4a478c47f4
Vendor and system components are only allowed to share files by
passing open FDs over HIDL. Ban all directory access and all file
accesses other than what can be applied to an open file:
stat/read/write/append.
This commit marks core data types as core_data_file_type and bans
access to non-core domains with an exemption for apps. A temporary
exemption is also granted to domains that currently rely on
access with TODOs and bug number for each exemption.
Bug: 34980020
Test: Build and boot Marlin. Make phone call, watch youtube video.
No new denials observed.
Change-Id: I320dd30f9f0a5bf2f9bb218776b4bccdb529b197
57 lines
2.1 KiB
Text
57 lines
2.1 KiB
Text
# perfprofd - perf profile collection daemon
|
|
type perfprofd_exec, exec_type, file_type;
|
|
|
|
userdebug_or_eng(`
|
|
|
|
type perfprofd, domain, domain_deprecated, mlstrustedsubject, coredomain;
|
|
|
|
# perfprofd needs to control CPU hot-plug in order to avoid kernel
|
|
# perfevents problems in cases where CPU goes on/off during measurement;
|
|
# this means read access to /sys/devices/system/cpu/possible
|
|
# and read/write access to /sys/devices/system/cpu/cpu*/online
|
|
allow perfprofd sysfs_devices_system_cpu:file rw_file_perms;
|
|
|
|
# perfprofd checks for the existence of and then invokes simpleperf;
|
|
# simpleperf retains perfprofd domain after exec
|
|
allow perfprofd system_file:file rx_file_perms;
|
|
|
|
# perfprofd reads a config file from /data/data/com.google.android.gms/files
|
|
allow perfprofd app_data_file:file r_file_perms;
|
|
allow perfprofd app_data_file:dir search;
|
|
allow perfprofd self:capability { dac_override };
|
|
|
|
# perfprofd opens a file for writing in /data/misc/perfprofd
|
|
allow perfprofd perfprofd_data_file:file create_file_perms;
|
|
allow perfprofd perfprofd_data_file:dir rw_dir_perms;
|
|
|
|
# perfprofd uses the system log
|
|
read_logd(perfprofd);
|
|
write_logd(perfprofd);
|
|
|
|
# perfprofd inspects /sys/power/wake_unlock
|
|
wakelock_use(perfprofd);
|
|
|
|
# simpleperf uses ioctl() to turn on kernel perf events measurements
|
|
allow perfprofd self:capability sys_admin;
|
|
|
|
# simpleperf needs to examine /proc to collect task/thread info
|
|
r_dir_file(perfprofd, domain)
|
|
|
|
# simpleperf needs to access /proc/<pid>/exec
|
|
allow perfprofd self:capability { sys_resource sys_ptrace };
|
|
neverallow perfprofd domain:process ptrace;
|
|
|
|
# simpleperf needs open/read any file that turns up in a profile
|
|
# to see whether it has a build ID
|
|
allow perfprofd exec_type:file r_file_perms;
|
|
|
|
# simpleperf examines debugfs on startup to collect tracepoint event types
|
|
allow perfprofd debugfs_tracing:file r_file_perms;
|
|
|
|
# simpleperf is going to execute "sleep"
|
|
allow perfprofd toolbox_exec:file rx_file_perms;
|
|
|
|
# needed for simpleperf on some kernels
|
|
allow perfprofd self:capability ipc_lock;
|
|
|
|
')
|