Sepolicy for mm_events
Allow mm_events to periodically arm the mm_events
perfetto trace config if mm_events is enabled.
Bug: 183037386
Test: boot; setprop persist.mm_events.enabled true; No avc denials
Change-Id: Ia9760001e7fb591f18e3e816a63281167a658c74
diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index f89c2be..4c68a99 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@@ -73,6 +73,7 @@
mediatuner
mediatranscoding_tmpfs
memtrackproxy_service
+ mm_events_config_prop
music_recognition_service
nfc_logs_data_file
odrefresh
diff --git a/private/domain.te b/private/domain.te
index 543a784..c73dbe0 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -489,3 +489,12 @@
# Only init and otapreopt_chroot should be mounting filesystems on locations
# labeled system or vendor (/product and /vendor respectively).
neverallow { domain -init -otapreopt_chroot } { system_file_type vendor_file_type }:dir_file_class_set mounton;
+
+# Only allow init and vendor_init to read/write mm_events properties
+# NOTE: dumpstate is allowed to read any system property
+neverallow {
+ domain
+ -init
+ -vendor_init
+ -dumpstate
+} mm_events_config_prop:file no_rw_file_perms;
diff --git a/private/file_contexts b/private/file_contexts
index 4daf401..3786147 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -207,6 +207,7 @@
/system/apex/com.android.art u:object_r:art_apex_dir:s0
/system/lib(64)?(/.*)? u:object_r:system_lib_file:s0
/system/lib(64)?/bootstrap(/.*)? u:object_r:system_bootstrap_lib_file:s0
+/system/bin/mm_events u:object_r:mm_events_exec:s0
/system/bin/atrace u:object_r:atrace_exec:s0
/system/bin/auditctl u:object_r:auditctl_exec:s0
/system/bin/bcc u:object_r:rs_exec:s0
diff --git a/private/mm_events.te b/private/mm_events.te
new file mode 100644
index 0000000..4875d40
--- /dev/null
+++ b/private/mm_events.te
@@ -0,0 +1,14 @@
+type mm_events, domain, coredomain;
+type mm_events_exec, system_file_type, exec_type, file_type;
+
+init_daemon_domain(mm_events)
+
+allow mm_events shell_exec:file rx_file_perms;
+
+# Allow running the sleep command to rate limit attempts
+# to arm mm_events on failure.
+allow mm_events toolbox_exec:file rx_file_perms;
+
+allow mm_events perfetto_exec:file rx_file_perms;
+
+domain_auto_trans(mm_events, perfetto_exec, perfetto)
diff --git a/private/perfetto.te b/private/perfetto.te
index 8327f6b..f9693da 100644
--- a/private/perfetto.te
+++ b/private/perfetto.te
@@ -29,11 +29,11 @@
allow perfetto perfetto_configs_data_file:dir r_dir_perms;
allow perfetto perfetto_configs_data_file:file r_file_perms;
-# Allow perfetto to read the trace config from statsd and shell
+# Allow perfetto to read the trace config from statsd, mm_events and shell
# (both root and non-root) on stdin and also to write the resulting trace to
# stdout.
-allow perfetto { statsd shell su }:fd use;
-allow perfetto { statsd shell su }:fifo_file { getattr read write };
+allow perfetto { statsd mm_events shell su }:fd use;
+allow perfetto { statsd mm_events shell su }:fifo_file { getattr read write };
# Allow to communicate use, read and write over the adb connection.
allow perfetto adbd:fd use;
diff --git a/private/property_contexts b/private/property_contexts
index 6a00538..5e4620f 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -241,6 +241,9 @@
persist.device_config.swcodec_native. u:object_r:device_config_swcodec_native_prop:s0
persist.device_config.window_manager_native_boot. u:object_r:device_config_window_manager_native_boot_prop:s0
+# MM Events config props
+persist.mm_events.enabled u:object_r:mm_events_config_prop:s0 exact bool
+
# Properties that relate to legacy server configurable flags
persist.device_config.global_settings.sys_traced u:object_r:device_config_sys_traced_prop:s0