Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 770a4f6539d0243be31d1788b98fe65f372c3e5a^! / . / private
commit770a4f6539d0243be31d1788b98fe65f372c3e5a[log] [tgz]
authorYabin Cui <yabinc@google.com>Mon Jan 07 16:37:24 2019 -0800
committerYabin Cui <yabinc@google.com>Wed Jan 09 17:24:31 2019 +0000
tree1ec0bea7204fd47839d8edd924609e2ef517c0ad
parent39b0b80c34ad0afa89d677576ceb7418adc7163c [diff]
Add permissions in runas_app domain to debug/profile debuggable apps.

runas_app domain is used by lldb/ndk-gdb/simpleperf to debug/profile
debuggable apps. But it misses permissions to ptrace app processes and
read /proc/<app_pid> directory.

Bug: none
Test: build and boot marlin.
Test: run lldb and simpleperf on apps with target sdk version 24-29.
Change-Id: I9e6f940ec81a8285eae8db3b77fb1251a25dedd0

diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index de0cc79..91724c0 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil

@@ -135,6 +135,7 @@
     property_info
     recovery_socket
     role_service
+    runas_app
     runtime_service
     secure_element
     secure_element_device

diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 429725c..ff1c857 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil

@@ -122,6 +122,7 @@
     property_info
     recovery_socket
     role_service
+    runas_app
     runtime_service
     secure_element
     secure_element_device

diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index 9133c44..58e936c 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil

@@ -73,6 +73,7 @@
     rs_exec
     rss_hwm_reset
     rss_hwm_reset_exec
+    runas_app
     runtime_service
     sensor_privacy_service
     server_configurable_flags_data_file

diff --git a/private/runas_app.te b/private/runas_app.te
index b976b91..638702c 100644
--- a/private/runas_app.te
+++ b/private/runas_app.te

@@ -1,4 +1,3 @@
-type runas_app, domain;
 typeattribute runas_app coredomain;
 
 app_domain(runas_app)
@@ -7,5 +6,12 @@
 bluetooth_domain(runas_app)
 
 # The ability to call exec() on files in the apps home directories
-# when using run-as on a debuggable app. Needed by simpleperf.
+# when using run-as on a debuggable app. Used to run lldb/ndk-gdb/simpleperf,
+# which are copied to the apps home directories.
 allow runas_app app_data_file:file execute_no_trans;
+
+# Allow lldb/ndk-gdb/simpleperf to read maps of debuggable app processes.
+r_dir_file(runas_app, untrusted_app_all)
+
+# Allow lldb/ndk-gdb/simpleperf to ptrace attach to debuggable app processes.
+allow runas_app untrusted_app_all:process ptrace;

diff --git a/private/seapp_contexts b/private/seapp_contexts
index 14a8bff..9fc6816 100644
--- a/private/seapp_contexts
+++ b/private/seapp_contexts

@@ -122,4 +122,5 @@
 user=_app minTargetSdkVersion=28 domain=untrusted_app_27 type=app_data_file levelFrom=all
 user=_app minTargetSdkVersion=26 domain=untrusted_app_27 type=app_data_file levelFrom=user
 user=_app domain=untrusted_app_25 type=app_data_file levelFrom=user
-user=_app fromRunAs=true domain=runas_app levelFrom=all
+user=_app minTargetSdkVersion=28 fromRunAs=true domain=runas_app levelFrom=all
+user=_app fromRunAs=true domain=runas_app levelFrom=user