dumpstate: remove access to 'proc' and 'sysfs' types.
And grant appropriate permissions to more granular types.
Bug: 29319732
Bug: 65643247
Test: adb bugreport; no new denials to /proc or /sys files.
Change-Id: Ied99546164e79bfa6148822858c165177d3720a5
diff --git a/private/compat/26.0/26.0.cil b/private/compat/26.0/26.0.cil
index a587b4d..d44fd7a 100644
--- a/private/compat/26.0/26.0.cil
+++ b/private/compat/26.0/26.0.cil
@@ -452,6 +452,7 @@
( proc
proc_abi
proc_asound
+ proc_buddyinfo
proc_cmdline
proc_dirty
proc_diskstats
diff --git a/private/domain.te b/private/domain.te
index 8a41097..dae40d2 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -24,7 +24,6 @@
# /proc
neverallow {
coredomain
- -dumpstate
-vold
-vendor_init
} proc:file no_rw_file_perms;
@@ -32,7 +31,6 @@
# /sys
neverallow {
coredomain
- -dumpstate
-init
-ueventd
-vold
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 1fddb6e..2ff1b4d 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -3,6 +3,7 @@
# proc labeling can be further refined (longest matching prefix).
genfscon proc / u:object_r:proc:s0
genfscon proc /asound u:object_r:proc_asound:s0
+genfscon proc /buddyinfo u:object_r:proc_buddyinfo:s0
genfscon proc /cmdline u:object_r:proc_cmdline:s0
genfscon proc /config.gz u:object_r:config_gz:s0
genfscon proc /diskstats u:object_r:proc_diskstats:s0
diff --git a/public/dumpstate.te b/public/dumpstate.te
index 3a9701d..5f6e5f7 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -82,8 +82,14 @@
# Connect to tombstoned to intercept dumps.
unix_socket_connect(dumpstate, tombstoned_intercept, tombstoned)
-# TODO: added to match above sysfs rule. Remove me?
-allow dumpstate sysfs_usb:file w_file_perms;
+# Access to /sys
+allow dumpstate sysfs_type:dir r_dir_perms;
+
+allow dumpstate {
+ sysfs_dm
+ sysfs_usb
+ sysfs_zram
+}:file r_file_perms;
# Other random bits of data we want to collect
allow dumpstate qtaguid_proc:file r_file_perms;
@@ -113,8 +119,6 @@
hal_client_domain(dumpstate, hal_graphics_allocator)
# Vibrate the device after we are done collecting the bugreport
hal_client_domain(dumpstate, hal_vibrator)
-# For passthrough mode:
-allow dumpstate sysfs_vibrator:file { rw_file_perms getattr };
# Reading /proc/PID/maps of other processes
allow dumpstate self:global_capability_class_set sys_ptrace;
@@ -153,15 +157,18 @@
# Read files in /proc
allow dumpstate {
+ proc_buddyinfo
proc_cmdline
proc_meminfo
+ proc_modules
proc_net
proc_pipe_conf
proc_pagetypeinfo
+ proc_qtaguid_stat
proc_version
proc_vmallocinfo
+ proc_vmstat
}:file r_file_perms;
-r_dir_file(dumpstate, proc)
# Read network state info files.
allow dumpstate net_data_file:dir search;
@@ -249,9 +256,6 @@
# use /dev/ion for screen capture
allow dumpstate ion_device:chr_file r_file_perms;
-# read default labeled files in /sys
-r_dir_file(dumpstate, sysfs)
-
# Allow dumpstate to run top
allow dumpstate proc_stat:file r_file_perms;
@@ -282,7 +286,3 @@
userdebug_or_eng(`-traceur_app')
-dumpstate
} dumpstate_service:service_manager find;
-
-# Dumpstate should not be writing to any generically labeled sysfs files.
-# Create a specific label for the file type
-neverallow dumpstate sysfs:file no_w_file_perms;
diff --git a/public/file.te b/public/file.te
index 91796c0..1317697 100644
--- a/public/file.te
+++ b/public/file.te
@@ -16,6 +16,7 @@
type proc_bluetooth_writable, fs_type;
type proc_abi, fs_type;
type proc_asound, fs_type;
+type proc_buddyinfo, fs_type;
type proc_cmdline, fs_type;
type proc_cpuinfo, fs_type;
type proc_dirty, fs_type;