SEPolicy changes to allow kcov access in userdebug. This includes the SELinux policy changes to allow for kcov access in userdebug builds for coverage-guided kernel fuzzing. Bug: 117990869 Test: Ran syzkaller with Android untrusted_app sandbox with coverage. Change-Id: I1fcaad447c7cdc2a3360383b5dcd76e8a0f93f09

commit: 55d9096652126b79e8641c52ec31fbe7747073da [log] [tgz]
author: Dan Austin <danielaustin@google.com> Thu Nov 29 10:37:18 2018 -0800
committer: Dan Austin <danielaustin@google.com> Fri Nov 30 10:56:29 2018 -0800
tree: 27d91b47664c95bc32f12fcc1ce18efed49ad23d
parent: 9cded32f6ae2040051e7717e68be956e8c0b1ff4 [diff] [blame]
diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index 527216d..72e03e1 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te

@@ -140,3 +140,10 @@
 # the ACTION_USER_UNLOCKED intent is delivered. Suppress this
 # denial to prevent third party apps from spamming the logs.
 dontaudit untrusted_app_all system_data_file:dir write;
+
+# Allow access to kcov via its ioctl interface for coverage
+# guided kernel fuzzing.
+userdebug_or_eng(`
+  allow untrusted_app_all debugfs_kcov:file rw_file_perms;
+  allowxperm untrusted_app_all debugfs_kcov:file ioctl { KCOV_INIT_TRACE KCOV_ENABLE KCOV_DISABLE };
+')
commit	55d9096652126b79e8641c52ec31fbe7747073da	[log] [tgz]
author	Dan Austin <danielaustin@google.com>	Thu Nov 29 10:37:18 2018 -0800
committer	Dan Austin <danielaustin@google.com>	Fri Nov 30 10:56:29 2018 -0800
tree	27d91b47664c95bc32f12fcc1ce18efed49ad23d
parent	9cded32f6ae2040051e7717e68be956e8c0b1ff4 [diff] [blame]