Merge "Allow system_server to read binderfs state file" into main
diff --git a/private/compat/202404/202404.ignore.cil b/private/compat/202404/202404.ignore.cil
index d08e935..90f09e8 100644
--- a/private/compat/202404/202404.ignore.cil
+++ b/private/compat/202404/202404.ignore.cil
@@ -8,4 +8,5 @@
profcollectd_etr_prop
fs_bpf_lmkd_memevents_rb
fs_bpf_lmkd_memevents_prog
+ binderfs_logs_transactions
))
diff --git a/private/domain.te b/private/domain.te
index 747ac3d..b5525d5 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -500,6 +500,9 @@
get_prop(domain, binder_cache_system_server_prop)
get_prop(domain, binder_cache_telephony_server_prop)
+# Binderfs logs contain sensitive information about other processes.
+neverallow { domain -dumpstate -init -vendor_init -system_server } binderfs_logs_transactions:file no_rw_file_perms;
+
# Allow access to fsverity keyring.
allow domain kernel:key search;
# Allow access to keys in the fsverity keyring that were installed at boot.
diff --git a/private/dumpstate.te b/private/dumpstate.te
index 7f91651..bccbafd 100644
--- a/private/dumpstate.te
+++ b/private/dumpstate.te
@@ -128,6 +128,9 @@
set_prop(dumpstate, ctl_gsid_prop)
binder_call(dumpstate, gsid)
+#Allow access to /dev/binderfs/binder_logs
+allow dumpstate binderfs_logs_transactions:file r_file_perms;
+
r_dir_file(dumpstate, ota_metadata_file)
# For starting (and killing) perfetto --save-for-bugreport. If a labelled trace
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 6bcd617..b6b18c0 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -305,6 +305,7 @@
genfscon binder /binder_logs u:object_r:binderfs_logs:s0
genfscon binder /binder_logs/proc u:object_r:binderfs_logs_proc:s0
genfscon binder /binder_logs/stats u:object_r:binderfs_logs_stats:s0
+genfscon binder /binder_logs/transactions u:object_r:binderfs_logs_transactions:s0
genfscon binder /features u:object_r:binderfs_features:s0
genfscon inotifyfs / u:object_r:inotify:s0
diff --git a/private/system_server.te b/private/system_server.te
index 9b3ddfd..8e137e3 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -1601,6 +1601,8 @@
# Allow system server to read binderfs
allow system_server binderfs_logs:dir r_dir_perms;
allow system_server binderfs_logs_stats:file r_file_perms;
+# For ANRs
+allow system_server binderfs_logs_transactions:file r_file_perms;
# Allow GameManagerService to read and write persist.graphics.game_default_frame_rate.enabled
set_prop(system_server, game_manager_config_prop)
diff --git a/public/file.te b/public/file.te
index cc9f286..b25175b 100644
--- a/public/file.te
+++ b/public/file.te
@@ -8,6 +8,7 @@
type binderfs_logs, fs_type;
type binderfs_logs_proc, fs_type;
type binderfs_logs_stats, fs_type;
+type binderfs_logs_transactions, fs_type;
type binderfs_features, fs_type;
# Security-sensitive proc nodes that should not be writable to most.
type proc_security, fs_type, proc_type;