tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/private/snapuserd.te
Kelvin Zhang dbe230a193 Allow snapuserd to write log files to /data/misc 
snapuserd logs are important when OTA failures happen. To make debugging
easier, allow snapuserd to persist logs in /data/misc/snapuserd_logs ,
and capture these logs in bugreport.

Bug: 280127810
Change-Id: I49e30fd97ea143e7b9c799b0c746150217d5cbe0
2023-05-01 17:15:17 -07:00

70 lines
2.6 KiB
Text
Raw Blame History

# snapuserd - Daemon for servicing dm-user requests for Virtual A/B snapshots.
type snapuserd, domain;
type snapuserd_exec, exec_type, file_type, system_file_type;
typeattribute snapuserd coredomain;
init_daemon_domain(snapuserd)
allow snapuserd kmsg_device:chr_file rw_file_perms;
# Allow snapuserd to reach block devices in /dev/block.
allow snapuserd block_device:dir search;
# Read /sys/block to find all the DM directories like (/sys/block/dm-X).
allow snapuserd sysfs:dir { open read };
# Read /sys/block/dm-X/dm/name (which is a symlink to
# /sys/devices/virtual/block/dm-X/dm/name) to identify the mapping between
# dm-X and dynamic partitions.
allow snapuserd sysfs_dm:dir { open read search };
allow snapuserd sysfs_dm:file r_file_perms;
# Reading and writing to /dev/block/dm-* (device-mapper) nodes.
allow snapuserd block_device:dir r_dir_perms;
allow snapuserd dm_device:chr_file rw_file_perms;
allow snapuserd dm_device:blk_file rw_file_perms;
# Reading and writing to dm-user control nodes.
allow snapuserd dm_user_device:dir r_dir_perms;
allow snapuserd dm_user_device:chr_file rw_file_perms;
# Reading and writing to /dev/socket/snapuserd and snapuserd_proxy.
allow snapuserd snapuserd_socket:unix_stream_socket { accept listen getattr read write };
allow snapuserd snapuserd_proxy_socket:sock_file write;
# This arises due to first-stage init opening /dev/null without F_CLOEXEC
# (see SetStdioToDevNull in init). When we fork() and execveat() snapuserd
# again, the descriptor leaks into the new process.
allow snapuserd kernel:fd use;
# snapuserd.* properties
set_prop(snapuserd, snapuserd_prop)
get_prop(snapuserd, virtual_ab_prop)
# For inotify watching for /dev/socket/snapuserd_proxy to appear.
allow snapuserd tmpfs:dir { read watch };
# Forbid anything other than snapuserd and init setting snapuserd properties.
neverallow {
domain
-snapuserd
-init
} snapuserd_prop:property_service set;
# Allow to read/write/create OTA metadata files
allow snapuserd metadata_file:dir search;
allow snapuserd ota_metadata_file:dir rw_dir_perms;
allow snapuserd ota_metadata_file:file create_file_perms;
# write to /data/misc/snapuserd_log
allow snapuserd snapuserd_log_data_file:dir create_dir_perms;
allow snapuserd snapuserd_log_data_file:file create_file_perms;
# Read /proc/stat to determine boot time
allow snapuserd proc_stat:file r_file_perms;
# This capability allows snapuserd to circumvent memlock rlimits while using
# io_uring. An Alternative would be to up the memlock rlimit for the snapuserd service.
allow snapuserd self:capability ipc_lock;
io_uring_use(snapuserd)
Reference in a new issue View git blame Copy permalink