Merge "Microdroid sepolicy changes to handle crash export"
This commit is contained in:
commit
9d34facd25
11 changed files with 13 additions and 77 deletions
|
@ -22,11 +22,11 @@ allow crash_dump exec_type:file r_file_perms;
|
|||
# Read all /vendor
|
||||
r_dir_file(crash_dump, vendor_file)
|
||||
|
||||
# Talk to tombstoned
|
||||
unix_socket_connect(crash_dump, tombstoned_crash, tombstoned)
|
||||
# Allow crash_dump to write on vsock - required for writing tombstones in microdroid
|
||||
allow crash_dump self:vsock_socket { connect create write };
|
||||
|
||||
# Append to tombstone files.
|
||||
allow crash_dump tombstone_data_file:file { append getattr };
|
||||
# Allow crash_dump to get microdroid_config_prop - required to deduce whether to write tombstones
|
||||
get_prop(crash_dump, microdroid_config_prop)
|
||||
|
||||
# Crash dump is not intended to access the following files. Since these
|
||||
# are WAI, suppress the denials to clean up the logs.
|
||||
|
|
|
@ -394,11 +394,6 @@ neverallow { domain -init -vendor_init } vendor_default_prop:property_service se
|
|||
neverallow { domain -init } build_prop:property_service set;
|
||||
neverallow { domain -init -init_debug_policy } debuggable_prop:property_service set;
|
||||
|
||||
# Never allow anyone to connect or write to
|
||||
# the tombstoned intercept socket.
|
||||
neverallow { domain } tombstoned_intercept_socket:sock_file write;
|
||||
neverallow { domain } tombstoned_intercept_socket:unix_stream_socket connectto;
|
||||
|
||||
# Android does not support System V IPCs.
|
||||
#
|
||||
# The reason for this is due to the fact that, by design, they lead to global
|
||||
|
|
|
@ -69,9 +69,6 @@
|
|||
/dev/socket/prng_seeder u:object_r:prng_seeder_socket:s0
|
||||
/dev/socket/property_service u:object_r:property_socket:s0
|
||||
/dev/socket/statsdw u:object_r:statsdw_socket:s0
|
||||
/dev/socket/tombstoned_crash u:object_r:tombstoned_crash_socket:s0
|
||||
/dev/socket/tombstoned_java_trace u:object_r:tombstoned_java_trace_socket:s0
|
||||
/dev/socket/tombstoned_intercept u:object_r:tombstoned_intercept_socket:s0
|
||||
/dev/socket/authfs_service u:object_r:authfs_service_socket:s0
|
||||
/dev/socket/vm_payload_service u:object_r:vm_payload_service_socket:s0
|
||||
/dev/socket/traced_consumer u:object_r:traced_consumer_socket:s0
|
||||
|
@ -102,7 +99,6 @@
|
|||
/system/lib(64)?(/.*)? u:object_r:system_lib_file:s0
|
||||
/system/lib(64)?/bootstrap(/.*)? u:object_r:system_bootstrap_lib_file:s0
|
||||
/system/bin/apexd u:object_r:apexd_exec:s0
|
||||
/system/bin/tombstone_transmit.microdroid u:object_r:tombstone_transmit_exec:s0
|
||||
/system/bin/linker(64)? u:object_r:system_linker_exec:s0
|
||||
/system/bin/linkerconfig u:object_r:linkerconfig_exec:s0
|
||||
/system/bin/bootstrap/linker(64)? u:object_r:system_linker_exec:s0
|
||||
|
@ -112,7 +108,6 @@
|
|||
/system/bin/logcat -- u:object_r:logcat_exec:s0
|
||||
/system/bin/logd u:object_r:logd_exec:s0
|
||||
/system/bin/sh -- u:object_r:shell_exec:s0
|
||||
/system/bin/tombstoned.microdroid u:object_r:tombstoned_exec:s0
|
||||
/system/bin/toolbox -- u:object_r:toolbox_exec:s0
|
||||
/system/bin/toybox -- u:object_r:toolbox_exec:s0
|
||||
/system/bin/zipfuse u:object_r:zipfuse_exec:s0
|
||||
|
@ -166,13 +161,8 @@
|
|||
/data/local/tmp/ltp(/.*)? u:object_r:nativetest_data_file:s0
|
||||
/data/local/traces(/.*)? u:object_r:trace_data_file:s0
|
||||
/data/misc/authfs(/.*)? u:object_r:authfs_data_file:s0
|
||||
/data/tombstones(/.*)? u:object_r:tombstone_data_file:s0
|
||||
/data/vendor(/.*)? u:object_r:vendor_data_file:s0
|
||||
|
||||
# microdroid doesn't use anr, but tombstoned tries to read this.
|
||||
# So marking /data/anr as tombstone_data_file
|
||||
/data/anr(/.*)? u:object_r:tombstone_data_file:s0
|
||||
|
||||
#############################
|
||||
# Directory for extra apks
|
||||
/mnt/extra-apk u:object_r:extra_apk_file:s0
|
||||
|
|
|
@ -73,12 +73,8 @@ set_prop(microdroid_manager, ctl_apexd_vm_prop)
|
|||
set_prop(microdroid_manager, ctl_apkdmverity_prop)
|
||||
set_prop(microdroid_manager, ctl_authfs_prop)
|
||||
set_prop(microdroid_manager, ctl_seriallogging_prop)
|
||||
set_prop(microdroid_manager, ctl_tombstone_transmit_prop)
|
||||
set_prop(microdroid_manager, ctl_zipfuse_prop)
|
||||
|
||||
# Allow microdroid_manager to stop tombstoned
|
||||
set_prop(microdroid_manager, ctl_tombstoned_prop)
|
||||
|
||||
# Allow microdroid_manager to wait for linkerconfig to be ready
|
||||
get_prop(microdroid_manager, apex_config_prop)
|
||||
|
||||
|
@ -126,9 +122,6 @@ allow microdroid_manager extra_apk_file:dir create_dir_perms;
|
|||
# Allow microdroid_manager to write kmsg_debug (stdio_to_kmsg).
|
||||
allow microdroid_manager kmsg_debug_device:chr_file w_file_perms;
|
||||
|
||||
# Read tombstone_transmit_status_prop to wait for initialization of tombstone_transmit
|
||||
get_prop(microdroid_manager, tombstone_transmit_status_prop)
|
||||
|
||||
# Domains other than microdroid can't write extra_apks
|
||||
neverallow { domain -microdroid_manager -init -vendor_init } extra_apk_file:file no_w_file_perms;
|
||||
neverallow { domain -microdroid_manager -init -vendor_init } extra_apk_file:dir no_w_dir_perms;
|
||||
|
|
|
@ -1,6 +1,3 @@
|
|||
system_internal_prop(ctl_tombstoned_prop)
|
||||
system_restricted_prop(tombstone_transmit_status_prop)
|
||||
|
||||
system_restricted_prop(boot_status_prop)
|
||||
|
||||
# Declare ART properties for CompOS
|
||||
|
@ -52,4 +49,11 @@ neverallow {
|
|||
domain
|
||||
-init
|
||||
-microdroid_manager
|
||||
} {microdroid_config_prop microdroid_lifecycle_prop}:file no_rw_file_perms;
|
||||
} {microdroid_lifecycle_prop}:file no_rw_file_perms;
|
||||
|
||||
neverallow {
|
||||
domain
|
||||
-init
|
||||
-microdroid_manager
|
||||
-crash_dump
|
||||
} {microdroid_config_prop}:file no_rw_file_perms;
|
||||
|
|
|
@ -22,13 +22,10 @@ ctl.restart$adbd u:object_r:ctl_adbd_prop:s0
|
|||
|
||||
ctl.stop$apexd u:object_r:ctl_apexd_prop:s0
|
||||
|
||||
ctl.stop$tombstoned u:object_r:ctl_tombstoned_prop:s0
|
||||
|
||||
ctl.start$apexd-vm u:object_r:ctl_apexd_vm_prop:s0
|
||||
ctl.start$apkdmverity u:object_r:ctl_apkdmverity_prop:s0
|
||||
ctl.start$authfs_service u:object_r:ctl_authfs_prop:s0
|
||||
ctl.start$seriallogging u:object_r:ctl_seriallogging_prop:s0
|
||||
ctl.start$tombstone_transmit u:object_r:ctl_tombstone_transmit_prop:s0
|
||||
ctl.start$zipfuse u:object_r:ctl_zipfuse_prop:s0
|
||||
|
||||
ctl.console u:object_r:ctl_console_prop:s0
|
||||
|
@ -54,7 +51,6 @@ ro.boottime.init.first_stage u:object_r:boottime_prop:s0 exact int
|
|||
ro.boottime.init.modules u:object_r:boottime_prop:s0 exact int
|
||||
ro.boottime.init.selinux u:object_r:boottime_prop:s0 exact int
|
||||
ro.boottime.microdroid_manager u:object_r:boottime_prop:s0 exact int
|
||||
ro.boottime.tombstoned u:object_r:boottime_prop:s0 exact int
|
||||
ro.boottime.ueventd u:object_r:boottime_prop:s0 exact int
|
||||
ro.boottime.zipfuse u:object_r:boottime_prop:s0 exact int
|
||||
|
||||
|
@ -76,7 +72,6 @@ init.svc.ueventd u:object_r:init_service_status_private_prop:s0 exact
|
|||
init.svc.zipfuse u:object_r:init_service_status_private_prop:s0 exact string
|
||||
|
||||
init.svc.adbd u:object_r:init_service_status_prop:s0 exact string
|
||||
init.svc.tombstoned u:object_r:init_service_status_prop:s0 exact string
|
||||
|
||||
ro.boot.adb.enabled u:object_r:bootloader_prop:s0 exact bool
|
||||
ro.boot.avb_version u:object_r:bootloader_prop:s0 exact string
|
||||
|
@ -86,7 +81,6 @@ ro.boot.force_normal_boot u:object_r:bootloader_prop:s0 exact string
|
|||
ro.boot.hardware u:object_r:bootloader_prop:s0 exact string
|
||||
ro.boot.microdroid.debuggable u:object_r:bootloader_prop:s0 exact bool
|
||||
ro.boot.slot_suffix u:object_r:bootloader_prop:s0 exact string
|
||||
ro.boot.tombstone_transmit.enabled u:object_r:bootloader_prop:s0 exact bool
|
||||
ro.boot.vbmeta.avb_version u:object_r:bootloader_prop:s0 exact string
|
||||
ro.boot.vbmeta.device_state u:object_r:bootloader_prop:s0 exact string
|
||||
ro.boot.vbmeta.digest u:object_r:bootloader_prop:s0 exact string
|
||||
|
@ -122,6 +116,7 @@ microdroid_manager.apk.mounted u:object_r:microdroid_manager_zipfuse_prop:s0 exa
|
|||
microdroid_manager.extra_apk.mounted. u:object_r:microdroid_manager_zipfuse_prop:s0 prefix bool
|
||||
|
||||
microdroid_manager.authfs.enabled u:object_r:microdroid_config_prop:s0 exact bool
|
||||
microdroid_manager.export_tombstones.enabled u:object_r:microdroid_config_prop:s0 exact bool
|
||||
|
||||
microdroid_manager.config_done u:object_r:microdroid_lifecycle_prop:s0 exact bool
|
||||
microdroid_manager.init_done u:object_r:microdroid_lifecycle_prop:s0 exact bool
|
||||
|
@ -164,9 +159,3 @@ persist.device_config.runtime_native. u:object_r:device_config_runtime_nat
|
|||
persist.device_config.runtime_native_boot. u:object_r:device_config_runtime_native_boot_prop:s0 prefix
|
||||
|
||||
apexd.payload_metadata.path u:object_r:apexd_payload_metadata_prop:s0 exact string
|
||||
|
||||
tombstone_transmit.init_done u:object_r:tombstone_transmit_status_prop:s0 exact bool
|
||||
|
||||
# tombstone_transmit.start starts tombstone_transmit after creating a directory
|
||||
# assigning the same label as ctl.start$tombstone_transmit
|
||||
tombstone_transmit.start u:object_r:ctl_tombstone_transmit_prop:s0 exact bool
|
||||
|
|
|
@ -1,16 +0,0 @@
|
|||
type tombstone_transmit, domain, coredomain;
|
||||
type tombstone_transmit_exec, exec_type, system_file_type, file_type;
|
||||
|
||||
init_daemon_domain(tombstone_transmit)
|
||||
|
||||
# permission required to read the file & remove it from directory
|
||||
allow tombstone_transmit tombstone_data_file:dir { r_dir_perms write remove_name };
|
||||
allow tombstone_transmit tombstone_data_file:file { r_file_perms unlink };
|
||||
|
||||
allow tombstone_transmit self:{ vsock_socket } create_socket_perms_no_ioctl;
|
||||
|
||||
# allow tombstone_transmit to notify its initialization
|
||||
set_prop(tombstone_transmit, tombstone_transmit_status_prop)
|
||||
|
||||
# Only tombstone_transmit can set its status
|
||||
neverallow { domain -init -tombstone_transmit } tombstone_transmit_status_prop:property_service set;
|
|
@ -1,12 +0,0 @@
|
|||
typeattribute tombstoned coredomain;
|
||||
|
||||
init_daemon_domain(tombstoned)
|
||||
|
||||
# Write to arbitrary pipes given to us.
|
||||
allow tombstoned domain:fd use;
|
||||
allow tombstoned domain:fifo_file write;
|
||||
|
||||
allow tombstoned domain:dir r_dir_perms;
|
||||
allow tombstoned domain:file r_file_perms;
|
||||
allow tombstoned tombstone_data_file:dir rw_dir_perms;
|
||||
allow tombstoned tombstone_data_file:file { create_file_perms link };
|
|
@ -34,10 +34,6 @@ type system_seccomp_policy_file, file_type, system_file_type;
|
|||
type system_security_cacerts_file, file_type, system_file_type;
|
||||
type task_profiles_api_file, file_type, system_file_type;
|
||||
type task_profiles_file, file_type, system_file_type;
|
||||
type tombstone_data_file, file_type, data_file_type, core_data_file_type;
|
||||
type tombstoned_crash_socket, file_type, coredomain_socket;
|
||||
type tombstoned_intercept_socket, file_type, coredomain_socket;
|
||||
type tombstoned_java_trace_socket, file_type;
|
||||
type trace_data_file, file_type, data_file_type, core_data_file_type;
|
||||
type unlabeled, file_type;
|
||||
type vendor_configs_file, file_type, vendor_file_type;
|
||||
|
|
|
@ -24,7 +24,6 @@ type ctl_seriallogging_prop, property_type;
|
|||
type ctl_sigstop_prop, property_type;
|
||||
type ctl_start_prop, property_type;
|
||||
type ctl_stop_prop, property_type;
|
||||
type ctl_tombstone_transmit_prop, property_type;
|
||||
type ctl_zipfuse_prop, property_type;
|
||||
type debug_prop, property_type;
|
||||
type default_prop, property_type;
|
||||
|
|
|
@ -1,2 +0,0 @@
|
|||
type tombstoned, domain;
|
||||
type tombstoned_exec, file_type, exec_type, system_file_type;
|
Loading…
Reference in a new issue