Merge "Allow Traceur app to remove trace files."
diff --git a/private/seapp_contexts b/private/seapp_contexts
index 0333d99..8db46f0 100644
--- a/private/seapp_contexts
+++ b/private/seapp_contexts
@@ -91,6 +91,10 @@
# uid's can be in shell domain
neverallow user=shell domain=((?!shell).)*
+# only the package named com.android.shell can run in the shell domain
+neverallow domain=shell name=((?!com\.android\.shell).)*
+neverallow user=shell name=((?!com\.android\.shell).)*
+
# Ephemeral Apps must run in the ephemeral_app domain
neverallow isEphemeralApp=true domain=((?!ephemeral_app).)*
@@ -102,7 +106,7 @@
user=secure_element seinfo=platform domain=secure_element levelFrom=all
user=radio seinfo=platform domain=radio type=radio_data_file
user=shared_relro domain=shared_relro
-user=shell seinfo=platform domain=shell type=shell_data_file
+user=shell seinfo=platform domain=shell name=com.android.shell type=shell_data_file
user=_isolated domain=isolated_app levelFrom=user
user=webview_zygote seinfo=webview_zygote domain=webview_zygote
user=_app seinfo=media domain=mediaprovider name=android.process.media type=app_data_file levelFrom=user
diff --git a/private/statsd.te b/private/statsd.te
index 2e8b684..8874f73 100644
--- a/private/statsd.te
+++ b/private/statsd.te
@@ -75,7 +75,7 @@
# Allow 'adb shell cmd' to upload configs and download output.
allow statsd adbd:fd use;
allow statsd adbd:unix_stream_socket { read write };
-
+allow statsd shell:fifo_file read;
###
### neverallow rules
diff --git a/private/traced.te b/private/traced.te
index 531ecc2..b6d0311 100644
--- a/private/traced.te
+++ b/private/traced.te
@@ -1,10 +1,14 @@
# Perfetto user-space tracing daemon (unprivileged)
-type traced, domain, coredomain;
+type traced, domain, coredomain, mlstrustedsubject;
type traced_exec, exec_type, file_type;
# Allow init to exec the daemon.
init_daemon_domain(traced)
+# Allow apps in other MLS contexts (for multi-user) to access
+# share memory buffers created by traced.
+typeattribute traced_tmpfs mlstrustedobject;
+
# Allow traced to start with a lower scheduling class and change
# class accordingly to what defined in the config provided by
# the privileged process that controls it.
diff --git a/private/traced_probes.te b/private/traced_probes.te
index 3bf1471..03ace75 100644
--- a/private/traced_probes.te
+++ b/private/traced_probes.te
@@ -29,6 +29,9 @@
# Allow procfs access
r_dir_file(traced_probes, domain)
+# Allow to log to kernel dmesg when starting / stopping ftrace.
+allow traced_probes kmsg_device:chr_file write;
+
###
### Neverallow rules
###
@@ -45,7 +48,7 @@
neverallow traced_probes domain:process ptrace;
# Disallows access to /data files.
-neverallow traced {
+neverallow traced_probes {
data_file_type
-system_data_file
# TODO(b/72998741) Remove vendor_data_file exemption. Further restricted in a
@@ -53,10 +56,10 @@
-vendor_data_file
-zoneinfo_data_file
}:dir *;
-neverallow traced system_data_file:dir ~{ getattr search };
-neverallow traced zoneinfo_data_file:dir ~r_dir_perms;
-neverallow traced { data_file_type -zoneinfo_data_file }:lnk_file *;
-neverallow traced { data_file_type -zoneinfo_data_file }:file *;
+neverallow traced_probes system_data_file:dir ~{ getattr search };
+neverallow traced_probes zoneinfo_data_file:dir ~r_dir_perms;
+neverallow traced_probes { data_file_type -zoneinfo_data_file }:lnk_file *;
+neverallow traced_probes { data_file_type -zoneinfo_data_file }:file *;
# Only init is allowed to enter the traced_probes domain via exec()
neverallow { domain -init } traced_probes:process transition;
diff --git a/public/file.te b/public/file.te
index 0aa7ece..27ee0dc 100644
--- a/public/file.te
+++ b/public/file.te
@@ -327,7 +327,7 @@
type tombstoned_crash_socket, file_type, coredomain_socket, mlstrustedobject;
type tombstoned_java_trace_socket, file_type, mlstrustedobject;
type tombstoned_intercept_socket, file_type, coredomain_socket;
-type traced_producer_socket, file_type, coredomain_socket;
+type traced_producer_socket, file_type, coredomain_socket, mlstrustedobject;
type traced_consumer_socket, file_type, coredomain_socket;
type uncrypt_socket, file_type, coredomain_socket;
type vold_socket, file_type, coredomain_socket;