Merge "Adding a traceur_app domain to remove it from shell"

2018-01-09 03:55:34 +00:00 · 2018-01-09 03:55:34 +00:00 · 64a0f9288d
commit 64a0f9288d
parent e1b73b141b 4ea5569f53
7 changed files with 42 additions and 3 deletions
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@ -53,6 +53,8 @@
    timezone_service
    tombstoned_java_trace_socket
    tombstone_wifi_data_file
+    traceur_app
+    traceur_app_tmpfs
    update_engine_log_data_file
    vendor_init
    vold_prepare_subdirs
--- a/private/domain.te
+++ b/private/domain.te
@ -72,6 +72,7 @@ full_treble_only(`
    -init
    userdebug_or_eng(`-perfprofd')
    -shell
+    userdebug_or_eng(`-traceur_app')
    -vendor_init
  } debugfs_tracing:file no_rw_file_perms;

--- a/private/seapp_contexts
+++ b/private/seapp_contexts
@ -95,6 +95,7 @@ neverallow user=shell domain=((?!shell).)*
 neverallow isEphemeralApp=true domain=((?!ephemeral_app).)*

 isSystemServer=true domain=system_server
+user=_app seinfo=platform name=com.android.traceur domain=traceur_app type=app_data_file levelFrom=all
 user=system seinfo=platform domain=system_app type=system_app_data_file
 user=bluetooth seinfo=platform domain=bluetooth type=bluetooth_data_file
 user=nfc seinfo=platform domain=nfc type=nfc_data_file
--- a/private/statsd.te
+++ b/private/statsd.te
@ -51,7 +51,7 @@ binder_call(statsd, stats)
 ### neverallow rules
 ###

-# Only system_server, system_app, and stats command can find the stats service.
+# Only system_server, system_app, traceur_app, and stats command can find the stats service.
 neverallow {
  domain
  -dumpstate
@ -60,6 +60,7 @@ neverallow {
  -statsd
  -system_app
  -system_server
+  userdebug_or_eng(`-traceur_app')
 } stats_service:service_manager find;

 # Only statsd and the other root services in limited circumstances.
--- a/private/traceur_app.te
+++ b/private/traceur_app.te
@ -0,0 +1,7 @@
+typeattribute traceur_app coredomain;
+
+userdebug_or_eng(`
+  app_domain(traceur_app);
+  allow traceur_app debugfs_tracing:file r_file_perms;
+  allow traceur_app atrace_exec:file rx_file_perms;
+')
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@ -272,8 +272,14 @@ allow dumpstate self:netlink_generic_socket create_socket_perms_no_ioctl;
 # accessing sensitive /proc/PID files, never for using ptrace attach.
 neverallow dumpstate *:process ptrace;

-# only system_server, dumpstate and shell can find the dumpstate service
-neverallow { domain -system_server -shell -dumpstate } dumpstate_service:service_manager find;
+# only system_server, dumpstate, traceur_app and shell can find the dumpstate service
+neverallow {
+  domain
+  -system_server
+  -shell
+  userdebug_or_eng(`-traceur_app')
+  -dumpstate
+} dumpstate_service:service_manager find;

 # Dumpstate should not be writing to any generically labeled sysfs files.
 # Create a specific label for the file type
--- a/public/traceur_app.te
+++ b/public/traceur_app.te
@ -0,0 +1,21 @@
+type traceur_app, domain;
+
+userdebug_or_eng(`
+  allow traceur_app servicemanager:service_manager list;
+  allow traceur_app hwservicemanager:hwservice_manager list;
+
+  set_prop(traceur_app, debug_prop)
+
+  allow traceur_app {
+    service_manager_type
+    -gatekeeper_service
+    -incident_service
+    -installd_service
+    -netd_service
+    -virtual_touchpad_service
+    -vold_service
+    -vr_hwc_service
+  }:service_manager find;
+
+  dontaudit traceur_app domain:binder call;
+')