From 6c689e84388ee85ef0203c064bf20dc8eb8339af Mon Sep 17 00:00:00 2001 From: Florian Mayer Date: Wed, 14 Feb 2024 10:54:58 -0800 Subject: [PATCH] Allow shell and adb to read tombstones tombstones are now openable by these domains: allow adbd tombstone_data_file:dir { getattr ioctl lock open read search watch watch_reads }; allow adbd tombstone_data_file:file { getattr ioctl lock map open read watch watch_reads }; allow dumpstate tombstone_data_file:dir { getattr ioctl lock open read search watch watch_reads }; allow dumpstate tombstone_data_file:file { getattr ioctl lock map open read watch watch_reads }; allow init tombstone_data_file:dir { add_name create getattr ioctl open read relabelfrom relabelto remove_name rmdir search setattr write }; allow init tombstone_data_file:fifo_file { create getattr open read relabelfrom relabelto setattr unlink }; allow init tombstone_data_file:file { create getattr map open read relabelfrom relabelto setattr unlink write }; allow init tombstone_data_file:sock_file { create getattr open read relabelfrom relabelto setattr unlink }; allow shell tombstone_data_file:dir { getattr ioctl lock open read search watch watch_reads }; allow shell tombstone_data_file:file { getattr ioctl lock map open read watch watch_reads }; allow system_server tombstone_data_file:dir { add_name getattr ioctl lock open read remove_name search watch watch_reads write }; allow system_server tombstone_data_file:file { append create getattr ioctl lock map open read rename setattr unlink watch watch_reads write }; allow tombstoned tombstone_data_file:dir { add_name getattr ioctl lock open read remove_name search watch watch_reads write }; allow tombstoned tombstone_data_file:file { append create getattr ioctl link lock map open read rename setattr unlink watch watch_reads write }; Test: adb unroot, ls, cat, adb pull Bug: 312740614 Change-Id: I4a1af4fbdc48c5c5f4b0b33f124cea31af74dd87 --- private/adbd.te | 4 ++++ private/app.te | 4 ++-- private/shell.te | 4 ++++ 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/private/adbd.te b/private/adbd.te index d72d5b118..e735222b9 100644 --- a/private/adbd.te +++ b/private/adbd.te @@ -226,6 +226,10 @@ allow adbd staging_data_file:file r_file_perms; # Allow adbd to pull /apex/apex-info-list.xml for CTS tests. allow adbd apex_info_file:file r_file_perms; +# allow reading tombstones. users can already use bugreports to get those. +allow adbd tombstone_data_file:dir r_dir_perms; +allow adbd tombstone_data_file:file r_file_perms; + ### ### Neverallow rules ### diff --git a/private/app.te b/private/app.te index 1ef6ceb95..95b85dbd9 100644 --- a/private/app.te +++ b/private/app.te @@ -132,9 +132,9 @@ allow appdomain apex_art_data_file:dir r_dir_perms; allow appdomain apex_art_data_file:file rx_file_perms; # Allow access to tombstones if an fd to one is given to you. -# This is restricted by unix permissions, so an app must go through system_server to get one. +# An app cannot open the tombstone itself because it lacks `open`. allow appdomain tombstone_data_file:file { getattr read }; -neverallow appdomain tombstone_data_file:file ~{ getattr read }; +neverallow { appdomain -shell } tombstone_data_file:file ~{ getattr read }; # Execute the shell or other system executables. allow { appdomain -ephemeral_app -sdk_sandbox_all } shell_exec:file rx_file_perms; diff --git a/private/shell.te b/private/shell.te index bfcd5acd3..60684f48e 100644 --- a/private/shell.te +++ b/private/shell.te @@ -17,6 +17,10 @@ userdebug_or_eng(` # read config.gz for CTS purposes allow shell config_gz:file r_file_perms; +# allow reading tombstones. users can already use bugreports to get those. +allow shell tombstone_data_file:dir r_dir_perms; +allow shell tombstone_data_file:file r_file_perms; + # Run app_process. # XXX Transition into its own domain? app_domain(shell)