Commit graph

22 commits

Author SHA1 Message Date
Mike Ma
08f494d200 Allow incidentd to parse persisted log
Allow incidentd to run incident-helper-cmd, a Java program spawn by
app_process.
Allow incidentd to read /data/misc/logd and its files on userdebug
and eng build.

Bug: 147924172
Test: Build, flash and verify "adb shell incident -p EXPLICIT 1116"
      can parse persisted logs.

Change-Id: Id0aa4286c304a336741ce8c0949b12ec559c2e16
2020-01-18 16:18:18 -08:00
Ashwini Oruganti
73e1229c96 Allow PermissionController app to to request and collect incident reports
This change adds rules related to incidentd and incident_service.

Bug: 142672293
Test: TH
Change-Id: I578ad5f1d893b9f640983d44eed770d0933ebf60
2019-12-09 16:38:20 -08:00
zhouwenjie
c8ae8fa616 Enable incidentd access to ro.serialno
incident report contains similar data as in a bugreport, but in proto
format. Currently ro.serialno is not captured due to selinux settings.

Test: adb shell incident -p LOCAL 1000
Bug: 143372261
Change-Id: I6a89308c1347fba2ce4f7b469f9a02b119d4aeb7
2019-11-08 14:09:52 -08:00
Kevin Chyn
6d976f4d5d Add rules to dump hal traces
Test: manual
Bug: 126802513

Change-Id: If037483f305e161a158e30f6322d5e25b7770952
2019-06-19 19:55:14 +00:00
Ryan Savitski
72f247f5ff userdebug: support perfetto traces as a section in incident reports
This set of patches adds a way for the perfetto command line client to
save a trace to a hardcoded location,
/data/misc/perfetto-traces/incident-trace, and call into incidentd to
start a report, which will include said trace in a new section.

This is not a long-term solution, and is structured to minimize changes
to perfetto and incidentd. The latter is currently architected in a way
where it can only pull pre-defined information out of the system, so
we're resorting to persisting the intermediate results in a hardcoded
location.

This will introduce at most two more linked files at the same time.

Bug: 130543265
Bug: 134706389
Tested: manually on crosshatch-userdebug
Merged-In: I2aa27e25f0209b3a5cdf5d550d0312693932b808
Change-Id: I2aa27e25f0209b3a5cdf5d550d0312693932b808
(cherry picked from commit ce3a33ff18)
2019-06-07 16:59:49 +01:00
Pawin Vongmasa
609c243dd0 Properly define hal_codec2 and related policies
Test: make cts -j123 && cts-tradefed run cts-dev -m \
CtsMediaTestCases --compatibility:module-arg \
CtsMediaTestCases:include-annotation:\
android.platform.test.annotations.RequiresDevice

Bug: 131677974
Change-Id: I59c3d225499a8c53c2ed9f3bd677ff3d7423990b
2019-05-23 03:53:47 -07:00
Joe Onorato
9cc5c09be5 Allow incidentd to communicate with clients over pipes.
Previously we dumped the data into dropbox.  This improves a couple
things:
  - We write into dropbox via the fd, so dropbox doesn't pull from the
    incidentd directory anymore.
  - There is a new API to for priv apps to explicitly read incident
    reports. That gives incidentd finer grained control over who can
    read it (specifically, it only allows apps to access the incident
    reports they requested, or were requested for them via statsd,
    instead of getting DUMP and reading whatever they want from
    dropbox).

Test: bit incident_test:* GtsIncidentManagerTestCases:*
Bug: 123543706
Change-Id: I9a323e372c4ff95d91419a61e8a20ea5a3a860a5
2019-03-22 17:04:49 -07:00
Mike Ma
de3a3e4156 Allow dumpstate to dump incidentd
An incident.proto section has been added to the bugreport. Need
appropriate sepolicy changes to allow binder calls and fd access.

Bug: 119417232
Test: adb bugreport. Verify incident.proto is in the proto folder,
      and there are no sepolicy violations.

Change-Id: Iac27cbf283a2e1cb41862c76343c2b639f6c0e1e
2018-12-04 15:42:56 -08:00
Yifan Hong
0d53ef2c91 Add rules to dump health traces
Test: bugreport
Bug: 119809588
Change-Id: Ia688d68120daebc0a4feb51c4745535e1b371594
2018-11-27 17:36:07 -08:00
Bookatz
d2f3d18fcd Incidentd gets statsd incident section
There is now an incident section for statsd output data. These selinux
changes must be made for incident to call dump on statsd to get the
data.

Bug: 115678461
Test: adb shell incident -b 3023
and confirm that a valid statsd section is obtained

Change-Id: I761389c160ab3ab6c24556813a1a31088c0f5137
2018-11-13 09:18:34 -08:00
Nick Kralevich
5e37271df8 Introduce system_file_type
system_file_type is a new attribute used to identify files which exist
on the /system partition. It's useful for allow rules in init, which are
based off of a blacklist of writable files. Additionally, it's useful
for constructing neverallow rules to prevent regressions.

Additionally, add commented out tests which enforce that all files on
the /system partition have the system_file_type attribute. These tests
will be uncommented in a future change after all the device-specific
policies are cleaned up.

Test: Device boots and no obvious problems.
Change-Id: Id9bae6625f042594c8eba74ca712abb09702c1e5
2018-09-27 12:52:09 -07:00
Chia-I Wu
7c5e18c494 Allow signals to hal_graphics_allocator_server from dumpstate
This is needed for bugreport to include ANR trace for the process.

Bug: 111604912
Test: adb bugreport
Change-Id: I3f09e17523ccf9b637fd9590e53a13e03e80ccaa
2018-08-13 10:41:48 -07:00
Yi Jin
880de35b41 Allow incidentd to read kernel version
Bug: 110230810
Test: N/A
Change-Id: Ide135dd5a8da05f0ea639bf03ce9612862108225
2018-06-26 21:19:15 +00:00
Steven Moreland
7baf725ea6 mediacodec->mediacodec+hal_omx{,_server,_client}
(breaks vendor blobs, will have to be regenerated
after this CL)

This moves mediacodec to vendor so it is replaced with
hal_omx_server. The main benefit of this is that someone
can create their own implementation of mediacodec without
having to alter the one in the tree. mediacodec is still
seccomp enforced by CTS tests.

Fixes: 36375899
Test: (sanity) YouTube
Test: (sanity) camera pics + video
Test: check for denials
Change-Id: I31f91b7ad6cd0a891a1681ff3b9af82ab400ce5e
2018-05-30 18:12:32 +00:00
Kweku Adams
985db6d8dd Allowing incidentd to get stack traces from processes.
Bug: 72177715
Test: flash device and check incident output
Change-Id: I16c172caec235d985a6767642134fbd5e5c23912
2018-04-04 16:00:23 +00:00
Yi Jin
76238cd4ef Allow incidentd to read LAST_KMSG only for userdebug builds
Bug: 73354384
Test: manual
Change-Id: Iaaeded69c287eae757aaf68dc18bc5a0c53b94e6
2018-03-30 10:15:24 -07:00
Kweku Adams
06ac7dba37 Enabling incidentd to get top and ps data.
Bug: 72177715
Bug: 72384374
Test: flash device and make sure incidentd is getting data without SELinux denials
Change-Id: I684fe014e19c936017a466ec2d6cd2e1f03022c0
2018-03-06 17:43:15 -08:00
yro
cf38ca5ed0 Update sepolicy of statsd to be able to find incident_service
Test: manual testing
Change-Id: Ia97c956c08d2062af6b33622c6b61ca3810b0cb1
2018-01-24 18:25:04 +00:00
Yi Jin
bc24ba7283 Selinux permissions for incidentd project
Bug: 64222712
Test: manual
Change-Id: Ica77ae3c9e535eddac9fccf11710b0bcb3254ab3
2018-01-23 19:08:49 +00:00
Benjamin Gordon
9b2e0cbeea sepolicy: Add rules for non-init namespaces
In kernel 4.7, the capability and capability2 classes were split apart
from cap_userns and cap2_userns (see kernel commit
8e4ff6f228e4722cac74db716e308d1da33d744f). Since then, Android cannot be
run in a container with SELinux in enforcing mode.

This change applies the existing capability rules to user namespaces as
well as the root namespace so that Android running in a container
behaves the same on pre- and post-4.7 kernels.

This is essentially:
  1. New global_capability_class_set and global_capability2_class_set
     that match capability+cap_userns and capability2+cap2_userns,
     respectively.
  2. s/self:capability/self:global_capability_class_set/g
  3. s/self:capability2/self:global_capability2_class_set/g
  4. Add cap_userns and cap2_userns to the existing capability_class_set
     so that it covers all capabilities.  This set was used by several
     neverallow and dontaudit rules, and I confirmed that the new
     classes are still appropriate.

Test: diff new policy against old and confirm that all new rules add
      only cap_userns or cap2_userns;
      Boot ARC++ on a device with the 4.12 kernel.
Bug: crbug.com/754831

Change-Id: I4007eb3a2ecd01b062c4c78d9afee71c530df95f
2017-11-21 08:34:32 -07:00
Alex Klyubin
f5446eb148 Vendor domains must not use Binder
On PRODUCT_FULL_TREBLE devices, non-vendor domains (except vendor
apps) are not permitted to use Binder. This commit thus:
* groups non-vendor domains using the new "coredomain" attribute,
* adds neverallow rules restricting Binder use to coredomain and
  appdomain only, and
* temporarily exempts the domains which are currently violating this
  rule from this restriction. These domains are grouped using the new
  "binder_in_vendor_violators" attribute. The attribute is needed
  because the types corresponding to violators are not exposed to the
  public policy where the neverallow rules are.

Test: mmm system/sepolicy
Test: Device boots, no new denials
Test: In Chrome, navigate to ip6.me, play a YouTube video
Test: YouTube: play a video
Test: Netflix: play a movie
Test: Google Camera: take a photo, take an HDR+ photo, record video with
      sound, record slow motion video with sound. Confirm videos play
      back fine and with sound.
Bug: 35870313
Change-Id: I0cd1a80b60bcbde358ce0f7a47b90f4435a45c95
2017-03-24 07:54:00 -07:00
Joe Onorato
41f93db9de Add incident command and incidentd daemon se policy.
Test: adb shell incident
Bug: 31122534
Change-Id: I4ac9c9ab86867f09b63550707673149fe60f1906
2017-02-07 15:52:07 -08:00