Merge "Installd doesn't need to create cgroup files." into pi-dev
diff --git a/private/audioserver.te b/private/audioserver.te
index b7d5320..471fcbe 100644
--- a/private/audioserver.te
+++ b/private/audioserver.te
@@ -52,9 +52,10 @@
# For A2DP bridge which is loaded directly into audioserver
unix_socket_connect(audioserver, bluetooth, bluetooth)
-# Allow shell commands from ADB for CTS testing/dumping
+# Allow shell commands from ADB and shell for CTS testing/dumping
allow audioserver adbd:fd use;
allow audioserver adbd:unix_stream_socket { read write };
+allow audioserver shell:fifo_file { read write };
# Allow shell commands from ADB for CTS testing/dumping
userdebug_or_eng(`
diff --git a/private/domain.te b/private/domain.te
index aa43058..fb6ba4f 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -9,6 +9,7 @@
domain
-vold
-dumpstate
+ userdebug_or_eng(`-incidentd')
-storaged
-system_server
userdebug_or_eng(`-perfprofd')
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 350f6b1..c261afa 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -114,6 +114,7 @@
genfscon sysfs /power/wakeup_count u:object_r:sysfs_power:s0
genfscon sysfs /power/wake_lock u:object_r:sysfs_wake_lock:s0
genfscon sysfs /power/wake_unlock u:object_r:sysfs_wake_lock:s0
+genfscon sysfs /kernel/memory_state_time u:object_r:sysfs_power:s0
genfscon sysfs /kernel/ipv4 u:object_r:sysfs_ipv4:s0
genfscon sysfs /kernel/notes u:object_r:sysfs_kernel_notes:s0
genfscon sysfs /kernel/uevent_helper u:object_r:sysfs_usermodehelper:s0
diff --git a/private/incidentd.te b/private/incidentd.te
index 22ff985..6b248f1 100644
--- a/private/incidentd.te
+++ b/private/incidentd.te
@@ -46,32 +46,47 @@
allow incidentd incident_data_file:dir rw_dir_perms;
allow incidentd incident_data_file:file create_file_perms;
-# Get process attributes
-# TODO allow incidentd domain:process getattr;
+# Enable incidentd to get stack traces.
+binder_use(incidentd)
+hwbinder_use(incidentd)
+allow incidentd hwservicemanager:hwservice_manager { list };
+get_prop(incidentd, hwservicemanager_prop)
+allow incidentd hidl_manager_hwservice:hwservice_manager { find };
# Read files in /proc
allow incidentd {
+ proc_cmdline
+ proc_pipe_conf
proc_stat
}:file r_file_perms;
# Signal java processes to dump their stack and get the results
-# TODO allow incidentd { appdomain ephemeral_app system_server }:process signal;
-# TODO allow incidentd anr_data_file:dir create_dir_perms;
-# TODO allow incidentd anr_data_file:file create_file_perms;
+allow incidentd { appdomain ephemeral_app system_server }:process signal;
# Signal native processes to dump their stack.
# This list comes from native_processes_to_dump in incidentd/utils.c
allow incidentd {
+ # This list comes from native_processes_to_dump in dumputils/dump_utils.cpp
audioserver
cameraserver
drmserver
inputflinger
- mediacodec
mediadrmserver
mediaextractor
+ mediametrics
mediaserver
sdcardd
+ statsd
surfaceflinger
+
+ # This list comes from hal_interfaces_to_dump in dumputils/dump_utils.cpp
+ hal_audio_server
+ hal_bluetooth_server
+ hal_camera_server
+ hal_graphics_composer_server
+ hal_sensors_server
+ hal_vr_server
+ mediacodec # TODO(b/36375899): hal_omx_server
}:process signal;
# Allow incidentd to make binder calls to any binder service
@@ -79,7 +94,18 @@
binder_call(incidentd, appdomain)
# Reading /proc/PID/maps of other processes
-# TODO allow incidentd self:global_capability_class_set sys_ptrace;
+userdebug_or_eng(`allow incidentd self:global_capability_class_set { sys_ptrace }');
+# incidentd has capability sys_ptrace, but should only use that capability for
+# accessing sensitive /proc/PID files, never for using ptrace attach.
+neverallow incidentd *:process ptrace;
+
+allow incidentd self:global_capability_class_set {
+ # Send signals to processes
+ kill
+};
+
+# Connect to tombstoned to intercept dumps.
+unix_socket_connect(incidentd, tombstoned_intercept, tombstoned)
# Run a shell.
allow incidentd shell_exec:file rx_file_perms;
diff --git a/private/system_server.te b/private/system_server.te
index 365c00a..9830bd6 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -372,10 +372,11 @@
#
# Allow system_server to connect and write to the tombstoned java trace socket in
# order to dump its traces. Also allow the system server to write its traces to
-# dumpstate during bugreport capture.
+# dumpstate during bugreport capture and incidentd during incident collection.
unix_socket_connect(system_server, tombstoned_java_trace, tombstoned)
allow system_server tombstoned:fd use;
allow system_server dumpstate:fifo_file append;
+allow system_server incidentd:fifo_file append;
# Read /data/misc/incidents - only read. The fd will be sent over binder,
# with no DAC access to it, for dropbox to read.
diff --git a/private/traced_probes.te b/private/traced_probes.te
index e6a3dfe..5d80f7e 100644
--- a/private/traced_probes.te
+++ b/private/traced_probes.te
@@ -37,17 +37,17 @@
# Allow traced_probes to list some of the data partition.
allow traced_probes self:capability dac_read_search;
-allow traced_probes apk_data_file:dir { getattr open read };
-allow traced_probes dalvikcache_data_file:dir { getattr open read };
+allow traced_probes apk_data_file:dir { getattr open read search };
+allow traced_probes dalvikcache_data_file:dir { getattr open read search };
userdebug_or_eng(`
-allow traced_probes system_data_file:dir { getattr open read };
+allow traced_probes system_data_file:dir { getattr open read search };
')
-allow traced_probes system_app_data_file:dir { getattr open read };
-allow traced_probes backup_data_file:dir { getattr open read };
-allow traced_probes bootstat_data_file:dir { getattr open read };
-allow traced_probes update_engine_data_file:dir { getattr open read };
-allow traced_probes update_engine_log_data_file:dir { getattr open read };
-allow traced_probes user_profile_data_file:dir { getattr open read };
+allow traced_probes system_app_data_file:dir { getattr open read search };
+allow traced_probes backup_data_file:dir { getattr open read search };
+allow traced_probes bootstat_data_file:dir { getattr open read search };
+allow traced_probes update_engine_data_file:dir { getattr open read search };
+allow traced_probes update_engine_log_data_file:dir { getattr open read search };
+allow traced_probes user_profile_data_file:dir { getattr open read search };
# Allow traced_probes to run atrace. atrace pokes at system services to enable
# their userspace TRACE macros.
diff --git a/public/app.te b/public/app.te
index 25139ac..307f12c 100644
--- a/public/app.te
+++ b/public/app.te
@@ -150,6 +150,7 @@
unix_socket_connect(appdomain, tombstoned_java_trace, tombstoned)
allow appdomain tombstoned:fd use;
allow appdomain dumpstate:fifo_file append;
+allow appdomain incidentd:fifo_file append;
# Allow apps to send dump information to dumpstate
allow appdomain dumpstate:fd use;
@@ -157,6 +158,10 @@
allow appdomain dumpstate:fifo_file { write getattr };
allow appdomain shell_data_file:file { write getattr };
+# Allow apps to send dump information to incidentd
+allow appdomain incidentd:fd use;
+allow appdomain incidentd:fifo_file { write getattr };
+
# Write profiles /data/misc/profiles
allow appdomain user_profile_data_file:dir { search write add_name };
allow appdomain user_profile_data_file:file create_file_perms;
diff --git a/public/domain.te b/public/domain.te
index 8cae3ca..1b7bbd4 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -1036,6 +1036,7 @@
-tombstoned
-crash_dump
-dumpstate
+ -incidentd
-system_server
# Processes that can't exec crash_dump
@@ -1043,10 +1044,10 @@
-mediaextractor
} tombstoned_crash_socket:unix_stream_socket connectto;
-# Never allow anyone except dumpstate or the system server to connect or write to
+# Never allow anyone except dumpstate, incidentd, or the system server to connect or write to
# the tombstoned intercept socket.
-neverallow { domain -dumpstate -system_server } tombstoned_intercept_socket:sock_file write;
-neverallow { domain -dumpstate -system_server } tombstoned_intercept_socket:unix_stream_socket connectto;
+neverallow { domain -dumpstate -incidentd -system_server } tombstoned_intercept_socket:sock_file write;
+neverallow { domain -dumpstate -incidentd -system_server } tombstoned_intercept_socket:unix_stream_socket connectto;
# Android does not support System V IPCs.
#
diff --git a/public/dumpstate.te b/public/dumpstate.te
index 003e1f7..8906f5d 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -57,7 +57,7 @@
# Signal native processes to dump their stack.
allow dumpstate {
- # This list comes from native_processes_to_dump in dumpstate/utils.c
+ # This list comes from native_processes_to_dump in dumputils/dump_utils.c
audioserver
cameraserver
drmserver
@@ -69,7 +69,7 @@
sdcardd
surfaceflinger
- # This list comes from hal_interfaces_to_dump in dumpstate/utils.c
+ # This list comes from hal_interfaces_to_dump in dumputils/dump_utils.c
hal_audio_server
hal_bluetooth_server
hal_camera_server
diff --git a/public/hal_health.te b/public/hal_health.te
index 068f23b..c0a0f80 100644
--- a/public/hal_health.te
+++ b/public/hal_health.te
@@ -25,3 +25,6 @@
# Allow to wake up to send periodic events
wakelock_use(hal_health_server)
+
+# Write to /dev/kmsg
+allow hal_health_server kmsg_device:chr_file w_file_perms;
diff --git a/public/te_macros b/public/te_macros
index 9ae6429..9cfe47c 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -499,8 +499,10 @@
')
allow $1 anr_data_file:file append;
allow $1 dumpstate:fd use;
+allow $1 incidentd:fd use;
# TODO: Figure out why write is needed.
allow $1 dumpstate:fifo_file { append write };
+allow $1 incidentd:fifo_file { append write };
allow $1 system_server:fifo_file { append write };
allow $1 tombstoned:unix_stream_socket connectto;
allow $1 tombstoned:fd use;