From aa9711f82b0bac0f66e147d4bbe56bfaec42f861 Mon Sep 17 00:00:00 2001
From: Andreas Gampe <agampe@google.com>
Date: Fri, 22 Dec 2017 13:05:28 -0800
Subject: [PATCH] Sepolicy: Introduce perfprofd binder service

Add policy for the perfprofd binder service.

For now, only allow su to talk to it.

Test: m
Change-Id: I690f75460bf513cb326314cce633fa25453515d6
---
 private/compat/26.0/26.0.ignore.cil |  1 +
 private/service_contexts            |  1 +
 public/perfprofd.te                 | 18 ++++++++++++++++++
 public/service.te                   |  1 +
 4 files changed, 21 insertions(+)

diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 790133efa..e359935de 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -27,6 +27,7 @@
     netd_stable_secret_prop
     network_watchlist_service
     package_native_service
+    perfprofd_service
     property_info
     slice_service
     stats
diff --git a/private/service_contexts b/private/service_contexts
index 10d8d0995..b8d05e250 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -111,6 +111,7 @@ otadexopt                                 u:object_r:otadexopt_service:s0
 overlay                                   u:object_r:overlay_service:s0
 package                                   u:object_r:package_service:s0
 package_native                            u:object_r:package_native_service:s0
+perfprofd                                 u:object_r:perfprofd_service:s0
 permission                                u:object_r:permission_service:s0
 persistent_data_block                     u:object_r:persistent_data_block_service:s0
 phone_msim                                u:object_r:radio_service:s0
diff --git a/public/perfprofd.te b/public/perfprofd.te
index cb4a14409..1f4de3163 100644
--- a/public/perfprofd.te
+++ b/public/perfprofd.te
@@ -96,4 +96,22 @@ userdebug_or_eng(`
   dontaudit perfprofd shell_data_file:dir *;
   dontaudit perfprofd shell_data_file:file *;
 
+  # Allow perfprofd to publish a binder service and make binder calls.
+  binder_use(perfprofd)
+  add_service(perfprofd, perfprofd_service)
+
+  # Use devpts for streams from cmd.
+  #
+  # This is normally granted to binderservicedomain, but this service
+  # has tighter restrictions on the callers (see below), so must enable
+  # this manually.
+  allow perfprofd devpts:chr_file rw_file_perms;
+
+  # Use socket & pipe supplied by su, for cmd perfprofd dump.
+  allow perfprofd su:unix_stream_socket { read write getattr sendto };
+  allow perfprofd su:fifo_file r_file_perms;
+
+  # For now, only allow su to communicate with us.
+  neverallow domain perfprofd:binder call;
+  neverallow perfprofd { domain -servicemanager -su }:binder call;
 ')
diff --git a/public/service.te b/public/service.te
index e48d4b705..704e2452e 100644
--- a/public/service.te
+++ b/public/service.te
@@ -20,6 +20,7 @@ type mediacodec_service,        service_manager_type;
 type mediadrmserver_service,    service_manager_type;
 type netd_service,              service_manager_type;
 type nfc_service,               service_manager_type;
+type perfprofd_service,         service_manager_type;
 type radio_service,             service_manager_type;
 type storaged_service,          service_manager_type;
 type surfaceflinger_service,    app_api_service, ephemeral_app_api_service, service_manager_type;