Merge "In native coverage builds, allow all domains to access /data/misc/trace" am: 1eb45b5606
am: f6a95d82d8
Change-Id: Iac5840a4b2a5edf394954dff0a14e307fed28778
This commit is contained in:
commit
da437c3a8f
15 changed files with 71 additions and 5 deletions
16
Android.mk
16
Android.mk
|
@ -162,6 +162,11 @@ ifneq (,$(filter address,$(SANITIZE_TARGET)))
|
|||
with_asan := true
|
||||
endif
|
||||
|
||||
with_native_coverage := false
|
||||
ifeq ($(NATIVE_COVERAGE),true)
|
||||
with_native_coverage := true
|
||||
endif
|
||||
|
||||
# Library extension for host-side tests
|
||||
ifeq ($(HOST_OS),darwin)
|
||||
SHAREDLIB_EXT=dylib
|
||||
|
@ -346,6 +351,7 @@ $(sepolicy_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
|
|||
$(sepolicy_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := user
|
||||
$(sepolicy_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
|
||||
$(sepolicy_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
|
||||
$(sepolicy_policy.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverage)
|
||||
$(sepolicy_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(sepolicy_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
|
||||
$(sepolicy_policy.conf): $(call build_policy, $(sepolicy_build_files), \
|
||||
|
@ -364,6 +370,7 @@ $(sepolicy_policy_2.conf): PRIVATE_TARGET_BUILD_VARIANT := user
|
|||
$(sepolicy_policy_2.conf): PRIVATE_EXCLUDE_BUILD_TEST := true
|
||||
$(sepolicy_policy_2.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
|
||||
$(sepolicy_policy_2.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
|
||||
$(sepolicy_policy_2.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverage)
|
||||
$(sepolicy_policy_2.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(sepolicy_policy_2.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
|
||||
$(sepolicy_policy_2.conf): $(call build_policy, $(sepolicy_build_files), \
|
||||
|
@ -408,6 +415,7 @@ $(reqd_policy_mask.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
|
|||
$(reqd_policy_mask.conf): PRIVATE_TARGET_BUILD_VARIANT := $(TARGET_BUILD_VARIANT)
|
||||
$(reqd_policy_mask.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
|
||||
$(reqd_policy_mask.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
|
||||
$(reqd_policy_mask.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverage)
|
||||
$(reqd_policy_mask.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(reqd_policy_mask.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
|
||||
$(reqd_policy_mask.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
|
||||
|
@ -436,6 +444,7 @@ $(pub_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
|
|||
$(pub_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := $(TARGET_BUILD_VARIANT)
|
||||
$(pub_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
|
||||
$(pub_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
|
||||
$(pub_policy.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverage)
|
||||
$(pub_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(pub_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
|
||||
$(pub_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
|
||||
|
@ -461,6 +470,7 @@ $(plat_pub_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
|
|||
$(plat_pub_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := $(TARGET_BUILD_VARIANT)
|
||||
$(plat_pub_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
|
||||
$(plat_pub_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
|
||||
$(plat_pub_policy.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverage)
|
||||
$(plat_pub_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(plat_pub_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
|
||||
$(plat_pub_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
|
||||
|
@ -499,6 +509,7 @@ $(plat_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
|
|||
$(plat_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := $(TARGET_BUILD_VARIANT)
|
||||
$(plat_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
|
||||
$(plat_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
|
||||
$(plat_policy.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverage)
|
||||
$(plat_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(plat_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
|
||||
$(plat_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
|
||||
|
@ -541,6 +552,7 @@ $(userdebug_plat_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
|
|||
$(userdebug_plat_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := userdebug
|
||||
$(userdebug_plat_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
|
||||
$(userdebug_plat_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
|
||||
$(userdebug_plat_policy.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverage)
|
||||
$(userdebug_plat_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(userdebug_plat_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
|
||||
$(userdebug_plat_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
|
||||
|
@ -584,6 +596,7 @@ $(product_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
|
|||
$(product_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := $(TARGET_BUILD_VARIANT)
|
||||
$(product_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
|
||||
$(product_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
|
||||
$(product_policy.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverage)
|
||||
$(product_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(product_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
|
||||
$(product_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
|
||||
|
@ -725,6 +738,7 @@ $(vendor_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
|
|||
$(vendor_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := $(TARGET_BUILD_VARIANT)
|
||||
$(vendor_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
|
||||
$(vendor_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
|
||||
$(vendor_policy.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverage)
|
||||
$(vendor_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(vendor_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
|
||||
$(vendor_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
|
||||
|
@ -775,6 +789,7 @@ $(odm_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
|
|||
$(odm_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := $(TARGET_BUILD_VARIANT)
|
||||
$(odm_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
|
||||
$(odm_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
|
||||
$(odm_policy.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverage)
|
||||
$(odm_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(odm_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT)
|
||||
$(odm_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY)
|
||||
|
@ -992,6 +1007,7 @@ $(sepolicy.recovery.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
|
|||
$(sepolicy.recovery.conf): PRIVATE_TARGET_BUILD_VARIANT := $(TARGET_BUILD_VARIANT)
|
||||
$(sepolicy.recovery.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
|
||||
$(sepolicy.recovery.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
|
||||
$(sepolicy.recovery.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverage)
|
||||
$(sepolicy.recovery.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$(sepolicy.recovery.conf): PRIVATE_TGT_RECOVERY := -D target_recovery=true
|
||||
$(sepolicy.recovery.conf): $(call build_policy, $(sepolicy_build_files), \
|
||||
|
|
|
@ -8,6 +8,7 @@ $(hide) m4 --fatal-warnings $(PRIVATE_ADDITIONAL_M4DEFS) \
|
|||
-D target_with_dexpreopt=$(WITH_DEXPREOPT) \
|
||||
-D target_arch=$(PRIVATE_TGT_ARCH) \
|
||||
-D target_with_asan=$(PRIVATE_TGT_WITH_ASAN) \
|
||||
-D target_with_native_coverage=$(PRIVATE_TGT_WITH_NATIVE_COVERAGE) \
|
||||
-D target_full_treble=$(PRIVATE_SEPOLICY_SPLIT) \
|
||||
-D target_compatible_property=$(PRIVATE_COMPATIBLE_PROPERTY) \
|
||||
-D target_exclude_build_test=$(PRIVATE_EXCLUDE_BUILD_TEST) \
|
||||
|
|
|
@ -8,6 +8,7 @@ neverallow logd {
|
|||
file_type
|
||||
-runtime_event_log_tags_file
|
||||
userdebug_or_eng(`-coredump_file -misc_logd_file')
|
||||
with_native_coverage(`-method_trace_data_file')
|
||||
}:file { create write append };
|
||||
|
||||
# protect the event-log-tags file
|
||||
|
|
|
@ -19,6 +19,10 @@ userdebug_or_eng(`
|
|||
')
|
||||
|
||||
# logpersist is allowed to write to /data/misc/log for userdebug and eng builds
|
||||
neverallow logpersist { file_type userdebug_or_eng(`-misc_logd_file -coredump_file') }:file { create write append };
|
||||
neverallow logpersist {
|
||||
file_type
|
||||
userdebug_or_eng(`-misc_logd_file -coredump_file')
|
||||
with_native_coverage(`-method_trace_data_file')
|
||||
}:file { create write append };
|
||||
neverallow { domain -init userdebug_or_eng(`-logpersist -logd -dumpstate') } misc_logd_file:file no_rw_file_perms;
|
||||
neverallow { domain -init userdebug_or_eng(`-logpersist -logd') } misc_logd_file:dir { add_name link relabelfrom remove_name rename reparent rmdir write };
|
||||
|
|
|
@ -74,8 +74,14 @@ neverallow perfetto {
|
|||
-vendor_data_file
|
||||
-zoneinfo_data_file
|
||||
-perfetto_traces_data_file
|
||||
with_native_coverage(`-method_trace_data_file')
|
||||
}:dir *;
|
||||
neverallow perfetto { system_data_file -perfetto_traces_data_file }:dir ~{ getattr search };
|
||||
neverallow perfetto zoneinfo_data_file:dir ~r_dir_perms;
|
||||
neverallow perfetto { data_file_type -zoneinfo_data_file -perfetto_traces_data_file }:lnk_file *;
|
||||
neverallow perfetto { data_file_type -zoneinfo_data_file -perfetto_traces_data_file }:file ~write;
|
||||
neverallow perfetto {
|
||||
data_file_type
|
||||
-zoneinfo_data_file
|
||||
-perfetto_traces_data_file
|
||||
with_native_coverage(`-method_trace_data_file')
|
||||
}:file ~write;
|
||||
|
|
|
@ -3,4 +3,9 @@ typeattribute recovery_persist coredomain;
|
|||
init_daemon_domain(recovery_persist)
|
||||
|
||||
# recovery_persist is not allowed to write anywhere other than recovery_data_file
|
||||
neverallow recovery_persist { file_type -recovery_data_file userdebug_or_eng(`-coredump_file') }:file write;
|
||||
neverallow recovery_persist {
|
||||
file_type
|
||||
-recovery_data_file
|
||||
userdebug_or_eng(`-coredump_file')
|
||||
with_native_coverage(`-method_trace_data_file')
|
||||
}:file write;
|
||||
|
|
|
@ -3,4 +3,8 @@ typeattribute recovery_refresh coredomain;
|
|||
init_daemon_domain(recovery_refresh)
|
||||
|
||||
# recovery_refresh is not allowed to write anywhere
|
||||
neverallow recovery_refresh { file_type userdebug_or_eng(`-coredump_file') }:file write;
|
||||
neverallow recovery_refresh {
|
||||
file_type
|
||||
userdebug_or_eng(`-coredump_file')
|
||||
with_native_coverage(`-method_trace_data_file')
|
||||
}:file write;
|
||||
|
|
|
@ -66,6 +66,7 @@ neverallow traced {
|
|||
# subsequent neverallow. Currently only getattr and search are allowed.
|
||||
-vendor_data_file
|
||||
-zoneinfo_data_file
|
||||
with_native_coverage(`-method_trace_data_file')
|
||||
}:dir *;
|
||||
neverallow traced { system_data_file }:dir ~{ getattr search };
|
||||
neverallow traced zoneinfo_data_file:dir ~r_dir_perms;
|
||||
|
@ -75,6 +76,7 @@ neverallow traced {
|
|||
-zoneinfo_data_file
|
||||
-perfetto_traces_data_file
|
||||
-trace_data_file
|
||||
with_native_coverage(`-method_trace_data_file')
|
||||
}:file ~write;
|
||||
|
||||
# Only init is allowed to enter the traced domain via exec()
|
||||
|
|
|
@ -111,11 +111,17 @@ neverallow traced_probes {
|
|||
# subsequent neverallow. Currently only getattr and search are allowed.
|
||||
-vendor_data_file
|
||||
-zoneinfo_data_file
|
||||
with_native_coverage(`-method_trace_data_file')
|
||||
}:dir *;
|
||||
neverallow traced_probes system_data_file:dir ~{ getattr userdebug_or_eng(`open read') search };
|
||||
neverallow traced_probes zoneinfo_data_file:dir ~r_dir_perms;
|
||||
neverallow traced_probes { data_file_type -zoneinfo_data_file }:lnk_file *;
|
||||
neverallow traced_probes { data_file_type -zoneinfo_data_file -packages_list_file }:file *;
|
||||
neverallow traced_probes {
|
||||
data_file_type
|
||||
-zoneinfo_data_file
|
||||
-packages_list_file
|
||||
with_native_coverage(`-method_trace_data_file')
|
||||
}:file *;
|
||||
|
||||
# Only init is allowed to enter the traced_probes domain via exec()
|
||||
neverallow { domain -init } traced_probes:process transition;
|
||||
|
|
|
@ -51,6 +51,12 @@ userdebug_or_eng(`
|
|||
allow domain coredump_file:dir ra_dir_perms;
|
||||
')
|
||||
|
||||
with_native_coverage(`
|
||||
# Allow writing coverage information to /data/misc/trace
|
||||
allow domain method_trace_data_file:dir create_dir_perms;
|
||||
allow domain method_trace_data_file:file create_file_perms;
|
||||
')
|
||||
|
||||
# Root fs.
|
||||
allow domain tmpfs:dir { getattr search };
|
||||
allow domain rootfs:dir search;
|
||||
|
@ -847,6 +853,7 @@ full_treble_only(`
|
|||
# These functions are considered vndk-stable and thus must be allowed for
|
||||
# all processes.
|
||||
-zoneinfo_data_file
|
||||
with_native_coverage(`-method_trace_data_file')
|
||||
}:file_class_set ~{ append getattr ioctl read write map };
|
||||
neverallow {
|
||||
vendor_init
|
||||
|
@ -855,6 +862,7 @@ full_treble_only(`
|
|||
core_data_file_type
|
||||
-unencrypted_data_file
|
||||
-zoneinfo_data_file
|
||||
with_native_coverage(`-method_trace_data_file')
|
||||
}:file_class_set ~{ append getattr ioctl read write map };
|
||||
# vendor init needs to be able to read unencrypted_data_file to create directories with FBE.
|
||||
# The vendor init binary lives on the system partition so there is not a concern with stability.
|
||||
|
@ -873,6 +881,7 @@ full_treble_only(`
|
|||
-system_data_file # default label for files on /data. Covered below...
|
||||
-vendor_data_file
|
||||
-zoneinfo_data_file
|
||||
with_native_coverage(`-method_trace_data_file')
|
||||
}:dir *;
|
||||
neverallow {
|
||||
vendor_init
|
||||
|
@ -883,6 +892,7 @@ full_treble_only(`
|
|||
-system_data_file
|
||||
-vendor_data_file
|
||||
-zoneinfo_data_file
|
||||
with_native_coverage(`-method_trace_data_file')
|
||||
}:dir *;
|
||||
# vendor init needs to be able to read unencrypted_data_file to create directories with FBE.
|
||||
# The vendor init binary lives on the system partition so there is not a concern with stability.
|
||||
|
|
|
@ -42,6 +42,7 @@ neverallow hal_configstore_server {
|
|||
-anr_data_file # for crash dump collection
|
||||
-tombstone_data_file # for crash dump collection
|
||||
-zoneinfo_data_file # granted to domain
|
||||
with_native_coverage(`-method_trace_data_file')
|
||||
}:{ file fifo_file sock_file } *;
|
||||
|
||||
# Should never need sdcard access
|
||||
|
|
|
@ -66,4 +66,5 @@ neverallow mediaextractor {
|
|||
data_file_type
|
||||
-zoneinfo_data_file # time zone data from /data/misc/zoneinfo
|
||||
userdebug_or_eng(`-apk_data_file') # for loading media extractor plugins
|
||||
with_native_coverage(`-method_trace_data_file')
|
||||
}:file open;
|
||||
|
|
|
@ -162,9 +162,11 @@ neverallow recovery {
|
|||
data_file_type
|
||||
-cache_file
|
||||
-cache_recovery_file
|
||||
with_native_coverage(`-method_trace_data_file')
|
||||
}:file { no_w_file_perms no_x_file_perms };
|
||||
neverallow recovery {
|
||||
data_file_type
|
||||
-cache_file
|
||||
-cache_recovery_file
|
||||
with_native_coverage(`-method_trace_data_file')
|
||||
}:dir no_w_dir_perms;
|
||||
|
|
|
@ -509,6 +509,12 @@ define(`userdebug_or_eng', ifelse(target_build_variant, `eng', $1, ifelse(target
|
|||
#
|
||||
define(`with_asan', ifelse(target_with_asan, `true', userdebug_or_eng(`$1'), ))
|
||||
|
||||
#####################################
|
||||
# native coverage builds
|
||||
# SELinux rules which apply only to builds with native coverage
|
||||
#
|
||||
define(`with_native_coverage', ifelse(target_with_native_coverage, `true', userdebug_or_eng(`$1'), ))
|
||||
|
||||
#####################################
|
||||
# Build-time-only test
|
||||
# SELinux rules which are verified during build, but not as part of *TS testing.
|
||||
|
|
|
@ -22,6 +22,7 @@ $($(version)_plat_policy.conf): PRIVATE_MLS_CATS := $(MLS_CATS)
|
|||
$($(version)_plat_policy.conf): PRIVATE_TARGET_BUILD_VARIANT := user
|
||||
$($(version)_plat_policy.conf): PRIVATE_TGT_ARCH := $(my_target_arch)
|
||||
$($(version)_plat_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan)
|
||||
$($(version)_plat_policy.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverage)
|
||||
$($(version)_plat_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
|
||||
$($(version)_plat_policy.conf): PRIVATE_SEPOLICY_SPLIT := true
|
||||
$($(version)_plat_policy.conf): $(call build_policy, $(sepolicy_build_files), \
|
||||
|
|
Loading…
Reference in a new issue