Merge "Microdroid sepolicy changes to handle crash export"

This commit is contained in:
Shikha Panwar 2023-03-21 18:14:12 +00:00 committed by Gerrit Code Review
commit 9d34facd25
11 changed files with 13 additions and 77 deletions

View file

@ -22,11 +22,11 @@ allow crash_dump exec_type:file r_file_perms;
# Read all /vendor
r_dir_file(crash_dump, vendor_file)
# Talk to tombstoned
unix_socket_connect(crash_dump, tombstoned_crash, tombstoned)
# Allow crash_dump to write on vsock - required for writing tombstones in microdroid
allow crash_dump self:vsock_socket { connect create write };
# Append to tombstone files.
allow crash_dump tombstone_data_file:file { append getattr };
# Allow crash_dump to get microdroid_config_prop - required to deduce whether to write tombstones
get_prop(crash_dump, microdroid_config_prop)
# Crash dump is not intended to access the following files. Since these
# are WAI, suppress the denials to clean up the logs.

View file

@ -394,11 +394,6 @@ neverallow { domain -init -vendor_init } vendor_default_prop:property_service se
neverallow { domain -init } build_prop:property_service set;
neverallow { domain -init -init_debug_policy } debuggable_prop:property_service set;
# Never allow anyone to connect or write to
# the tombstoned intercept socket.
neverallow { domain } tombstoned_intercept_socket:sock_file write;
neverallow { domain } tombstoned_intercept_socket:unix_stream_socket connectto;
# Android does not support System V IPCs.
#
# The reason for this is due to the fact that, by design, they lead to global

View file

@ -69,9 +69,6 @@
/dev/socket/prng_seeder u:object_r:prng_seeder_socket:s0
/dev/socket/property_service u:object_r:property_socket:s0
/dev/socket/statsdw u:object_r:statsdw_socket:s0
/dev/socket/tombstoned_crash u:object_r:tombstoned_crash_socket:s0
/dev/socket/tombstoned_java_trace u:object_r:tombstoned_java_trace_socket:s0
/dev/socket/tombstoned_intercept u:object_r:tombstoned_intercept_socket:s0
/dev/socket/authfs_service u:object_r:authfs_service_socket:s0
/dev/socket/vm_payload_service u:object_r:vm_payload_service_socket:s0
/dev/socket/traced_consumer u:object_r:traced_consumer_socket:s0
@ -102,7 +99,6 @@
/system/lib(64)?(/.*)? u:object_r:system_lib_file:s0
/system/lib(64)?/bootstrap(/.*)? u:object_r:system_bootstrap_lib_file:s0
/system/bin/apexd u:object_r:apexd_exec:s0
/system/bin/tombstone_transmit.microdroid u:object_r:tombstone_transmit_exec:s0
/system/bin/linker(64)? u:object_r:system_linker_exec:s0
/system/bin/linkerconfig u:object_r:linkerconfig_exec:s0
/system/bin/bootstrap/linker(64)? u:object_r:system_linker_exec:s0
@ -112,7 +108,6 @@
/system/bin/logcat -- u:object_r:logcat_exec:s0
/system/bin/logd u:object_r:logd_exec:s0
/system/bin/sh -- u:object_r:shell_exec:s0
/system/bin/tombstoned.microdroid u:object_r:tombstoned_exec:s0
/system/bin/toolbox -- u:object_r:toolbox_exec:s0
/system/bin/toybox -- u:object_r:toolbox_exec:s0
/system/bin/zipfuse u:object_r:zipfuse_exec:s0
@ -166,13 +161,8 @@
/data/local/tmp/ltp(/.*)? u:object_r:nativetest_data_file:s0
/data/local/traces(/.*)? u:object_r:trace_data_file:s0
/data/misc/authfs(/.*)? u:object_r:authfs_data_file:s0
/data/tombstones(/.*)? u:object_r:tombstone_data_file:s0
/data/vendor(/.*)? u:object_r:vendor_data_file:s0
# microdroid doesn't use anr, but tombstoned tries to read this.
# So marking /data/anr as tombstone_data_file
/data/anr(/.*)? u:object_r:tombstone_data_file:s0
#############################
# Directory for extra apks
/mnt/extra-apk u:object_r:extra_apk_file:s0

View file

@ -73,12 +73,8 @@ set_prop(microdroid_manager, ctl_apexd_vm_prop)
set_prop(microdroid_manager, ctl_apkdmverity_prop)
set_prop(microdroid_manager, ctl_authfs_prop)
set_prop(microdroid_manager, ctl_seriallogging_prop)
set_prop(microdroid_manager, ctl_tombstone_transmit_prop)
set_prop(microdroid_manager, ctl_zipfuse_prop)
# Allow microdroid_manager to stop tombstoned
set_prop(microdroid_manager, ctl_tombstoned_prop)
# Allow microdroid_manager to wait for linkerconfig to be ready
get_prop(microdroid_manager, apex_config_prop)
@ -126,9 +122,6 @@ allow microdroid_manager extra_apk_file:dir create_dir_perms;
# Allow microdroid_manager to write kmsg_debug (stdio_to_kmsg).
allow microdroid_manager kmsg_debug_device:chr_file w_file_perms;
# Read tombstone_transmit_status_prop to wait for initialization of tombstone_transmit
get_prop(microdroid_manager, tombstone_transmit_status_prop)
# Domains other than microdroid can't write extra_apks
neverallow { domain -microdroid_manager -init -vendor_init } extra_apk_file:file no_w_file_perms;
neverallow { domain -microdroid_manager -init -vendor_init } extra_apk_file:dir no_w_dir_perms;

View file

@ -1,6 +1,3 @@
system_internal_prop(ctl_tombstoned_prop)
system_restricted_prop(tombstone_transmit_status_prop)
system_restricted_prop(boot_status_prop)
# Declare ART properties for CompOS
@ -52,4 +49,11 @@ neverallow {
domain
-init
-microdroid_manager
} {microdroid_config_prop microdroid_lifecycle_prop}:file no_rw_file_perms;
} {microdroid_lifecycle_prop}:file no_rw_file_perms;
neverallow {
domain
-init
-microdroid_manager
-crash_dump
} {microdroid_config_prop}:file no_rw_file_perms;

View file

@ -22,13 +22,10 @@ ctl.restart$adbd u:object_r:ctl_adbd_prop:s0
ctl.stop$apexd u:object_r:ctl_apexd_prop:s0
ctl.stop$tombstoned u:object_r:ctl_tombstoned_prop:s0
ctl.start$apexd-vm u:object_r:ctl_apexd_vm_prop:s0
ctl.start$apkdmverity u:object_r:ctl_apkdmverity_prop:s0
ctl.start$authfs_service u:object_r:ctl_authfs_prop:s0
ctl.start$seriallogging u:object_r:ctl_seriallogging_prop:s0
ctl.start$tombstone_transmit u:object_r:ctl_tombstone_transmit_prop:s0
ctl.start$zipfuse u:object_r:ctl_zipfuse_prop:s0
ctl.console u:object_r:ctl_console_prop:s0
@ -54,7 +51,6 @@ ro.boottime.init.first_stage u:object_r:boottime_prop:s0 exact int
ro.boottime.init.modules u:object_r:boottime_prop:s0 exact int
ro.boottime.init.selinux u:object_r:boottime_prop:s0 exact int
ro.boottime.microdroid_manager u:object_r:boottime_prop:s0 exact int
ro.boottime.tombstoned u:object_r:boottime_prop:s0 exact int
ro.boottime.ueventd u:object_r:boottime_prop:s0 exact int
ro.boottime.zipfuse u:object_r:boottime_prop:s0 exact int
@ -76,7 +72,6 @@ init.svc.ueventd u:object_r:init_service_status_private_prop:s0 exact
init.svc.zipfuse u:object_r:init_service_status_private_prop:s0 exact string
init.svc.adbd u:object_r:init_service_status_prop:s0 exact string
init.svc.tombstoned u:object_r:init_service_status_prop:s0 exact string
ro.boot.adb.enabled u:object_r:bootloader_prop:s0 exact bool
ro.boot.avb_version u:object_r:bootloader_prop:s0 exact string
@ -86,7 +81,6 @@ ro.boot.force_normal_boot u:object_r:bootloader_prop:s0 exact string
ro.boot.hardware u:object_r:bootloader_prop:s0 exact string
ro.boot.microdroid.debuggable u:object_r:bootloader_prop:s0 exact bool
ro.boot.slot_suffix u:object_r:bootloader_prop:s0 exact string
ro.boot.tombstone_transmit.enabled u:object_r:bootloader_prop:s0 exact bool
ro.boot.vbmeta.avb_version u:object_r:bootloader_prop:s0 exact string
ro.boot.vbmeta.device_state u:object_r:bootloader_prop:s0 exact string
ro.boot.vbmeta.digest u:object_r:bootloader_prop:s0 exact string
@ -122,6 +116,7 @@ microdroid_manager.apk.mounted u:object_r:microdroid_manager_zipfuse_prop:s0 exa
microdroid_manager.extra_apk.mounted. u:object_r:microdroid_manager_zipfuse_prop:s0 prefix bool
microdroid_manager.authfs.enabled u:object_r:microdroid_config_prop:s0 exact bool
microdroid_manager.export_tombstones.enabled u:object_r:microdroid_config_prop:s0 exact bool
microdroid_manager.config_done u:object_r:microdroid_lifecycle_prop:s0 exact bool
microdroid_manager.init_done u:object_r:microdroid_lifecycle_prop:s0 exact bool
@ -164,9 +159,3 @@ persist.device_config.runtime_native. u:object_r:device_config_runtime_nat
persist.device_config.runtime_native_boot. u:object_r:device_config_runtime_native_boot_prop:s0 prefix
apexd.payload_metadata.path u:object_r:apexd_payload_metadata_prop:s0 exact string
tombstone_transmit.init_done u:object_r:tombstone_transmit_status_prop:s0 exact bool
# tombstone_transmit.start starts tombstone_transmit after creating a directory
# assigning the same label as ctl.start$tombstone_transmit
tombstone_transmit.start u:object_r:ctl_tombstone_transmit_prop:s0 exact bool

View file

@ -1,16 +0,0 @@
type tombstone_transmit, domain, coredomain;
type tombstone_transmit_exec, exec_type, system_file_type, file_type;
init_daemon_domain(tombstone_transmit)
# permission required to read the file & remove it from directory
allow tombstone_transmit tombstone_data_file:dir { r_dir_perms write remove_name };
allow tombstone_transmit tombstone_data_file:file { r_file_perms unlink };
allow tombstone_transmit self:{ vsock_socket } create_socket_perms_no_ioctl;
# allow tombstone_transmit to notify its initialization
set_prop(tombstone_transmit, tombstone_transmit_status_prop)
# Only tombstone_transmit can set its status
neverallow { domain -init -tombstone_transmit } tombstone_transmit_status_prop:property_service set;

View file

@ -1,12 +0,0 @@
typeattribute tombstoned coredomain;
init_daemon_domain(tombstoned)
# Write to arbitrary pipes given to us.
allow tombstoned domain:fd use;
allow tombstoned domain:fifo_file write;
allow tombstoned domain:dir r_dir_perms;
allow tombstoned domain:file r_file_perms;
allow tombstoned tombstone_data_file:dir rw_dir_perms;
allow tombstoned tombstone_data_file:file { create_file_perms link };

View file

@ -34,10 +34,6 @@ type system_seccomp_policy_file, file_type, system_file_type;
type system_security_cacerts_file, file_type, system_file_type;
type task_profiles_api_file, file_type, system_file_type;
type task_profiles_file, file_type, system_file_type;
type tombstone_data_file, file_type, data_file_type, core_data_file_type;
type tombstoned_crash_socket, file_type, coredomain_socket;
type tombstoned_intercept_socket, file_type, coredomain_socket;
type tombstoned_java_trace_socket, file_type;
type trace_data_file, file_type, data_file_type, core_data_file_type;
type unlabeled, file_type;
type vendor_configs_file, file_type, vendor_file_type;

View file

@ -24,7 +24,6 @@ type ctl_seriallogging_prop, property_type;
type ctl_sigstop_prop, property_type;
type ctl_start_prop, property_type;
type ctl_stop_prop, property_type;
type ctl_tombstone_transmit_prop, property_type;
type ctl_zipfuse_prop, property_type;
type debug_prop, property_type;
type default_prop, property_type;

View file

@ -1,2 +0,0 @@
type tombstoned, domain;
type tombstoned_exec, file_type, exec_type, system_file_type;