tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/public
History
mukesh agrawal 3a6bc68e64 allow init and system_server access to tracing 
Revise policy, to allow init and system_server to configure,
clear, and read kernel trace events. This will enable us to
debug certain WiFi failures.

Note that system_server is restricted to only accessing
a wifi-specific trace instance. (Hence, system_server is
not allowed to interfere with atrace.) Moreover, even for
the wifi trace instance, system_server is granted limited
permissions. (system_server can not, e.g., change which
events are traced.)

Note also that init and system_server are only granted these
powers on userdebug or eng builds.

The init.te and system_server.te changes resolve the
following denials:

// Denials when wifi-events.rc configures tracing
{ write } for pid=1 comm="init" name="instances" dev="debugfs" ino=755 scontext=u:r:init:s0 tcontext=u:object_r:debugfs_tracing_instances:s0 tclass=dir permissive=1
{ add_name } for pid=1 comm="init" name="wifi" scontext=u:r:init:s0 tcontext=u:object_r:debugfs_tracing_instances:s0 tclass=dir permissive=1
{ create } for pid=1 comm="init" name="wifi" scontext=u:r:init:s0 tcontext=u:object_r:debugfs_tracing_instances:s0 tclass=dir permissive=1
{ write } for pid=1 comm="init" name="tracing_on" dev="debugfs" ino=18067 scontext=u:r:init:s0 tcontext=u:object_r:debugfs_wifi_tracing:s0 tclass=file permissive=1
{ write } for pid=1 comm="init" name="buffer_size_kb" dev="debugfs" ino=18061 scontext=u:r:init:s0 tcontext=u:object_r:debugfs_tracing_instances:s0 tclass=file permissive=1

// Denials when system_server sets up fail-safe
// (auto-terminate tracing if system_server dies)
{ search } for pid=882 comm="system_server" name="instances" dev="debugfs" ino=755 scontext=u:r:system_server:s0 tcontext=u:object_r:debugfs_tracing_instances:s0 tclass=dir permissive=1
{ read } for pid=882 comm="system_server" name="free_buffer" dev="debugfs" ino=18063 scontext=u:r:system_server:s0 tcontext=u:object_r:debugfs_wifi_tracing:s0 tclass=file permissive=1
{ open } for pid=882 comm="system_server" path="/sys/kernel/debug/tracing/instances/wifi/free_buffer" dev="debugfs" ino=18063 scontext=u:r:system_server:s0 tcontext=u:object_r:debugfs_wifi_tracing:s0 tclass=file permissive=1
{ getattr } for pid=882 comm="system_server" path="/sys/kernel/debug/tracing/instances/wifi/free_buffer" dev="debugfs" ino=18063 scontext=u:r:system_server:s0 tcontext=u:object_r:debugfs_wifi_tracing:s0 tclass=file permissive=1

// Denials when system_server toggles tracing on or off
// (WifiStateMachine is a thread in system_server)
{ search } for pid=989 comm="WifiStateMachin" name="instances" dev="debugfs" ino=755 scontext=u:r:system_server:s0 tcontext=u:object_r:debugfs_tracing_instances:s0 tclass=dir permissive=1
{ write } for pid=989 comm="WifiStateMachin" name="tracing_on" dev="debugfs" ino=18067 scontext=u:r:system_server:s0 tcontext=u:object_r:debugfs_wifi_tracing:s0 tclass=file permissive=1
{ open } for pid=989 comm="WifiStateMachin" path="/sys/kernel/debug/tracing/instances/wifi/tracing_on" dev="debugfs" ino=18067 scontext=u:r:system_server:s0 tcontext=u:object_r:debugfs_wifi_tracing:s0 tclass=file permissive=1
{ getattr } for pid=989 comm="WifiStateMachin" path="/sys/kernel/debug/tracing/instances/wifi/tracing_on" dev="debugfs" ino=18067 scontext=u:r:system_server:s0 tcontext=u:object_r:debugfs_wifi_tracing:s0 tclass=file permissive=1
{ write } for pid=989 comm="WifiStateMachin" name="tracing_on" dev="debugfs" ino=18067 scontext=u:r:system_server:s0 tcontext=u:object_r:debugfs_wifi_tracing:s0 tclass=file permissive=1
{ open } for pid=989 comm="WifiStateMachin" path="/sys/kernel/debug/tracing/instances/wifi/tracing_on" dev="debugfs" ino=18067 scontext=u:r:system_server:s0 tcontext=u:object_r:debugfs_wifi_tracing:s0 tclass=file permissive=1
{ getattr } for pid=989 comm="WifiStateMachin" path="/sys/kernel/debug/tracing/instances/wifi/tracing_on" dev="debugfs" ino=18067 scontext=u:r:system_server:s0 tcontext=u:object_r:debugfs_wifi_tracing:s0 tclass=file permissive=1

// Denials when system_server reads the event trace
// (This happens in response to a dumpsys request)
{ search } for pid=3537 comm="Binder:882_B" name="instances" dev="debugfs" ino=755 scontext=u:r:system_server:s0 tcontext=u:object_r:debugfs_tracing_instances:s0 tclass=dir permissive=1
{ read } for pid=3537 comm="Binder:882_B" name="trace" dev="debugfs" ino=18059 scontext=u:r:system_server:s0 tcontext=u:object_r:debugfs_wifi_tracing:s0 tclass=file permissive=1
{ open } for pid=3537 comm="Binder:882_B" path="/sys/kernel/debug/tracing/instances/wifi/trace" dev="debugfs" ino=18059 scontext=u:r:system_server:s0 tcontext=u:object_r:debugfs_wifi_tracing:s0 tclass=file permissive=1
{ getattr } for pid=3537 comm="Binder:882_B" path="/sys/kernel/debug/tracing/instances/wifi/trace" dev="debugfs" ino=18059 scontext=u:r:system_server:s0 tcontext=u:object_r:debugfs_wifi_tracing:s0 tclass=file permissive=1
{ write } for pid=3537 comm="Binder:882_B" name="trace" dev="debugfs" ino=18059 scontext=u:r:system_server:s0 tcontext=u:object_r:debugfs_wifi_tracing:s0 tclass=file permissive=1

Bug: 27254565
Test: manual
Manual test:
- Build this CL along with CL:322337
- Verify that system boots, and that we can connect to GoogleGuest.
  (Testing of actual trace functionality with require some more
  patches in frameworks/opt/net/wifi.)
$ adb root && adb shell dmesg | egrep 'avc: denied.+debugfs'

Change-Id: Ib6eb4116549277f85bd510d25fb30200f1752f4d
2017-01-18 15:17:16 -08:00
..
adbd.te Introduce crash_dump debugging helper. 2017-01-18 15:03:24 -08:00
app.te Introduce crash_dump debugging helper. 2017-01-18 15:03:24 -08:00
atrace.te Fix build. 2016-12-06 16:49:25 -08:00
attributes DO NOT MERGE: Camera: Add initial Treble camera HAL sepolicy 2017-01-18 12:02:36 -08:00
audioserver.te Allow audioserver to use IAllocator 2017-01-09 18:23:12 -08:00
binderservicedomain.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
blkid.te remove more domain_deprecated 2016-12-09 19:57:43 -08:00
blkid_untrusted.te remove more domain_deprecated 2016-12-09 19:57:43 -08:00
bluetooth.te Add selinux policy for Bluetooth HAL 2017-01-10 15:05:14 -08:00
bluetoothdomain.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
boot_control_hal.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
bootanim.te Add sepolicy for hwcomposer HAL 2016-11-14 01:54:33 +00:00
bootstat.te Assign a label to the ro.boottime.* properties 2016-12-14 13:45:01 -08:00
cameraserver.te DO NOT MERGE: Camera: Add initial Treble camera HAL sepolicy 2017-01-18 12:02:36 -08:00
charger.te healthd: create SEPolicy for 'charger' and reduce healthd's scope 2016-12-15 18:17:13 -08:00
clatd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
cppreopts.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
crash_dump.te Introduce crash_dump debugging helper. 2017-01-18 15:03:24 -08:00
device.te Auditing init and ueventd access to chr device files. 2017-01-13 17:38:39 +00:00
dex2oat.te Label ephemeral APKs and handle their install/uninstall 2016-11-12 00:27:28 +00:00
dhcp.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
dnsmasq.te remove more domain_deprecated 2016-12-09 19:57:43 -08:00
domain.te Introduce crash_dump debugging helper. 2017-01-18 15:03:24 -08:00
domain_deprecated.te Introduce crash_dump debugging helper. 2017-01-18 15:03:24 -08:00
drmserver.te sepolicy: add version_policy tool and version non-platform policy. 2016-12-06 08:56:02 -08:00
dumpstate.te Introduce crash_dump debugging helper. 2017-01-18 15:03:24 -08:00
ephemeral_app.te Move ephemeral_app policy to private 2017-01-09 15:34:27 -08:00
file.te allow init and system_server access to tracing 2017-01-18 15:17:16 -08:00
fingerprintd.te Add directory read permissions to certain domains. 2016-11-28 17:03:41 +00:00
fsck.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
fsck_untrusted.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
gatekeeperd.te gatekeeper HAL service: add security policy 2017-01-03 14:05:04 -08:00
global_macros Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
hal_allocator.te 1-arg variant of hal_impl_domain 2017-01-17 16:34:02 -08:00
hal_audio.te hal_audio: In binderized mode hal_audio needs access to IAllocator 2017-01-17 09:24:56 -08:00
hal_bluetooth.te Add selinux policy for Bluetooth HAL 2017-01-10 15:05:14 -08:00
hal_boot.te 1-arg variant of hal_impl_domain 2017-01-17 16:34:02 -08:00
hal_camera.te DO NOT MERGE: Camera: Add initial Treble camera HAL sepolicy 2017-01-18 12:02:36 -08:00
hal_contexthub.te Add sepolicy for contexthub HAL 2016-12-28 14:58:44 -08:00
hal_dumpstate.te hal_dumpstate: allow writing to bug report files 2016-12-28 18:47:07 -08:00
hal_fingerprint.te New SeLinux policy for fingerprint HIDL 2017-01-13 13:28:31 -08:00
hal_gatekeeper.te gatekeeper HAL service: add security policy 2017-01-03 14:05:04 -08:00
hal_gnss.te add selinux policy for GNSS hal 2017-01-13 20:54:07 +00:00
hal_graphics_allocator.te All hal policies expressed as attributes. 2016-12-13 17:18:27 -08:00
hal_graphics_composer.te All hal policies expressed as attributes. 2016-12-13 17:18:27 -08:00
hal_health.te hal_health: move system_file permissions to public/hal_health 2017-01-11 16:01:07 -08:00
hal_ir.te Add sepolicy for consumerir HIDL HAL 2016-12-13 15:23:13 -08:00
hal_light.te Move hal_light to attribute. 2016-11-18 08:40:04 -08:00
hal_memtrack.te All hal policies expressed as attributes. 2016-12-13 17:18:27 -08:00
hal_nfc.te All hal policies expressed as attributes. 2016-12-13 17:18:27 -08:00
hal_power.te All hal policies expressed as attributes. 2016-12-13 17:18:27 -08:00
hal_sensors.te Add sepolicy for sensors 2016-12-29 02:20:04 +00:00
hal_telephony.te SEPolicy changes for BT SAP hal. 2016-12-27 23:52:58 +00:00
hal_thermal.te All hal policies expressed as attributes. 2016-12-13 17:18:27 -08:00
hal_vibrator.te All hal policies expressed as attributes. 2016-12-13 17:18:27 -08:00
hal_vr.te All hal policies expressed as attributes. 2016-12-13 17:18:27 -08:00
hal_wifi.te All hal policies expressed as attributes. 2016-12-13 17:18:27 -08:00
healthd.te Remove 'net_admin' capability from healthd 2016-12-16 11:45:22 -08:00
hostapd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
hwservicemanager.te hwbinder_use: allow for hwservicemanager callbacks. 2016-12-15 14:17:27 -08:00
idmap.te remove more domain_deprecated 2016-12-09 19:57:43 -08:00
init.te allow init and system_server access to tracing 2017-01-18 15:17:16 -08:00
inputflinger.te Remove domain_deprecated from some domains. 2016-11-25 17:37:30 -08:00
install_recovery.te install_recovery.te: remove domain_deprecated 2017-01-09 16:47:36 +00:00
installd.te Allow installd to measure size of dexopt links. 2016-12-16 15:05:03 -07:00
ioctl_defines Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
ioctl_macros Add TCSETS to unpriv_tty_ioctls 2016-12-07 15:59:34 -08:00
isolated_app.te Move isolated_app policy to private 2017-01-05 16:06:54 -08:00
kernel.te kernel.te: tighten entrypoint / execute_no_trans neverallow 2016-10-30 18:46:44 -07:00
keystore.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
lmkd.te Remove domain_deprecated from some domains. 2016-11-25 17:37:30 -08:00
logd.te Introduce crash_dump debugging helper. 2017-01-18 15:03:24 -08:00
logpersist.te logpersist: do not permit dynamic transition to domain 2016-12-29 09:29:36 -08:00
mdnsd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
mediaanalytics.te Allow access to mediaanalytics service 2016-12-03 00:06:20 +00:00
mediacodec.te Allow access to mediaanalytics service 2016-12-03 00:06:20 +00:00
mediadrmserver.te Restrict access to ro.serialno and ro.boot.serialno 2016-12-22 11:38:29 -08:00
mediaextractor.te Allow access to mediaanalytics service 2016-12-03 00:06:20 +00:00
mediaserver.te Allow access to mediaanalytics service 2016-12-03 00:06:20 +00:00
mtp.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
net.te Allow ephemeral apps network connections 2016-11-14 12:24:51 -08:00
netd.te domain_deprecated.te: remove /proc/net access 2016-11-30 15:23:26 -08:00
neverallow_macros Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
nfc.te remove more domain_deprecated 2016-12-09 19:57:43 -08:00
otapreopt_chroot.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
otapreopt_slot.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
perfprofd.te Fix build. 2016-12-06 16:49:25 -08:00
platform_app.te Move platform_app policy to private 2017-01-09 14:52:59 -08:00
postinstall.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
postinstall_dexopt.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
ppp.te domain_deprecated.te: remove /proc/net access 2016-11-30 15:23:26 -08:00
preopt2cachename.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
priv_app.te Move priv_app policy to private 2017-01-05 15:44:32 -08:00
profman.te profman/debuggerd: allow libart_file:file r_file_perms 2016-11-08 09:28:28 -08:00
property.te Restrict access to Bluetooth system properties 2016-12-27 18:08:13 -08:00
racoon.te racoon: remove domain_deprecated attribute 2016-10-15 17:15:25 -07:00
radio.te Drop auditallow radio net_radio_prop:property_service set; 2017-01-05 13:15:02 -08:00
recovery.te Remove support for legacy f_adb interface. 2017-01-11 15:03:50 -08:00
recovery_persist.te sepolicy: add version_policy tool and version non-platform policy. 2016-12-06 08:56:02 -08:00
recovery_refresh.te sepolicy: add version_policy tool and version non-platform policy. 2016-12-06 08:56:02 -08:00
rild.te SEPolicy changes for BT SAP hal. 2016-12-27 23:52:58 +00:00
roles sepolicy: add version_policy tool and version non-platform policy. 2016-12-06 08:56:02 -08:00
runas.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
sdcardd.te Allow sdcardd to remount sdcardfs 2016-11-28 16:10:27 -08:00
service.te New SeLinux policy for fingerprint HIDL 2017-01-13 13:28:31 -08:00
servicemanager.te Remove domain_deprecated from some domains. 2016-11-25 17:37:30 -08:00
sgdisk.te remove more domain_deprecated 2016-12-09 19:57:43 -08:00
shared_relro.te Restore app_domain macro and move to private use. 2016-12-08 14:42:43 -08:00
shell.te Enable ADB shell access to ro.serialno 2016-12-28 17:44:33 -08:00
slideshow.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
su.te Introduce crash_dump debugging helper. 2017-01-18 15:03:24 -08:00
surfaceflinger.te remove more domain_deprecated 2016-12-09 19:57:43 -08:00
system_app.te Move system_app policy to private 2017-01-05 17:20:28 -08:00
system_server.te allow init and system_server access to tracing 2017-01-18 15:17:16 -08:00
te_macros 1-arg variant of hal_impl_domain 2017-01-17 16:34:02 -08:00
tee.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
tombstoned.te Introduce crash_dump debugging helper. 2017-01-18 15:03:24 -08:00
toolbox.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
tzdatacheck.te remove more domain_deprecated 2016-12-09 19:57:43 -08:00
ueventd.te Auditing init and ueventd access to chr device files. 2017-01-13 17:38:39 +00:00
uncrypt.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
untrusted_app.te Move untrusted_app policy to private 2017-01-05 14:39:52 -08:00
update_engine.te Add permissions for hal_boot 2016-11-21 10:09:40 -08:00
update_engine_common.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
update_verifier.te Add permissions for hal_boot 2016-11-21 10:09:40 -08:00
vdc.te remove more domain_deprecated 2016-12-09 19:57:43 -08:00
vold.te Removing file system remount permission from vold 2016-12-13 15:37:33 -08:00
watchdogd.te Split general policy into public and private components. 2016-10-06 13:09:06 -07:00
webview_zygote.te Introduce crash_dump debugging helper. 2017-01-18 15:03:24 -08:00
wificond.te hal_wifi: Allow system_server to access wifi HIDL services 2016-12-12 10:40:14 -08:00
wpa.te hal_wifi: Allow system_server to access wifi HIDL services 2016-12-12 10:40:14 -08:00
zygote.te Restrict access to Bluetooth system properties 2016-12-27 18:08:13 -08:00