Ensure that only desired processes can access TracingServiceProxy This change adds a neverallow rule in traced.te to limit the processes that can find tracingproxy_service, the context for TracingServiceProxy. I wanted to avoid moving the tracingproxy_service definition to public, so there were a few services that are exempted from this neverallow rule. Bug: 191391382 Test: Manually verified that with this change, along with the other change in this topic, I see no errors when taking a bugreport while a Traceur trace is running. Change-Id: I8658df0db92ae9cf4fefe2eebb4d6d9a5349ea89

commit: a60d7f28f2e6f482500bbe7e3b6863e44d663dd0 [log] [tgz]
author: Carmen Jackson <carmenjackson@google.com> Wed Jun 23 16:53:45 2021 -0700
committer: Carmen Jackson <carmenjackson@google.com> Thu Jun 24 08:24:20 2021 +0000
tree: c8d4a22a136cad83c9db73409fc307a5e3fd658d
parent: 635853a710b624fa99a257d371618741e4b96799 [diff] [blame]
diff --git a/private/traced.te b/private/traced.te
index 6e3ad46..fc9a245 100644
--- a/private/traced.te
+++ b/private/traced.te

@@ -116,3 +116,6 @@
 # Only init is allowed to enter the traced domain via exec()
 neverallow { domain -init } traced:process transition;
 neverallow * traced:process dyntransition;
+
+# Limit the processes that can access tracingproxy_service.
+neverallow { domain -traced -dumpstate -traceur_app -shell -system_server } tracingproxy_service:service_manager find;
commit	a60d7f28f2e6f482500bbe7e3b6863e44d663dd0	[log] [tgz]
author	Carmen Jackson <carmenjackson@google.com>	Wed Jun 23 16:53:45 2021 -0700
committer	Carmen Jackson <carmenjackson@google.com>	Thu Jun 24 08:24:20 2021 +0000
tree	c8d4a22a136cad83c9db73409fc307a5e3fd658d
parent	635853a710b624fa99a257d371618741e4b96799 [diff] [blame]