Merge "SEPolicy: Changes for new stack dumping scheme." into oc-dev-plus-aosp
This commit is contained in:
TreeHugger Robot
Android (Google) Code Review
commit
6d9f42f073
6 changed files with 43 additions and 6 deletions
|
|
@ -138,10 +138,22 @@ allow appdomain shortcut_manager_icons:file { getattr read };
|
|||
# Read icon file (opened by system).
|
||||
allow appdomain icon_file:file { getattr read };
|
||||
|
||||
# Write to /data/anr/traces.txt.
|
||||
# Old stack dumping scheme : append to a global trace file (/data/anr/traces.txt).
|
||||
#
|
||||
# TODO: All of these permissions except for anr_data_file:file append can be
|
||||
# withdrawn once we've switched to the new stack dumping mechanism, see b/32064548
|
||||
# and the rules below.
|
||||
allow appdomain anr_data_file:dir search;
|
||||
allow appdomain anr_data_file:file { open append };
|
||||
|
||||
# New stack dumping scheme : request an output FD from tombstoned via a unix
|
||||
# domain socket.
|
||||
#
|
||||
# Allow apps to connect and write to the tombstoned java trace socket in
|
||||
# order to dump their traces.
|
||||
unix_socket_connect(appdomain, tombstoned_java_trace, tombstoned)
|
||||
allow appdomain tombstoned:fd use;
|
||||
|
||||
# Allow apps to send dump information to dumpstate
|
||||
allow appdomain dumpstate:fd use;
|
||||
allow appdomain dumpstate:unix_stream_socket { read write getopt getattr shutdown };
|
||||
|
|
|
|||
|
|
@ -144,6 +144,7 @@
|
|||
/dev/socket/rild u:object_r:rild_socket:s0
|
||||
/dev/socket/rild-debug u:object_r:rild_debug_socket:s0
|
||||
/dev/socket/tombstoned_crash u:object_r:tombstoned_crash_socket:s0
|
||||
/dev/socket/tombstoned_java_trace u:object_r:tombstoned_java_trace_socket:s0
|
||||
/dev/socket/tombstoned_intercept u:object_r:tombstoned_intercept_socket:s0
|
||||
/dev/socket/uncrypt u:object_r:uncrypt_socket:s0
|
||||
/dev/socket/vold u:object_r:vold_socket:s0
|
||||
|
|
|
|||
|
|
@ -330,9 +330,22 @@ allow system_server asec_apk_file:file create_file_perms;
|
|||
allow system_server asec_public_file:file create_file_perms;
|
||||
|
||||
# Manage /data/anr.
|
||||
#
|
||||
# TODO: Some of these permissions can be withdrawn once we've switched to the
|
||||
# new stack dumping mechanism, see b/32064548 and the rules below. In particular,
|
||||
# the system_server should never need to create a new anr_data_file:file or write
|
||||
# to one, but it will still need to read and append to existing files.
|
||||
allow system_server anr_data_file:dir create_dir_perms;
|
||||
allow system_server anr_data_file:file create_file_perms;
|
||||
|
||||
# New stack dumping scheme : request an output FD from tombstoned via a unix
|
||||
# domain socket.
|
||||
#
|
||||
# Allow system_server to connect and write to the tombstoned java trace socket in
|
||||
# order to dump its traces.
|
||||
unix_socket_connect(system_server, tombstoned_java_trace, tombstoned)
|
||||
allow system_server tombstoned:fd use;
|
||||
|
||||
# Read /data/misc/incidents - only read. The fd will be sent over binder,
|
||||
# with no DAC access to it, for dropbox to read.
|
||||
allow system_server incident_data_file:file read;
|
||||
|
|
|
|||
|
|
@ -769,14 +769,19 @@ neverallow {
|
|||
# Processes that can't exec crash_dump
|
||||
-mediacodec
|
||||
-mediaextractor
|
||||
} tombstoned:unix_stream_socket connectto;
|
||||
} tombstoned_crash_socket:unix_stream_socket connectto;
|
||||
|
||||
neverallow {
|
||||
domain
|
||||
-crash_dump
|
||||
-mediacodec
|
||||
-mediaextractor
|
||||
} tombstoned_crash_socket:sock_file write;
|
||||
|
||||
# Never allow anyone except dumpstate or the system server to connect or write to
|
||||
# the tombstoned intercept socket.
|
||||
neverallow { domain -dumpstate -system_server } tombstoned_intercept_socket:sock_file write;
|
||||
neverallow { domain -dumpstate -system_server } tombstoned_intercept_socket:unix_stream_socket connectto;
|
||||
|
||||
# Android does not support System V IPCs.
|
||||
#
|
||||
|
|
|
|||
|
|
@ -271,6 +271,7 @@ type rild_debug_socket, file_type;
|
|||
type system_wpa_socket, file_type, coredomain_socket;
|
||||
type system_ndebug_socket, file_type, coredomain_socket, mlstrustedobject;
|
||||
type tombstoned_crash_socket, file_type, coredomain_socket, mlstrustedobject;
|
||||
type tombstoned_java_trace_socket, file_type, mlstrustedobject;
|
||||
type tombstoned_intercept_socket, file_type, coredomain_socket;
|
||||
type uncrypt_socket, file_type, coredomain_socket;
|
||||
type vold_socket, file_type, coredomain_socket;
|
||||
|
|
|
|||
|
|
@ -10,8 +10,13 @@ allow tombstoned domain:dir r_dir_perms;
|
|||
allow tombstoned domain:file r_file_perms;
|
||||
allow tombstoned tombstone_data_file:dir rw_dir_perms;
|
||||
allow tombstoned tombstone_data_file:file create_file_perms;
|
||||
allow tombstoned anr_data_file:file { getattr append };
|
||||
|
||||
# TODO: Find out why this is happening.
|
||||
allow tombstoned anr_data_file:file write;
|
||||
auditallow tombstoned anr_data_file:file write;
|
||||
# TODO: Remove append / write permissions. They were temporarily
|
||||
# granted due to a bug which appears to have been fixed.
|
||||
allow tombstoned anr_data_file:file { append write };
|
||||
auditallow tombstoned anr_data_file:file { append write };
|
||||
|
||||
# Changes for the new stack dumping mechanism. Each trace goes into a
|
||||
# separate file, and these files are managed by tombstoned.
|
||||
allow tombstoned anr_data_file:dir rw_dir_perms;
|
||||
allow tombstoned anr_data_file:file { getattr open create };
|
||||
|
|
|
|||
Loading…
Reference in a new issue