Merge "Microdroid sepolicy changes to handle crash export"
diff --git a/microdroid/system/private/crash_dump.te b/microdroid/system/private/crash_dump.te
index 8dcb4b1..6a43b56 100644
--- a/microdroid/system/private/crash_dump.te
+++ b/microdroid/system/private/crash_dump.te
@@ -22,11 +22,11 @@
# Read all /vendor
r_dir_file(crash_dump, vendor_file)
-# Talk to tombstoned
-unix_socket_connect(crash_dump, tombstoned_crash, tombstoned)
+# Allow crash_dump to write on vsock - required for writing tombstones in microdroid
+allow crash_dump self:vsock_socket { connect create write };
-# Append to tombstone files.
-allow crash_dump tombstone_data_file:file { append getattr };
+# Allow crash_dump to get microdroid_config_prop - required to deduce whether to write tombstones
+get_prop(crash_dump, microdroid_config_prop)
# Crash dump is not intended to access the following files. Since these
# are WAI, suppress the denials to clean up the logs.
diff --git a/microdroid/system/private/domain.te b/microdroid/system/private/domain.te
index 916eebf..a8fff90 100644
--- a/microdroid/system/private/domain.te
+++ b/microdroid/system/private/domain.te
@@ -394,11 +394,6 @@
neverallow { domain -init } build_prop:property_service set;
neverallow { domain -init -init_debug_policy } debuggable_prop:property_service set;
-# Never allow anyone to connect or write to
-# the tombstoned intercept socket.
-neverallow { domain } tombstoned_intercept_socket:sock_file write;
-neverallow { domain } tombstoned_intercept_socket:unix_stream_socket connectto;
-
# Android does not support System V IPCs.
#
# The reason for this is due to the fact that, by design, they lead to global
diff --git a/microdroid/system/private/file_contexts b/microdroid/system/private/file_contexts
index e9b0c83..fa81c90 100644
--- a/microdroid/system/private/file_contexts
+++ b/microdroid/system/private/file_contexts
@@ -69,9 +69,6 @@
/dev/socket/prng_seeder u:object_r:prng_seeder_socket:s0
/dev/socket/property_service u:object_r:property_socket:s0
/dev/socket/statsdw u:object_r:statsdw_socket:s0
-/dev/socket/tombstoned_crash u:object_r:tombstoned_crash_socket:s0
-/dev/socket/tombstoned_java_trace u:object_r:tombstoned_java_trace_socket:s0
-/dev/socket/tombstoned_intercept u:object_r:tombstoned_intercept_socket:s0
/dev/socket/authfs_service u:object_r:authfs_service_socket:s0
/dev/socket/vm_payload_service u:object_r:vm_payload_service_socket:s0
/dev/socket/traced_consumer u:object_r:traced_consumer_socket:s0
@@ -102,7 +99,6 @@
/system/lib(64)?(/.*)? u:object_r:system_lib_file:s0
/system/lib(64)?/bootstrap(/.*)? u:object_r:system_bootstrap_lib_file:s0
/system/bin/apexd u:object_r:apexd_exec:s0
-/system/bin/tombstone_transmit.microdroid u:object_r:tombstone_transmit_exec:s0
/system/bin/linker(64)? u:object_r:system_linker_exec:s0
/system/bin/linkerconfig u:object_r:linkerconfig_exec:s0
/system/bin/bootstrap/linker(64)? u:object_r:system_linker_exec:s0
@@ -112,7 +108,6 @@
/system/bin/logcat -- u:object_r:logcat_exec:s0
/system/bin/logd u:object_r:logd_exec:s0
/system/bin/sh -- u:object_r:shell_exec:s0
-/system/bin/tombstoned.microdroid u:object_r:tombstoned_exec:s0
/system/bin/toolbox -- u:object_r:toolbox_exec:s0
/system/bin/toybox -- u:object_r:toolbox_exec:s0
/system/bin/zipfuse u:object_r:zipfuse_exec:s0
@@ -166,13 +161,8 @@
/data/local/tmp/ltp(/.*)? u:object_r:nativetest_data_file:s0
/data/local/traces(/.*)? u:object_r:trace_data_file:s0
/data/misc/authfs(/.*)? u:object_r:authfs_data_file:s0
-/data/tombstones(/.*)? u:object_r:tombstone_data_file:s0
/data/vendor(/.*)? u:object_r:vendor_data_file:s0
-# microdroid doesn't use anr, but tombstoned tries to read this.
-# So marking /data/anr as tombstone_data_file
-/data/anr(/.*)? u:object_r:tombstone_data_file:s0
-
#############################
# Directory for extra apks
/mnt/extra-apk u:object_r:extra_apk_file:s0
diff --git a/microdroid/system/private/microdroid_manager.te b/microdroid/system/private/microdroid_manager.te
index 51372ad..8635ed4 100644
--- a/microdroid/system/private/microdroid_manager.te
+++ b/microdroid/system/private/microdroid_manager.te
@@ -73,12 +73,8 @@
set_prop(microdroid_manager, ctl_apkdmverity_prop)
set_prop(microdroid_manager, ctl_authfs_prop)
set_prop(microdroid_manager, ctl_seriallogging_prop)
-set_prop(microdroid_manager, ctl_tombstone_transmit_prop)
set_prop(microdroid_manager, ctl_zipfuse_prop)
-# Allow microdroid_manager to stop tombstoned
-set_prop(microdroid_manager, ctl_tombstoned_prop)
-
# Allow microdroid_manager to wait for linkerconfig to be ready
get_prop(microdroid_manager, apex_config_prop)
@@ -126,9 +122,6 @@
# Allow microdroid_manager to write kmsg_debug (stdio_to_kmsg).
allow microdroid_manager kmsg_debug_device:chr_file w_file_perms;
-# Read tombstone_transmit_status_prop to wait for initialization of tombstone_transmit
-get_prop(microdroid_manager, tombstone_transmit_status_prop)
-
# Domains other than microdroid can't write extra_apks
neverallow { domain -microdroid_manager -init -vendor_init } extra_apk_file:file no_w_file_perms;
neverallow { domain -microdroid_manager -init -vendor_init } extra_apk_file:dir no_w_dir_perms;
diff --git a/microdroid/system/private/property.te b/microdroid/system/private/property.te
index 1bbe2a9..638b246 100644
--- a/microdroid/system/private/property.te
+++ b/microdroid/system/private/property.te
@@ -1,6 +1,3 @@
-system_internal_prop(ctl_tombstoned_prop)
-system_restricted_prop(tombstone_transmit_status_prop)
-
system_restricted_prop(boot_status_prop)
# Declare ART properties for CompOS
@@ -52,4 +49,11 @@
domain
-init
-microdroid_manager
-} {microdroid_config_prop microdroid_lifecycle_prop}:file no_rw_file_perms;
+} {microdroid_lifecycle_prop}:file no_rw_file_perms;
+
+neverallow {
+ domain
+ -init
+ -microdroid_manager
+ -crash_dump
+} {microdroid_config_prop}:file no_rw_file_perms;
diff --git a/microdroid/system/private/property_contexts b/microdroid/system/private/property_contexts
index bb43d58..dd43a81 100644
--- a/microdroid/system/private/property_contexts
+++ b/microdroid/system/private/property_contexts
@@ -22,13 +22,10 @@
ctl.stop$apexd u:object_r:ctl_apexd_prop:s0
-ctl.stop$tombstoned u:object_r:ctl_tombstoned_prop:s0
-
ctl.start$apexd-vm u:object_r:ctl_apexd_vm_prop:s0
ctl.start$apkdmverity u:object_r:ctl_apkdmverity_prop:s0
ctl.start$authfs_service u:object_r:ctl_authfs_prop:s0
ctl.start$seriallogging u:object_r:ctl_seriallogging_prop:s0
-ctl.start$tombstone_transmit u:object_r:ctl_tombstone_transmit_prop:s0
ctl.start$zipfuse u:object_r:ctl_zipfuse_prop:s0
ctl.console u:object_r:ctl_console_prop:s0
@@ -54,7 +51,6 @@
ro.boottime.init.modules u:object_r:boottime_prop:s0 exact int
ro.boottime.init.selinux u:object_r:boottime_prop:s0 exact int
ro.boottime.microdroid_manager u:object_r:boottime_prop:s0 exact int
-ro.boottime.tombstoned u:object_r:boottime_prop:s0 exact int
ro.boottime.ueventd u:object_r:boottime_prop:s0 exact int
ro.boottime.zipfuse u:object_r:boottime_prop:s0 exact int
@@ -76,7 +72,6 @@
init.svc.zipfuse u:object_r:init_service_status_private_prop:s0 exact string
init.svc.adbd u:object_r:init_service_status_prop:s0 exact string
-init.svc.tombstoned u:object_r:init_service_status_prop:s0 exact string
ro.boot.adb.enabled u:object_r:bootloader_prop:s0 exact bool
ro.boot.avb_version u:object_r:bootloader_prop:s0 exact string
@@ -86,7 +81,6 @@
ro.boot.hardware u:object_r:bootloader_prop:s0 exact string
ro.boot.microdroid.debuggable u:object_r:bootloader_prop:s0 exact bool
ro.boot.slot_suffix u:object_r:bootloader_prop:s0 exact string
-ro.boot.tombstone_transmit.enabled u:object_r:bootloader_prop:s0 exact bool
ro.boot.vbmeta.avb_version u:object_r:bootloader_prop:s0 exact string
ro.boot.vbmeta.device_state u:object_r:bootloader_prop:s0 exact string
ro.boot.vbmeta.digest u:object_r:bootloader_prop:s0 exact string
@@ -122,6 +116,7 @@
microdroid_manager.extra_apk.mounted. u:object_r:microdroid_manager_zipfuse_prop:s0 prefix bool
microdroid_manager.authfs.enabled u:object_r:microdroid_config_prop:s0 exact bool
+microdroid_manager.export_tombstones.enabled u:object_r:microdroid_config_prop:s0 exact bool
microdroid_manager.config_done u:object_r:microdroid_lifecycle_prop:s0 exact bool
microdroid_manager.init_done u:object_r:microdroid_lifecycle_prop:s0 exact bool
@@ -164,9 +159,3 @@
persist.device_config.runtime_native_boot. u:object_r:device_config_runtime_native_boot_prop:s0 prefix
apexd.payload_metadata.path u:object_r:apexd_payload_metadata_prop:s0 exact string
-
-tombstone_transmit.init_done u:object_r:tombstone_transmit_status_prop:s0 exact bool
-
-# tombstone_transmit.start starts tombstone_transmit after creating a directory
-# assigning the same label as ctl.start$tombstone_transmit
-tombstone_transmit.start u:object_r:ctl_tombstone_transmit_prop:s0 exact bool
diff --git a/microdroid/system/private/tombstone_transmit.te b/microdroid/system/private/tombstone_transmit.te
deleted file mode 100644
index 4f2b5ab..0000000
--- a/microdroid/system/private/tombstone_transmit.te
+++ /dev/null
@@ -1,16 +0,0 @@
-type tombstone_transmit, domain, coredomain;
-type tombstone_transmit_exec, exec_type, system_file_type, file_type;
-
-init_daemon_domain(tombstone_transmit)
-
-# permission required to read the file & remove it from directory
-allow tombstone_transmit tombstone_data_file:dir { r_dir_perms write remove_name };
-allow tombstone_transmit tombstone_data_file:file { r_file_perms unlink };
-
-allow tombstone_transmit self:{ vsock_socket } create_socket_perms_no_ioctl;
-
-# allow tombstone_transmit to notify its initialization
-set_prop(tombstone_transmit, tombstone_transmit_status_prop)
-
-# Only tombstone_transmit can set its status
-neverallow { domain -init -tombstone_transmit } tombstone_transmit_status_prop:property_service set;
diff --git a/microdroid/system/private/tombstoned.te b/microdroid/system/private/tombstoned.te
deleted file mode 100644
index 2567a23..0000000
--- a/microdroid/system/private/tombstoned.te
+++ /dev/null
@@ -1,12 +0,0 @@
-typeattribute tombstoned coredomain;
-
-init_daemon_domain(tombstoned)
-
-# Write to arbitrary pipes given to us.
-allow tombstoned domain:fd use;
-allow tombstoned domain:fifo_file write;
-
-allow tombstoned domain:dir r_dir_perms;
-allow tombstoned domain:file r_file_perms;
-allow tombstoned tombstone_data_file:dir rw_dir_perms;
-allow tombstoned tombstone_data_file:file { create_file_perms link };
diff --git a/microdroid/system/public/file.te b/microdroid/system/public/file.te
index 6a698c3..d9a6e44 100644
--- a/microdroid/system/public/file.te
+++ b/microdroid/system/public/file.te
@@ -34,10 +34,6 @@
type system_security_cacerts_file, file_type, system_file_type;
type task_profiles_api_file, file_type, system_file_type;
type task_profiles_file, file_type, system_file_type;
-type tombstone_data_file, file_type, data_file_type, core_data_file_type;
-type tombstoned_crash_socket, file_type, coredomain_socket;
-type tombstoned_intercept_socket, file_type, coredomain_socket;
-type tombstoned_java_trace_socket, file_type;
type trace_data_file, file_type, data_file_type, core_data_file_type;
type unlabeled, file_type;
type vendor_configs_file, file_type, vendor_file_type;
diff --git a/microdroid/system/public/property.te b/microdroid/system/public/property.te
index 158d741..c2e5ebd 100644
--- a/microdroid/system/public/property.te
+++ b/microdroid/system/public/property.te
@@ -24,7 +24,6 @@
type ctl_sigstop_prop, property_type;
type ctl_start_prop, property_type;
type ctl_stop_prop, property_type;
-type ctl_tombstone_transmit_prop, property_type;
type ctl_zipfuse_prop, property_type;
type debug_prop, property_type;
type default_prop, property_type;
diff --git a/microdroid/system/public/tombstoned.te b/microdroid/system/public/tombstoned.te
deleted file mode 100644
index bd1626d..0000000
--- a/microdroid/system/public/tombstoned.te
+++ /dev/null
@@ -1,2 +0,0 @@
-type tombstoned, domain;
-type tombstoned_exec, file_type, exec_type, system_file_type;