Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 9cc5c09be505ef4a3b18ecc170d94a5c1c04b6ef^! / . / private
commit9cc5c09be505ef4a3b18ecc170d94a5c1c04b6ef[log] [tgz]
authorJoe Onorato <joeo@google.com>Sat Mar 16 15:45:45 2019 -0700
committerJoe Onorato <joeo@google.com>Fri Mar 22 17:04:49 2019 -0700
tree960ac3e2d1e60a2d801759f7223ffcafbbf07105
parentc848dee19cb208961232abd9a17849daa7ae4b15 [diff]
Allow incidentd to communicate with clients over pipes.

Previously we dumped the data into dropbox.  This improves a couple
things:
  - We write into dropbox via the fd, so dropbox doesn't pull from the
    incidentd directory anymore.
  - There is a new API to for priv apps to explicitly read incident
    reports. That gives incidentd finer grained control over who can
    read it (specifically, it only allows apps to access the incident
    reports they requested, or were requested for them via statsd,
    instead of getting DUMP and reading whatever they want from
    dropbox).

Test: bit incident_test:* GtsIncidentManagerTestCases:*
Bug: 123543706
Change-Id: I9a323e372c4ff95d91419a61e8a20ea5a3a860a5

diff --git a/private/incidentd.te b/private/incidentd.te
index ad6fbf3..6f10955 100644
--- a/private/incidentd.te
+++ b/private/incidentd.te

@@ -151,6 +151,7 @@
   -dumpstate
   -incident
   -incidentd
+  -priv_app
   -statsd
   -system_app
   -system_server

diff --git a/private/priv_app.te b/private/priv_app.te
index 004908c..c5251a9 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te

@@ -152,6 +152,12 @@
 allow priv_app traced_tmpfs:file { read write getattr map };
 unix_socket_connect(priv_app, traced_producer, traced)
 
+# Allow priv_apps to request and collect incident reports.
+# (Also requires DUMP and PACKAGE_USAGE_STATS permissions)
+allow priv_app incident_service:service_manager find;
+binder_call(priv_app, incidentd)
+allow priv_app incidentd:fifo_file { read write };
+
 # Allow heap profiling if the app opts in by being marked
 # profileable/debuggable.
 can_profile_heap(priv_app)

diff --git a/private/system_server.te b/private/system_server.te
index ab4a07c..8fff848 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -412,6 +412,10 @@
   allow system_server su:fifo_file append;
 ')
 
+# Allow system_server to read pipes from incidentd (used to deliver incident reports
+# to dropbox)
+allow system_server incidentd:fifo_file read;
+
 # Read /data/misc/incidents - only read. The fd will be sent over binder,
 # with no DAC access to it, for dropbox to read.
 allow system_server incident_data_file:file read;