Allowing incidentd to get stack traces from processes. am: 985db6d8dd

am: 5f98693a77

Change-Id: Iaeaaeb8195e2ffcbf148b1764d57d4e1c7da6f4f
This commit is contained in:
Kweku Adams 2018-04-04 09:13:58 -07:00 committed by android-build-merger
commit 49733255fb
7 changed files with 49 additions and 13 deletions

View file

@ -9,6 +9,7 @@ neverallow {
domain
-vold
-dumpstate
userdebug_or_eng(`-incidentd')
-storaged
-system_server
userdebug_or_eng(`-perfprofd')

View file

@ -46,32 +46,47 @@ userdebug_or_eng(`allow incidentd pstorefs:file r_file_perms');
allow incidentd incident_data_file:dir rw_dir_perms;
allow incidentd incident_data_file:file create_file_perms;
# Get process attributes
# TODO allow incidentd domain:process getattr;
# Enable incidentd to get stack traces.
binder_use(incidentd)
hwbinder_use(incidentd)
allow incidentd hwservicemanager:hwservice_manager { list };
get_prop(incidentd, hwservicemanager_prop)
allow incidentd hidl_manager_hwservice:hwservice_manager { find };
# Read files in /proc
allow incidentd {
proc_cmdline
proc_pipe_conf
proc_stat
}:file r_file_perms;
# Signal java processes to dump their stack and get the results
# TODO allow incidentd { appdomain ephemeral_app system_server }:process signal;
# TODO allow incidentd anr_data_file:dir create_dir_perms;
# TODO allow incidentd anr_data_file:file create_file_perms;
allow incidentd { appdomain ephemeral_app system_server }:process signal;
# Signal native processes to dump their stack.
# This list comes from native_processes_to_dump in incidentd/utils.c
allow incidentd {
# This list comes from native_processes_to_dump in dumputils/dump_utils.cpp
audioserver
cameraserver
drmserver
inputflinger
mediacodec
mediadrmserver
mediaextractor
mediametrics
mediaserver
sdcardd
statsd
surfaceflinger
# This list comes from hal_interfaces_to_dump in dumputils/dump_utils.cpp
hal_audio_server
hal_bluetooth_server
hal_camera_server
hal_graphics_composer_server
hal_sensors_server
hal_vr_server
mediacodec # TODO(b/36375899): hal_omx_server
}:process signal;
# Allow incidentd to make binder calls to any binder service
@ -79,7 +94,18 @@ binder_call(incidentd, system_server)
binder_call(incidentd, appdomain)
# Reading /proc/PID/maps of other processes
# TODO allow incidentd self:global_capability_class_set sys_ptrace;
userdebug_or_eng(`allow incidentd self:global_capability_class_set { sys_ptrace }');
# incidentd has capability sys_ptrace, but should only use that capability for
# accessing sensitive /proc/PID files, never for using ptrace attach.
neverallow incidentd *:process ptrace;
allow incidentd self:global_capability_class_set {
# Send signals to processes
kill
};
# Connect to tombstoned to intercept dumps.
unix_socket_connect(incidentd, tombstoned_intercept, tombstoned)
# Run a shell.
allow incidentd shell_exec:file rx_file_perms;

View file

@ -372,10 +372,11 @@ allow system_server anr_data_file:file create_file_perms;
#
# Allow system_server to connect and write to the tombstoned java trace socket in
# order to dump its traces. Also allow the system server to write its traces to
# dumpstate during bugreport capture.
# dumpstate during bugreport capture and incidentd during incident collection.
unix_socket_connect(system_server, tombstoned_java_trace, tombstoned)
allow system_server tombstoned:fd use;
allow system_server dumpstate:fifo_file append;
allow system_server incidentd:fifo_file append;
# Read /data/misc/incidents - only read. The fd will be sent over binder,
# with no DAC access to it, for dropbox to read.

View file

@ -150,6 +150,7 @@ allow appdomain anr_data_file:file { open append };
unix_socket_connect(appdomain, tombstoned_java_trace, tombstoned)
allow appdomain tombstoned:fd use;
allow appdomain dumpstate:fifo_file append;
allow appdomain incidentd:fifo_file append;
# Allow apps to send dump information to dumpstate
allow appdomain dumpstate:fd use;
@ -157,6 +158,10 @@ allow appdomain dumpstate:unix_stream_socket { read write getopt getattr shutdow
allow appdomain dumpstate:fifo_file { write getattr };
allow appdomain shell_data_file:file { write getattr };
# Allow apps to send dump information to incidentd
allow appdomain incidentd:fd use;
allow appdomain incidentd:fifo_file { write getattr };
# Write profiles /data/misc/profiles
allow appdomain user_profile_data_file:dir { search write add_name };
allow appdomain user_profile_data_file:file create_file_perms;

View file

@ -1036,6 +1036,7 @@ neverallow {
-tombstoned
-crash_dump
-dumpstate
-incidentd
-system_server
# Processes that can't exec crash_dump
@ -1043,10 +1044,10 @@ neverallow {
-mediaextractor
} tombstoned_crash_socket:unix_stream_socket connectto;
# Never allow anyone except dumpstate or the system server to connect or write to
# Never allow anyone except dumpstate, incidentd, or the system server to connect or write to
# the tombstoned intercept socket.
neverallow { domain -dumpstate -system_server } tombstoned_intercept_socket:sock_file write;
neverallow { domain -dumpstate -system_server } tombstoned_intercept_socket:unix_stream_socket connectto;
neverallow { domain -dumpstate -incidentd -system_server } tombstoned_intercept_socket:sock_file write;
neverallow { domain -dumpstate -incidentd -system_server } tombstoned_intercept_socket:unix_stream_socket connectto;
# Android does not support System V IPCs.
#

View file

@ -57,7 +57,7 @@ allow dumpstate { appdomain system_server }:process signal;
# Signal native processes to dump their stack.
allow dumpstate {
# This list comes from native_processes_to_dump in dumpstate/utils.c
# This list comes from native_processes_to_dump in dumputils/dump_utils.c
audioserver
cameraserver
drmserver
@ -69,7 +69,7 @@ allow dumpstate {
sdcardd
surfaceflinger
# This list comes from hal_interfaces_to_dump in dumpstate/utils.c
# This list comes from hal_interfaces_to_dump in dumputils/dump_utils.c
hal_audio_server
hal_bluetooth_server
hal_camera_server

View file

@ -499,8 +499,10 @@ userdebug_or_eng(`
')
allow $1 anr_data_file:file append;
allow $1 dumpstate:fd use;
allow $1 incidentd:fd use;
# TODO: Figure out why write is needed.
allow $1 dumpstate:fifo_file { append write };
allow $1 incidentd:fifo_file { append write };
allow $1 system_server:fifo_file { append write };
allow $1 tombstoned:unix_stream_socket connectto;
allow $1 tombstoned:fd use;