Don't let ro.log.file_logger.path to be set

ro.log.file_logger.path is a system property that liblog uses to determine if file_logger should be used (instead of logd) and what file the logs should be emitted to. It is primarily meant for non-Android environment like Microdroid, and doesn't need to be set in Android. In fact, setting it to a wrong value can break the system logging functionality. This change prevents such a problem by assigning a dedicated property context (log_file_logger_prop) to the property and making it non-writable. (Note that it still has to be readable because liblog reads it and liblog can be loaded in any process) Bug: 222592894 Test: try to set ro.log.file_logger.path Change-Id: Ic6b527327f5bd4ca70a58b6e45f7be382e093318
2022-09-18 23:09:53 +09:00 · 2022-09-18 23:09:53 +09:00 · c4f84bcb37
commit c4f84bcb37
parent 7c4f837e40
3 changed files with 10 additions and 1 deletions
--- a/private/domain.te
+++ b/private/domain.te
@ -117,6 +117,10 @@ allow domain linkerconfig_file:file r_file_perms;
 # Allow all processes to check for the existence of the boringssl_self_test_marker files.
 allow domain boringssl_self_test_marker:dir search;

+# Allow all processes to read the file_logger property that liblog uses to check if file_logger
+# should be used.
+get_prop(domain, log_file_logger_prop)
+
 # No domains other than a select few can access the misc_block_device. This
 # block device is reserved for OTA use.
 # Do not assert this rule on userdebug/eng builds, due to some devices using
--- a/private/property.te
+++ b/private/property.te
@ -51,6 +51,7 @@ system_internal_prop(ctl_apex_load_prop)

 # Properties which can't be written outside system
 system_restricted_prop(device_config_virtualization_framework_native_prop)
+system_restricted_prop(log_file_logger_prop)

 ###
 ### Neverallow rules
@ -672,3 +673,7 @@ neverallow {
  -profcollectd
 } profcollectd_node_id_prop:file r_file_perms;

+neverallow {
+  domain
+  -init
+} log_file_logger_prop:property_service set;
--- a/private/property_contexts
+++ b/private/property_contexts
@ -43,7 +43,7 @@ ro.khungtask.           u:object_r:llkd_prop:s0
 log.                    u:object_r:log_prop:s0
 log.tag                 u:object_r:log_tag_prop:s0
 log.tag.WifiHAL         u:object_r:wifi_log_prop:s0
-ro.log.file_logger.path    u:object_r:log_prop:s0 exact string
+ro.log.file_logger.path    u:object_r:log_file_logger_prop:s0 exact string
 security.perf_harden    u:object_r:shell_prop:s0
 persist.simpleperf.profile_app_uid              u:object_r:shell_prop:s0
 persist.simpleperf.profile_app_expiration_time  u:object_r:shell_prop:s0