commit 2f39276e3f1c10416b4beff098e48e4150c2d9c5
author Treehugger Robot <treehugger-gerrit@google.com> Tue Jan 02 15:55:29 2018 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Tue Jan 02 15:55:29 2018 +0000
tree e6e38ec3e62f3d13b7d0cc0325ec1cf9b0de5c45
parent 8d07a8d59511bce80924f80f8ed8236834d8a800
parent aa9711f82b0bac0f66e147d4bbe56bfaec42f861

Merge "Sepolicy: Introduce perfprofd binder service"

private/compat/26.0/26.0.ignore.cil

diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 790133e..e359935 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -27,6 +27,7 @@
     netd_stable_secret_prop
     network_watchlist_service
     package_native_service
+    perfprofd_service
     property_info
     slice_service
     stats

private/service_contexts

diff --git a/private/service_contexts b/private/service_contexts
index 10d8d09..b8d05e2 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -111,6 +111,7 @@
 overlay                                   u:object_r:overlay_service:s0
 package                                   u:object_r:package_service:s0
 package_native                            u:object_r:package_native_service:s0
+perfprofd                                 u:object_r:perfprofd_service:s0
 permission                                u:object_r:permission_service:s0
 persistent_data_block                     u:object_r:persistent_data_block_service:s0
 phone_msim                                u:object_r:radio_service:s0

public/perfprofd.te

diff --git a/public/perfprofd.te b/public/perfprofd.te
index cb4a144..1f4de31 100644
--- a/public/perfprofd.te
+++ b/public/perfprofd.te
@@ -96,4 +96,22 @@
   dontaudit perfprofd shell_data_file:dir *;
   dontaudit perfprofd shell_data_file:file *;
 
+  # Allow perfprofd to publish a binder service and make binder calls.
+  binder_use(perfprofd)
+  add_service(perfprofd, perfprofd_service)
+
+  # Use devpts for streams from cmd.
+  #
+  # This is normally granted to binderservicedomain, but this service
+  # has tighter restrictions on the callers (see below), so must enable
+  # this manually.
+  allow perfprofd devpts:chr_file rw_file_perms;
+
+  # Use socket & pipe supplied by su, for cmd perfprofd dump.
+  allow perfprofd su:unix_stream_socket { read write getattr sendto };
+  allow perfprofd su:fifo_file r_file_perms;
+
+  # For now, only allow su to communicate with us.
+  neverallow domain perfprofd:binder call;
+  neverallow perfprofd { domain -servicemanager -su }:binder call;
 ')

public/service.te

diff --git a/public/service.te b/public/service.te
index e48d4b7..704e245 100644
--- a/public/service.te
+++ b/public/service.te
@@ -20,6 +20,7 @@
 type mediadrmserver_service,    service_manager_type;
 type netd_service,              service_manager_type;
 type nfc_service,               service_manager_type;
+type perfprofd_service,         service_manager_type;
 type radio_service,             service_manager_type;
 type storaged_service,          service_manager_type;
 type surfaceflinger_service,    app_api_service, ephemeral_app_api_service, service_manager_type;