sepolicy: add permissions for trace reporting
Bug: 205892741 Change-Id: I1b6b2ebeae99ca6a9725f24564386cea78403c6d
This commit is contained in:
Lalit Maganti
parent
3a7e19c3d4
commit
b549e2d837
5 changed files with 52 additions and 6 deletions
|
|
@ -31,6 +31,12 @@ allow gmscore_app system_update_service:service_manager find;
|
|||
# Allow GMS core to communicate with statsd.
|
||||
binder_call(gmscore_app, statsd)
|
||||
|
||||
# Allow GMS core to receive Perfetto traces through the framework
|
||||
# (i.e. TracingServiceProxy) and sendfile them into its private directory
|
||||
# for reporting when network and battery conditions are appropriate.
|
||||
allow gmscore_app perfetto:fd use;
|
||||
allow gmscore_app perfetto_traces_data_file:file { read getattr };
|
||||
|
||||
# Allow GMS core to generate unique hardware IDs
|
||||
allow gmscore_app keystore:keystore_key gen_unique_id;
|
||||
allow gmscore_app keystore:keystore2_key gen_unique_id;
|
||||
|
|
|
|||
|
|
@ -22,10 +22,10 @@ perfetto_producer(perfetto)
|
|||
allow perfetto perfetto_traces_data_file:dir rw_dir_perms;
|
||||
allow perfetto perfetto_traces_data_file:file create_file_perms;
|
||||
|
||||
# Allow to access binder to pass the traces to Dropbox.
|
||||
# Allow perfetto to access the proxy service for reporting traces.
|
||||
allow perfetto tracingproxy_service:service_manager find;
|
||||
binder_use(perfetto)
|
||||
binder_call(perfetto, system_server)
|
||||
allow perfetto dropbox_service:service_manager find;
|
||||
|
||||
# Allow perfetto to read the trace config from /data/misc/perfetto-configs.
|
||||
# shell and adb can write files into that directory.
|
||||
|
|
@ -52,6 +52,7 @@ unix_socket_send(perfetto, statsdw, statsd)
|
|||
allow perfetto devpts:chr_file rw_file_perms;
|
||||
|
||||
# Allow perfetto to ask incidentd to start a report.
|
||||
# TODO(lalitm): remove all incidentd rules when proxy service is stable.
|
||||
allow perfetto incident_service:service_manager find;
|
||||
binder_call(perfetto, incidentd)
|
||||
|
||||
|
|
@ -68,7 +69,31 @@ dontauditxperm perfetto shell:fifo_file ioctl unpriv_tty_ioctls;
|
|||
###
|
||||
### Neverallow rules
|
||||
###
|
||||
### perfetto should NEVER do any of this
|
||||
|
||||
# Disallow anyone else from being able to handle traces except selected system
|
||||
# components.
|
||||
neverallow {
|
||||
domain
|
||||
-init # The creator of the folder.
|
||||
-perfetto # The owner of the folder.
|
||||
-adbd # For pulling traces.
|
||||
-shell # For devepment purposes.
|
||||
-traced # For write_into_file traces.
|
||||
-dumpstate # For attaching traces to bugreports.
|
||||
-incidentd # For receiving reported traces. TODO(lalitm): remove this.
|
||||
-priv_app # For stating traces for bug-report UI.
|
||||
} perfetto_traces_data_file:dir *;
|
||||
neverallow {
|
||||
domain
|
||||
-init # The creator of the folder.
|
||||
-perfetto # The owner of the folder.
|
||||
-adbd # For pulling traces.
|
||||
-shell # For devepment purposes.
|
||||
-traced # For write_into_file traces.
|
||||
-incidentd # For receiving reported traces. TODO(lalitm): remove this.
|
||||
} perfetto_traces_data_file:file ~{ getattr read };
|
||||
|
||||
### perfetto should NEVER do any of the following
|
||||
|
||||
# Disallow mapping executable memory (execstack and exec are already disallowed
|
||||
# globally in domain.te).
|
||||
|
|
|
|||
|
|
@ -86,6 +86,13 @@ allow priv_app perfetto_traces_bugreport_data_file:file { getattr };
|
|||
# Required to traverse the parent dir (/data/misc/perfetto-traces).
|
||||
allow priv_app perfetto_traces_data_file:dir { search };
|
||||
|
||||
# Allow priv apps (e.g. BetterBug) to receive Perfetto traces through
|
||||
# the framework (i.e. TracingServiceProxy) and sendfile them into their private
|
||||
# directories for reporting when network and battery conditions are
|
||||
# appropriate.
|
||||
allow priv_app perfetto:fd use;
|
||||
allow priv_app perfetto_traces_data_file:file { read getattr };
|
||||
|
||||
# Allow verifier to access staged apks.
|
||||
allow priv_app { apk_tmp_file apk_private_tmp_file }:dir r_dir_perms;
|
||||
allow priv_app { apk_tmp_file apk_private_tmp_file }:file r_file_perms;
|
||||
|
|
|
|||
|
|
@ -524,9 +524,9 @@ allow system_server incident_data_file:file read;
|
|||
allow system_server prereboot_data_file:dir rw_dir_perms;
|
||||
allow system_server prereboot_data_file:file create_file_perms;
|
||||
|
||||
# Allow dropbox to read /data/misc/perfetto-traces. Only the fd is sent over
|
||||
# Allow tracing proxy service to read traces. Only the fd is sent over
|
||||
# binder.
|
||||
allow system_server perfetto_traces_data_file:file read;
|
||||
allow system_server perfetto_traces_data_file:file { read getattr };
|
||||
allow system_server perfetto:fd use;
|
||||
|
||||
# Manage /data/backup.
|
||||
|
|
|
|||
|
|
@ -118,4 +118,12 @@ neverallow { domain -init } traced:process transition;
|
|||
neverallow * traced:process dyntransition;
|
||||
|
||||
# Limit the processes that can access tracingproxy_service.
|
||||
neverallow { domain -traced -dumpstate -traceur_app -shell -system_server } tracingproxy_service:service_manager find;
|
||||
neverallow {
|
||||
domain
|
||||
-traced
|
||||
-dumpstate
|
||||
-traceur_app
|
||||
-shell
|
||||
-system_server
|
||||
-perfetto
|
||||
} tracingproxy_service:service_manager find;
|
||||
|
|
|
|||
Loading…
Reference in a new issue