tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

perfetto: don't audit isatty() check on shell pipes

Browse source 
CTS runs are being polluted by denial logs from the best-effort isatty (
-> TCGETS ioctl) check done by the perfetto's log formatter.

This patch suppresses the denial.

I believe that what's actually being denied is the ioctl itself, NOT the
TCGETS aspect of it (there is a domain-wide fifo_file TCGETS allowxperms
rule in domain.te:303). But the "dontauditxerms" suppresses the denial
anyway.

Bug: 159988048
Merged-In: Ieee1d7de8b023dd632d0e37afa3a2434cfd1a3a1
Change-Id: Ieee1d7de8b023dd632d0e37afa3a2434cfd1a3a1
(cherry picked from commit 8519c6d316)
This commit is contained in:
Ryan Savitski 2020-06-22 19:35:14 +01:00
parent 837e1f9bc7
commit 58c8751cf7
2 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
prebuilts/api/30.0/private/perfetto.te
View file

@ -54,6 +54,8 @@ dontauditxperm perfetto adbd:unix_stream_socket ioctl unpriv_tty_ioctls;
# As above, when adbd is running in "su" domain (only the ioctl is denied in
# practice).
dontauditxperm perfetto su:unix_stream_socket ioctl unpriv_tty_ioctls;
# Similarly, CTS tests end up hitting a denial on shell pipes.
dontauditxperm perfetto shell:fifo_file ioctl unpriv_tty_ioctls;
###
### Neverallow rules

2
private/perfetto.te
View file

@ -54,6 +54,8 @@ dontauditxperm perfetto adbd:unix_stream_socket ioctl unpriv_tty_ioctls;
# As above, when adbd is running in "su" domain (only the ioctl is denied in
# practice).
dontauditxperm perfetto su:unix_stream_socket ioctl unpriv_tty_ioctls;
# Similarly, CTS tests end up hitting a denial on shell pipes.
dontauditxperm perfetto shell:fifo_file ioctl unpriv_tty_ioctls;
###
### Neverallow rules