platform_system_sepolicy/private/runas_app.te

33 lines
1.4 KiB
Text
Raw Normal View History

typeattribute runas_app coredomain;
app_domain(runas_app)
untrusted_app_domain(runas_app)
net_domain(runas_app)
bluetooth_domain(runas_app)
# The ability to call exec() on files in the apps home directories
# when using run-as on a debuggable app. Used to run lldb/ndk-gdb/simpleperf,
# which are copied to the apps home directories.
allow runas_app app_data_file:file execute_no_trans;
# Allow lldb/ndk-gdb/simpleperf to read maps of debuggable app processes.
r_dir_file(runas_app, untrusted_app_all)
# Allow lldb/ndk-gdb/simpleperf to ptrace attach to debuggable app processes.
allow runas_app untrusted_app_all:process { ptrace sigkill signal sigstop };
allow runas_app untrusted_app_all:unix_stream_socket connectto system/sepolicy commit ffa2b61330c93bac780cde9eb5bc72ae60cd910b introduced the runas_app SELinux domain, which changed how we perform debugging and profiling of Android applications. This broke Android Studio's profiling tool. Android Studio's profiling tool has the run-as spawned application connect to an app created unix domain sockets in the abstract namespace. Note: this differs from system/sepolicy commit 3e5668f173374a98ff13b94523960c5bf14c8b72, which allows connections in the reverse direction (from app to runas_app). That change (b/123297648) was made for a different part of Android Studio, Android Studio Instant Run. Addresses the following denial: 2019-02-08 00:59:14.563 15560-15560/? W/connector: type=1400 audit(0.0:645): avc: denied { connectto } for path=00436C69656E74 scontext=u:r:runas_app:s0:c188,c256,c512,c768 tcontext=u:r:untrusted_app_27:s0:c188,c256,c512,c768 tclass=unix_stream_socket permissive=0 app=com.example.hellojni (hex decode of 00436C69656E74 is "Client") 2019-01-31 17:25:16.060 19975-19975/? W/transport: type=1400 audit(0.0:8146): avc: denied { connectto } for path=00416E64726F696453747564696F5472616E73706F72744167656E743139383839 scontext=u:r:runas_app:s0:c512,c768 tcontext=u:r:untrusted_app_25:s0:c512,c768 tclass=unix_stream_socket permissive=0 app=com.example.android.displayingbitmaps (hex decode of 00416E64726F696453747564696F5472616E73706F72744167656E743139383839 is "AndroidStudioTransportAgent19889") Bug: 120445954 Test: manual Change-Id: I9ca1c338dcbc75cb3fbd7bf93a348f9276363dc1
2019-02-08 20:30:13 +01:00
allow runas_app untrusted_app_all:unix_stream_socket connectto;
2020-01-10 20:02:43 +01:00
# Allow executing system image simpleperf without a domain transition.
allow runas_app simpleperf_exec:file rx_file_perms;
# Suppress denial logspam when simpleperf is trying to find a matching process
# by scanning /proc/<pid>/cmdline files. The /proc/<pid> directories are within
# the same domain as their respective process, most of which this domain is not
# allowed to see.
dontaudit runas_app domain:dir search;
# Allow runas_app to call perf_event_open for profiling debuggable app
# processes, but not the whole system.
allow runas_app self:perf_event { open read write kernel };
neverallow runas_app self:perf_event ~{ open read write kernel };