Skip to content
Snippets Groups Projects
Select Git revision
  • android-7.1.2_r28_klist
  • master default protected
  • pie-cts-release
  • pie-vts-release
  • pie-cts-dev
  • oreo-mr1-iot-release
  • sdk-release
  • oreo-m6-s4-release
  • oreo-m4-s12-release
  • pie-release
  • pie-r2-release
  • pie-r2-s1-release
  • oreo-vts-release
  • oreo-cts-release
  • oreo-dev
  • oreo-mr1-dev
  • pie-gsi
  • pie-platform-release
  • pie-dev
  • oreo-cts-dev
  • android-o-mr1-iot-release-1.0.4
  • android-9.0.0_r8
  • android-9.0.0_r7
  • android-9.0.0_r6
  • android-9.0.0_r5
  • android-8.1.0_r46
  • android-8.1.0_r45
  • android-n-iot-release-smart-display-r2
  • android-vts-8.1_r5
  • android-cts-8.1_r8
  • android-cts-8.0_r12
  • android-cts-7.1_r20
  • android-cts-7.0_r24
  • android-o-mr1-iot-release-1.0.3
  • android-cts-9.0_r1
  • android-8.1.0_r43
  • android-8.1.0_r42
  • android-n-iot-release-smart-display
  • android-p-preview-5
  • android-9.0.0_r3
40 results

dumpstate.te

Blame
    • Stephen Smalley's avatar
      16011320
      Clean up socket rules. · 16011320
      Stephen Smalley authored 
      
Replace * or any permission set containing create with
create_socket_perms or create_stream_socket_perms.

Add net_domain() to all domains using network sockets and
delete rules already covered by domain.te or net.te.

For netlink_route_socket, only nlmsg_write needs to be separately
granted to specific domains that are permitted to modify the routing
table.   Clarification:  read/write permissions are just ability to
perform read/recv() or write/send() on the socket, whereas nlmsg_read/
nlmsg_write permissions control ability to observe or modify the
underlying kernel state accessed via the socket.
See security/selinux/nlmsgtab.c in the kernel for the mapping of
netlink message types to nlmsg_read or nlmsg_write.

Delete legacy rule for b/12061011.

This change does not touch any rules where only read/write were allowed
to a socket created by another domain (inherited across exec or
received across socket or binder IPC).  We may wish to rewrite some or all
of those rules with the rw_socket_perms macro but that is a separate
change.

Change-Id: Ib0637ab86f6d388043eff928e5d96beb02e5450e
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      16011320
      History
      Clean up socket rules.
      Stephen Smalley authored 
      
Replace * or any permission set containing create with
create_socket_perms or create_stream_socket_perms.

Add net_domain() to all domains using network sockets and
delete rules already covered by domain.te or net.te.

For netlink_route_socket, only nlmsg_write needs to be separately
granted to specific domains that are permitted to modify the routing
table.   Clarification:  read/write permissions are just ability to
perform read/recv() or write/send() on the socket, whereas nlmsg_read/
nlmsg_write permissions control ability to observe or modify the
underlying kernel state accessed via the socket.
See security/selinux/nlmsgtab.c in the kernel for the mapping of
netlink message types to nlmsg_read or nlmsg_write.

Delete legacy rule for b/12061011.

This change does not touch any rules where only read/write were allowed
to a socket created by another domain (inherited across exec or
received across socket or binder IPC).  We may wish to rewrite some or all
of those rules with the rw_socket_perms macro but that is a separate
change.

Change-Id: Ib0637ab86f6d388043eff928e5d96beb02e5450e
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
    dumpstate.te 2.83 KiB 
    # dumpstate
type dumpstate, domain;
permissive_or_unconfined(dumpstate)
type dumpstate_exec, exec_type, file_type;

init_daemon_domain(dumpstate)
net_domain(dumpstate)
relabelto_domain(dumpstate)
binder_use(dumpstate)

# Drop privileges by switching UID / GID
allow dumpstate self:capability { setuid setgid };

# Allow dumpstate to scan through /proc/pid for all processes
r_dir_file(dumpstate, domain)

# Send signals to processes
allow dumpstate self:capability kill;

# Allow executing files on system, such as:
#   /system/bin/toolbox
#   /system/bin/logcat
#   /system/bin/dumpsys
allow dumpstate system_file:file execute_no_trans;

# Create and write into /data/anr/
allow dumpstate self:capability { dac_override chown fowner fsetid };
allow dumpstate anr_data_file:dir { rw_dir_perms relabelto };
allow dumpstate anr_data_file:file create_file_perms;
allow dumpstate system_data_file:dir { create_dir_perms relabelfrom };

# Allow reading /data/system/uiderrors.txt
# TODO: scope this down.
allow dumpstate system_data_file:file r_file_perms;

# Read dmesg
allow dumpstate self:capability2 syslog;
allow dumpstate kernel:system syslog_read;

# Get process attributes
allow dumpstate domain:process getattr;

# Signal java processes to dump their stack
allow dumpstate { appdomain system_server }:process signal;

# Signal native processes to dump their stack.
# This list comes from native_processes_to_dump in dumpstate/utils.c
allow dumpstate { drmserver mediaserver sdcardd surfaceflinger }:process signal;

# The vdc command needs to talk to the vold socket.
unix_socket_connect(dumpstate, vold, vold)

# Vibrate the device after we're done collecting the bugreport
# /sys/class/timed_output/vibrator/enable
# TODO: create a new file class, instead of allowing write access to all of /sys
allow dumpstate sysfs:file w_file_perms;

# Other random bits of data we want to collect
allow dumpstate qtaguid_proc:file r_file_perms;
allow dumpstate debugfs:file r_file_perms;

# Allow dumpstate to make binder calls to any binder service
binder_call(dumpstate, binderservicedomain)
binder_call(dumpstate, appdomain)

# Reading /proc/PID/maps of other processes
allow dumpstate self:capability sys_ptrace;

# Allow the bugreport service to create a file in
# /data/data/com.android.shell/files/bugreports/bugreport
    allow dumpstate shell_data_file:dir create_dir_perms;
allow dumpstate shell_data_file:file create_file_perms;

# Run a shell.
allow dumpstate shell_exec:file rx_file_perms;

# For running am and similar framework commands.
# Run /system/bin/app_process.
allow dumpstate zygote_exec:file rx_file_perms;
# Dalvik Compiler JIT.
allow dumpstate ashmem_device:chr_file execute;
allow dumpstate dumpstate_tmpfs:file execute;
allow dumpstate self:process execmem;
# For art.
allow dumpstate dalvikcache_data_file:file execute;

# logd access
read_logd(dumpstate)
control_logd(dumpstate)