55e5c9b513
public/property split is landed to selectively export public types to
vendors. So rules happening within system should be in private. This
introduces private/property.te and moves all allow and neverallow rules
from any coredomains to system defiend properties.
Bug: 150331497
Test: system/sepolicy/tools/build_policies.sh
Change-Id: I0d929024ae9f4ae3830d4bf3d59e999febb22cbe
Merged-In: I0d929024ae9f4ae3830d4bf3d59e999febb22cbe
(cherry picked from commit 42c7d8966c
)
142 lines
4.7 KiB
Text
142 lines
4.7 KiB
Text
|
|
typeattribute shell coredomain;
|
|
|
|
# allow shell input injection
|
|
allow shell uhid_device:chr_file rw_file_perms;
|
|
|
|
# systrace support - allow atrace to run
|
|
allow shell debugfs_tracing_debug:dir r_dir_perms;
|
|
allow shell debugfs_tracing:dir r_dir_perms;
|
|
allow shell debugfs_tracing:file rw_file_perms;
|
|
allow shell debugfs_trace_marker:file getattr;
|
|
allow shell atrace_exec:file rx_file_perms;
|
|
|
|
userdebug_or_eng(`
|
|
allow shell debugfs_tracing_debug:file rw_file_perms;
|
|
')
|
|
|
|
# read config.gz for CTS purposes
|
|
allow shell config_gz:file r_file_perms;
|
|
|
|
# Run app_process.
|
|
# XXX Transition into its own domain?
|
|
app_domain(shell)
|
|
|
|
# allow shell to call dumpsys storaged
|
|
binder_call(shell, storaged)
|
|
|
|
# Perform SELinux access checks, needed for CTS
|
|
selinux_check_access(shell)
|
|
selinux_check_context(shell)
|
|
|
|
# Control Perfetto traced and obtain traces from it.
|
|
# Needed for Studio and debugging.
|
|
unix_socket_connect(shell, traced_consumer, traced)
|
|
|
|
# Allow shell binaries to write trace data to Perfetto. Used for testing and
|
|
# cmdline utils.
|
|
perfetto_producer(shell)
|
|
|
|
domain_auto_trans(shell, vendor_shell_exec, vendor_shell)
|
|
|
|
# Allow shell binaries to exec the perfetto cmdline util and have that
|
|
# transition into its own domain, so that it behaves consistently to
|
|
# when exec()-d by statsd.
|
|
domain_auto_trans(shell, perfetto_exec, perfetto)
|
|
# Allow to send SIGINT to perfetto when daemonized.
|
|
allow shell perfetto:process signal;
|
|
|
|
# Allow shell to run adb shell cmd stats commands. Needed for CTS.
|
|
binder_call(shell, statsd);
|
|
|
|
# Allow shell to read and unlink traces stored in /data/misc/perfetto-traces.
|
|
allow shell perfetto_traces_data_file:dir rw_dir_perms;
|
|
allow shell perfetto_traces_data_file:file { r_file_perms unlink };
|
|
|
|
# Allow shell to run adb shell cmd gpu commands.
|
|
binder_call(shell, gpuservice);
|
|
|
|
# Allow shell to use atrace HAL
|
|
hal_client_domain(shell, hal_atrace)
|
|
|
|
# For hostside tests such as CTS listening ports test.
|
|
allow shell proc_net_tcp_udp:file r_file_perms;
|
|
|
|
# The dl.exec_linker* tests need to execute /system/bin/linker
|
|
# b/124789393
|
|
allow shell system_linker_exec:file rx_file_perms;
|
|
|
|
# Renderscript host side tests depend on being able to execute
|
|
# /system/bin/bcc (b/126388046)
|
|
allow shell rs_exec:file rx_file_perms;
|
|
|
|
# Allow shell to start and comminicate with lpdumpd.
|
|
set_prop(shell, lpdumpd_prop);
|
|
binder_call(shell, lpdumpd)
|
|
|
|
# Allow shell to set and read value of properties used for CTS tests of
|
|
# userspace reboot
|
|
set_prop(shell, userspace_reboot_test_prop)
|
|
|
|
# Allow shell to get encryption policy of /data/local/tmp/, for CTS
|
|
allowxperm shell shell_data_file:dir ioctl {
|
|
FS_IOC_GET_ENCRYPTION_POLICY
|
|
FS_IOC_GET_ENCRYPTION_POLICY_EX
|
|
};
|
|
|
|
# Allow shell to execute simpleperf without a domain transition.
|
|
allow shell simpleperf_exec:file rx_file_perms;
|
|
|
|
# Allow shell to call perf_event_open for profiling other shell processes, but
|
|
# not the whole system.
|
|
allow shell self:perf_event { open read write kernel };
|
|
neverallow shell self:perf_event ~{ open read write kernel };
|
|
|
|
# Set properties.
|
|
set_prop(shell, shell_prop)
|
|
set_prop(shell, ctl_bugreport_prop)
|
|
set_prop(shell, ctl_dumpstate_prop)
|
|
set_prop(shell, dumpstate_prop)
|
|
set_prop(shell, exported_dumpstate_prop)
|
|
set_prop(shell, debug_prop)
|
|
set_prop(shell, powerctl_prop)
|
|
set_prop(shell, log_tag_prop)
|
|
set_prop(shell, wifi_log_prop)
|
|
# Allow shell to start/stop traced via the persist.traced.enable
|
|
# property (which also takes care of /data/misc initialization).
|
|
set_prop(shell, traced_enabled_prop)
|
|
# adjust is_loggable properties
|
|
userdebug_or_eng(`set_prop(shell, log_prop)')
|
|
# logpersist script
|
|
userdebug_or_eng(`set_prop(shell, logpersistd_logging_prop)')
|
|
# Allow shell to start/stop heapprofd via the persist.heapprofd.enable
|
|
# property.
|
|
set_prop(shell, heapprofd_enabled_prop)
|
|
# Allow shell to start/stop traced_perf via the persist.traced_perf.enable
|
|
# property.
|
|
set_prop(shell, traced_perf_enabled_prop)
|
|
# Allow shell to start/stop gsid via ctl.start|stop|restart gsid.
|
|
set_prop(shell, ctl_gsid_prop)
|
|
# Allow shell to enable Dynamic System Update
|
|
set_prop(shell, dynamic_system_prop)
|
|
# Allow shell to mock an OTA using persist.pm.mock-upgrade
|
|
set_prop(shell, mock_ota_prop)
|
|
|
|
# Read device's serial number from system properties
|
|
get_prop(shell, serialno_prop)
|
|
|
|
# Allow shell to read the vendor security patch level for CTS
|
|
get_prop(shell, vendor_security_patch_level_prop)
|
|
|
|
# Read state of logging-related properties
|
|
get_prop(shell, device_logging_prop)
|
|
|
|
# Read state of boot reason properties
|
|
get_prop(shell, bootloader_boot_reason_prop)
|
|
get_prop(shell, last_boot_reason_prop)
|
|
get_prop(shell, system_boot_reason_prop)
|
|
|
|
# Allow reading the outcome of perf_event_open LSM support test for CTS.
|
|
get_prop(shell, init_perf_lsm_hooks_prop)
|
|
|
|
userdebug_or_eng(`set_prop(shell, persist_debug_prop)')
|