| Chris Wailes | 467d8a8 | 2021-03-03 12:30:28 -0800 | [diff] [blame] | 1 | # art service daemon |
| Jiakai Zhang | 76bfb7e | 2022-05-26 13:55:33 +0100 | [diff] [blame] | 2 | type artd, domain, coredomain; |
| Chris Wailes | 467d8a8 | 2021-03-03 12:30:28 -0800 | [diff] [blame] | 3 | type artd_exec, system_file_type, exec_type, file_type; |
| Jiakai Zhang | 76bfb7e | 2022-05-26 13:55:33 +0100 | [diff] [blame] | 4 | type artd_tmpfs, file_type; |
| Chris Wailes | 467d8a8 | 2021-03-03 12:30:28 -0800 | [diff] [blame] | 5 | |
| 6 | # Allow artd to publish a binder service and make binder calls. |
| 7 | binder_use(artd) |
| 8 | add_service(artd, artd_service) |
| 9 | allow artd dumpstate:fifo_file { getattr write }; |
| 10 | |
| Chris Wailes | 467d8a8 | 2021-03-03 12:30:28 -0800 | [diff] [blame] | 11 | init_daemon_domain(artd) |
| Calin Juravle | 0b2ca6c | 2021-05-18 15:33:08 -0700 | [diff] [blame] | 12 | |
| 13 | # Allow query ART device config properties |
| 14 | get_prop(artd, device_config_runtime_native_prop) |
| 15 | get_prop(artd, device_config_runtime_native_boot_prop) |
| Jiakai Zhang | 76bfb7e | 2022-05-26 13:55:33 +0100 | [diff] [blame] | 16 | |
| 17 | # Access to "odsign.verification.success" for deciding whether to deny files in |
| 18 | # the ART APEX data directory. |
| 19 | get_prop(artd, odsign_prop) |
| 20 | |
| 21 | # Reading an APK opens a ZipArchive, which unpack to tmpfs. |
| 22 | # Use tmpfs_domain() which will give tmpfs files created by artd their |
| 23 | # own label, which differs from other labels created by other processes. |
| 24 | # This allows to distinguish in policy files created by artd vs other |
| 25 | # processes. |
| 26 | tmpfs_domain(artd) |
| 27 | |
| 28 | # Allow testing userfaultfd support. |
| 29 | userfaultfd_use(artd) |
| 30 | |
| 31 | # Read access to primary dex'es on writable partitions (e.g., /data/app/...). |
| 32 | r_dir_file(artd, apk_data_file) |
| 33 | |
| 34 | # Read access to /vendor/app. |
| 35 | r_dir_file(artd, vendor_app_file) |
| 36 | |
| Jiakai Zhang | 2ce60a6 | 2022-06-07 15:20:58 +0100 | [diff] [blame^] | 37 | # Read/write access to all compilation artifacts generated on device for apps' |
| 38 | # primary dex'es. (/data/dalvik-cache/..., /data/app/.../oat/..., etc.) |
| 39 | allow artd dalvikcache_data_file:dir create_dir_perms; |
| 40 | allow artd dalvikcache_data_file:file create_file_perms; |
| Jiakai Zhang | 76bfb7e | 2022-05-26 13:55:33 +0100 | [diff] [blame] | 41 | |
| 42 | # Read access to the ART APEX data directory. |
| 43 | # Needed for reading the boot image generated on device. |
| 44 | allow artd apex_module_data_file:dir { getattr search }; |
| 45 | r_dir_file(artd, apex_art_data_file) |
| 46 | |
| 47 | # Read access to /apex/apex-info-list.xml |
| 48 | # Needed for getting APEX versions. |
| 49 | allow artd apex_info_file:file r_file_perms; |
| Jiakai Zhang | 2ce60a6 | 2022-06-07 15:20:58 +0100 | [diff] [blame^] | 50 | |
| 51 | # Allow getting root capabilities to bypass permission checks. |
| 52 | # - "dac_override" and "dac_read_search" are for |
| 53 | # - reading secondary dex'es in app data directories (reading primary dex'es |
| 54 | # doesn't need root capabilities) |
| 55 | # - managing (CRUD) compilation artifacts in both APK directories for primary |
| 56 | # dex'es and in app data directories for secondary dex'es |
| 57 | # - managing (CRUD) profile files for both primary dex'es and secondary dex'es |
| 58 | # - "fowner" is for adjusting the file permissions of compilation artifacts and |
| 59 | # profile files based on whether they include user data or not. |
| 60 | allow artd self:global_capability_class_set { dac_override dac_read_search fowner }; |