tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/private/shell.te
Alessio Balsini c1e2918fd9 Allow the MediaProvider app to set FUSE passthrough property 
Allow the MediaProvider app to write the system property
fuse.passthrough.enabled in case FUSE passthrough is enabled.
The need for this additional system property is due to the ScopedStorage
CTS tests that are assuming FUSE passtrhough is always on for devices
supporting it, but there may be some cases (e.g., GSI mixed builds)
where this is not possible true and the feature is disabled at runtime,
thus causing the tests to fail.
This additional system property is only set when FUSE passthrough is
actually being used by the system.

Bug: 186635810
Test: CtsScopedStorageDeviceOnlyTest
Signed-off-by: Alessio Balsini <balsini@google.com>
Change-Id: I623042d67399253a9167188c3748d93eb0f2d41f
2021-05-13 17:38:16 +00:00

202 lines
7 KiB
Text
Raw Blame History

typeattribute shell coredomain, mlstrustedsubject;
# allow shell input injection
allow shell uhid_device:chr_file rw_file_perms;
# systrace support - allow atrace to run
allow shell debugfs_tracing_debug:dir r_dir_perms;
allow shell debugfs_tracing:dir r_dir_perms;
allow shell debugfs_tracing:file rw_file_perms;
allow shell debugfs_trace_marker:file getattr;
allow shell atrace_exec:file rx_file_perms;
userdebug_or_eng(`
allow shell debugfs_tracing_debug:file rw_file_perms;
')
# read config.gz for CTS purposes
allow shell config_gz:file r_file_perms;
# Run app_process.
# XXX Transition into its own domain?
app_domain(shell)
# allow shell to call dumpsys storaged
binder_call(shell, storaged)
# Perform SELinux access checks, needed for CTS
selinux_check_access(shell)
selinux_check_context(shell)
# Control Perfetto traced and obtain traces from it.
# Needed for Studio and debugging.
unix_socket_connect(shell, traced_consumer, traced)
# Allow shell binaries to write trace data to Perfetto. Used for testing and
# cmdline utils.
perfetto_producer(shell)
domain_auto_trans(shell, vendor_shell_exec, vendor_shell)
# Allow shell binaries to exec the perfetto cmdline util and have that
# transition into its own domain, so that it behaves consistently to
# when exec()-d by statsd.
domain_auto_trans(shell, perfetto_exec, perfetto)
# Allow to send SIGINT to perfetto when daemonized.
allow shell perfetto:process signal;
# Allow shell to run adb shell cmd stats commands. Needed for CTS.
binder_call(shell, statsd);
# Allow shell to read and unlink traces stored in /data/misc/a11ytraces.
userdebug_or_eng(`
allow shell accessibility_trace_data_file:dir rw_dir_perms;
allow shell accessibility_trace_data_file:file { r_file_perms unlink };
')
# Allow shell to read and unlink traces stored in /data/misc/perfetto-traces.
allow shell perfetto_traces_data_file:dir rw_dir_perms;
allow shell perfetto_traces_data_file:file { r_file_perms unlink };
# ... and /data/misc/perfetto-traces/bugreport/ .
allow shell perfetto_traces_bugreport_data_file:dir rw_dir_perms;
allow shell perfetto_traces_bugreport_data_file:file { r_file_perms unlink };
# Allow shell to create/remove configs stored in /data/misc/perfetto-configs.
allow shell perfetto_configs_data_file:dir rw_dir_perms;
allow shell perfetto_configs_data_file:file create_file_perms;
# Allow shell to run adb shell cmd gpu commands.
binder_call(shell, gpuservice);
# Allow shell to use atrace HAL
hal_client_domain(shell, hal_atrace)
# For hostside tests such as CTS listening ports test.
allow shell proc_net_tcp_udp:file r_file_perms;
# The dl.exec_linker* tests need to execute /system/bin/linker
# b/124789393
allow shell system_linker_exec:file rx_file_perms;
# Renderscript host side tests depend on being able to execute
# /system/bin/bcc (b/126388046)
allow shell rs_exec:file rx_file_perms;
# Allow (host-driven) ART run-tests to execute dex2oat, in order to
# check ART's compiler.
allow shell dex2oat_exec:file rx_file_perms;
# Allow shell to start and comminicate with lpdumpd.
set_prop(shell, lpdumpd_prop);
binder_call(shell, lpdumpd)
# Allow shell to set and read value of properties used for CTS tests of
# userspace reboot
set_prop(shell, userspace_reboot_test_prop)
# Allow shell to set this property used for rollback tests
set_prop(shell, rollback_test_prop)
# Allow shell to get encryption policy of /data/local/tmp/, for CTS
allowxperm shell shell_data_file:dir ioctl {
FS_IOC_GET_ENCRYPTION_POLICY
FS_IOC_GET_ENCRYPTION_POLICY_EX
};
# Allow shell to execute simpleperf without a domain transition.
allow shell simpleperf_exec:file rx_file_perms;
# Allow shell to execute profcollectctl without a domain transition.
allow shell profcollectd_exec:file rx_file_perms;
# Allow shell to call perf_event_open for profiling other shell processes, but
# not the whole system.
allow shell self:perf_event { open read write kernel };
neverallow shell self:perf_event ~{ open read write kernel };
# Set properties.
set_prop(shell, shell_prop)
set_prop(shell, ctl_bugreport_prop)
set_prop(shell, ctl_dumpstate_prop)
set_prop(shell, dumpstate_prop)
set_prop(shell, exported_dumpstate_prop)
set_prop(shell, debug_prop)
set_prop(shell, perf_drop_caches_prop)
set_prop(shell, powerctl_prop)
set_prop(shell, log_tag_prop)
set_prop(shell, wifi_log_prop)
# Allow shell to start/stop traced via the persist.traced.enable
# property (which also takes care of /data/misc initialization).
set_prop(shell, traced_enabled_prop)
# adjust is_loggable properties
userdebug_or_eng(`set_prop(shell, log_prop)')
# logpersist script
userdebug_or_eng(`set_prop(shell, logpersistd_logging_prop)')
# Allow shell to start/stop heapprofd via the persist.heapprofd.enable
# property.
set_prop(shell, heapprofd_enabled_prop)
# Allow shell to start/stop traced_perf via the persist.traced_perf.enable
# property.
set_prop(shell, traced_perf_enabled_prop)
# Allow shell to start/stop gsid via ctl.start|stop|restart gsid.
set_prop(shell, ctl_gsid_prop)
set_prop(shell, ctl_snapuserd_prop)
# Allow shell to enable Dynamic System Update
set_prop(shell, dynamic_system_prop)
# Allow shell to mock an OTA using persist.pm.mock-upgrade
set_prop(shell, mock_ota_prop)
# Read device's serial number from system properties
get_prop(shell, serialno_prop)
# Allow shell to read the vendor security patch level for CTS
get_prop(shell, vendor_security_patch_level_prop)
# Read state of logging-related properties
get_prop(shell, device_logging_prop)
# Read state of boot reason properties
get_prop(shell, bootloader_boot_reason_prop)
get_prop(shell, last_boot_reason_prop)
get_prop(shell, system_boot_reason_prop)
# Allow reading the outcome of perf_event_open LSM support test for CTS.
get_prop(shell, init_perf_lsm_hooks_prop)
# Allow shell to read boot image timestamps and fingerprints.
get_prop(shell, build_bootimage_prop)
userdebug_or_eng(`set_prop(shell, persist_debug_prop)')
# Allow to issue control commands to profcollectd binder service.
userdebug_or_eng(`
allow shell profcollectd:binder call;
')
# Allow shell to read the keystore key contexts files. Used by native tests to test label lookup.
allow shell keystore2_key_contexts_file:file r_file_perms;
# Allow shell to access the keystore2_key namespace shell_key. Mainly used for native tests.
allow shell shell_key:keystore2_key { delete rebind use get_info update };
# Allow shell to write db.log.detailed, db.log.slow_query_threshold*
set_prop(shell, sqlite_log_prop)
# Allow shell to write MTE properties even on user builds.
set_prop(shell, arm64_memtag_prop)
# Allow shell to read the dm-verity props on user builds.
get_prop(shell, verity_status_prop)
# Allow shell to read Virtual A/B related properties
get_prop(shell, virtual_ab_prop)
# Never allow others to set or get the perf.drop_caches property.
neverallow { domain -shell -init } perf_drop_caches_prop:property_service set;
neverallow { domain -shell -init -dumpstate } perf_drop_caches_prop:file read;
# Allow ReadDefaultFstab() for CTS.
read_fstab(shell)
# Allow shell to read FUSE passthrough properties
get_prop(shell, fuse_passthrough_prop)
Reference in a new issue View git blame Copy permalink