/? W/connector: type=1400 audit(0.0:645): avc: denied { connectto } for path=00436C69656E74 scontext=u:r:runas_app:s0:c188,c256,c512,c768 tcontext=u:r:untrusted_app_27:s0:c188,c256,c512,c768 tclass=unix_stream_socket permissive=0 app=com.example.hellojni
(hex decode of 00436C69656E74 is "Client")
2019-01-31 17:25:16.060 19975-19975/? W/transport: type=1400 audit(0.0:8146): avc: denied { connectto } for path=00416E64726F696453747564696F5472616E73706F72744167656E743139383839 scontext=u:r:runas_app:s0:c512,c768 tcontext=u:r:untrusted_app_25:s0:c512,c768 tclass=unix_stream_socket permissive=0 app=com.example.android.displayingbitmaps
(hex decode of
00416E64726F696453747564696F5472616E73706F72744167656E743139383839
is "AndroidStudioTransportAgent19889")
Bug: 120445954
Test: manual
Change-Id: I9ca1c338dcbc75cb3fbd7bf93a348f9276363dc1
2019-02-08 20:30:13 +01:00
|
|
|
allow runas_app untrusted_app_all:unix_stream_socket connectto;
|
2020-01-10 20:02:43 +01:00
|
|
|
|
|
|
|
# Allow executing system image simpleperf without a domain transition.
|
|
|
|
allow runas_app simpleperf_exec:file rx_file_perms;
|
|
|
|
|
|
|
|
# Suppress denial logspam when simpleperf is trying to find a matching process
|
|
|
|
# by scanning /proc/<pid>/cmdline files. The /proc/<pid> directories are within
|
|
|
|
# the same domain as their respective process, most of which this domain is not
|
|
|
|
# allowed to see.
|
|
|
|
dontaudit runas_app domain:dir search;
|
|
|
|
|
|
|
|
# Allow runas_app to call perf_event_open for profiling debuggable app
|
|
|
|
# processes, but not the whole system.
|
|
|
|
allow runas_app self:perf_event { open read write kernel };
|
|
|
|
neverallow runas_app self:perf_event ~{ open read write kernel };
|