From 034f5840a25528bf2de2d26140c7a6424b8cd7c0 Mon Sep 17 00:00:00 2001 From: Narayan Kamath Date: Fri, 23 Jun 2017 17:36:26 +0100 Subject: [PATCH] DO NOT MERGE ANYWHERE Revert "SEPolicy: Changes for new stack dumping scheme." NOTE: This change is marked dnma because we don't want it on oc-dr1-dev-plus-aosp or any other downstream branch. Moreover, oc-dr1-dev-plus-aosp is the only outgoing merger from oc-dr1-dev for this project. This reverts commit 11bfcc1e96d9ede3d5aaa586630d154e73a7214a. Bug: 62908344 Test: make Change-Id: Ide61829cf99f15777c46f657a0e140d594f88243 --- private/app.te | 18 +----------------- private/file_contexts | 1 - private/system_server.te | 15 --------------- public/domain.te | 7 +------ public/file.te | 1 - public/tombstoned.te | 13 ++++--------- 6 files changed, 6 insertions(+), 49 deletions(-) diff --git a/private/app.te b/private/app.te index 25dbdb70b..f127b986e 100644 --- a/private/app.te +++ b/private/app.te @@ -138,26 +138,10 @@ allow appdomain shortcut_manager_icons:file { getattr read }; # Read icon file (opened by system). allow appdomain icon_file:file { getattr read }; -# Old stack dumping scheme : append to a global trace file (/data/anr/traces.txt). -# -# TODO: All of these permissions except for anr_data_file:file append can be -# withdrawn once we've switched to the new stack dumping mechanism, see b/32064548 -# and the rules below. +# Write to /data/anr/traces.txt. allow appdomain anr_data_file:dir search; allow appdomain anr_data_file:file { open append }; -# New stack dumping scheme : request an output FD from tombstoned via a unix -# domain socket. -# -# Allow apps to connect and write to the tombstoned java trace socket in -# order to dump their traces. Also allow them to append traces to pipes -# created by dumptrace. (Also see the rules below where they are given -# additional permissions to dumpstate pipes for other aspects of bug report -# creation). -unix_socket_connect(appdomain, tombstoned_java_trace, tombstoned) -allow appdomain tombstoned:fd use; -allow appdomain dumpstate:fifo_file append; - # Allow apps to send dump information to dumpstate allow appdomain dumpstate:fd use; allow appdomain dumpstate:unix_stream_socket { read write getopt getattr shutdown }; diff --git a/private/file_contexts b/private/file_contexts index e541a7de9..4e09491a4 100644 --- a/private/file_contexts +++ b/private/file_contexts @@ -145,7 +145,6 @@ /dev/socket/rild u:object_r:rild_socket:s0 /dev/socket/rild-debug u:object_r:rild_debug_socket:s0 /dev/socket/tombstoned_crash u:object_r:tombstoned_crash_socket:s0 -/dev/socket/tombstoned_java_trace u:object_r:tombstoned_java_trace_socket:s0 /dev/socket/tombstoned_intercept u:object_r:tombstoned_intercept_socket:s0 /dev/socket/uncrypt u:object_r:uncrypt_socket:s0 /dev/socket/vold u:object_r:vold_socket:s0 diff --git a/private/system_server.te b/private/system_server.te index 99dc66314..5e7da2fd0 100644 --- a/private/system_server.te +++ b/private/system_server.te @@ -330,24 +330,9 @@ allow system_server asec_apk_file:file create_file_perms; allow system_server asec_public_file:file create_file_perms; # Manage /data/anr. -# -# TODO: Some of these permissions can be withdrawn once we've switched to the -# new stack dumping mechanism, see b/32064548 and the rules below. In particular, -# the system_server should never need to create a new anr_data_file:file or write -# to one, but it will still need to read and append to existing files. allow system_server anr_data_file:dir create_dir_perms; allow system_server anr_data_file:file create_file_perms; -# New stack dumping scheme : request an output FD from tombstoned via a unix -# domain socket. -# -# Allow system_server to connect and write to the tombstoned java trace socket in -# order to dump its traces. Also allow the system server to write its traces to -# dumpstate during bugreport capture. -unix_socket_connect(system_server, tombstoned_java_trace, tombstoned) -allow system_server tombstoned:fd use; -allow system_server dumpstate:fifo_file append; - # Read /data/misc/incidents - only read. The fd will be sent over binder, # with no DAC access to it, for dropbox to read. allow system_server incident_data_file:file read; diff --git a/public/domain.te b/public/domain.te index 67e792b50..bdba9291a 100644 --- a/public/domain.te +++ b/public/domain.te @@ -780,19 +780,14 @@ neverallow { # Processes that can't exec crash_dump -mediacodec -mediaextractor -} tombstoned_crash_socket:unix_stream_socket connectto; - +} tombstoned:unix_stream_socket connectto; neverallow { domain -crash_dump -mediacodec -mediaextractor } tombstoned_crash_socket:sock_file write; - -# Never allow anyone except dumpstate or the system server to connect or write to -# the tombstoned intercept socket. neverallow { domain -dumpstate -system_server } tombstoned_intercept_socket:sock_file write; -neverallow { domain -dumpstate -system_server } tombstoned_intercept_socket:unix_stream_socket connectto; # Android does not support System V IPCs. # diff --git a/public/file.te b/public/file.te index bf8223a5e..79f2c09e7 100644 --- a/public/file.te +++ b/public/file.te @@ -272,7 +272,6 @@ type rild_debug_socket, file_type; type system_wpa_socket, file_type, coredomain_socket; type system_ndebug_socket, file_type, coredomain_socket, mlstrustedobject; type tombstoned_crash_socket, file_type, coredomain_socket, mlstrustedobject; -type tombstoned_java_trace_socket, file_type, mlstrustedobject; type tombstoned_intercept_socket, file_type, coredomain_socket; type uncrypt_socket, file_type, coredomain_socket; type vold_socket, file_type, coredomain_socket; diff --git a/public/tombstoned.te b/public/tombstoned.te index cf3ddcba9..37243bb66 100644 --- a/public/tombstoned.te +++ b/public/tombstoned.te @@ -10,13 +10,8 @@ allow tombstoned domain:dir r_dir_perms; allow tombstoned domain:file r_file_perms; allow tombstoned tombstone_data_file:dir rw_dir_perms; allow tombstoned tombstone_data_file:file create_file_perms; +allow tombstoned anr_data_file:file { getattr append }; -# TODO: Remove append / write permissions. They were temporarily -# granted due to a bug which appears to have been fixed. -allow tombstoned anr_data_file:file { append write }; -auditallow tombstoned anr_data_file:file { append write }; - -# Changes for the new stack dumping mechanism. Each trace goes into a -# separate file, and these files are managed by tombstoned. -allow tombstoned anr_data_file:dir rw_dir_perms; -allow tombstoned anr_data_file:file { getattr open create }; +# TODO: Find out why this is happening. +allow tombstoned anr_data_file:file write; +auditallow tombstoned anr_data_file:file write;