initial dumpstate domain

Add the necessary rules to support dumpstate. Start off initially in permissive until it has more testing. Dumpstate is triggered by running "adb bugreport" Change-Id: Ic17a60cca1f6f40daa4f2c51e9ad6009ef36cfbd

initial dumpstate domain
09e6abd9 · Nick Kralevich · caa6a32d · 09e6abd9 · 09e6abd9 · 09e6abd9
Commit 09e6abd9 authored 11 years ago by Nick Kralevich
--- a/app.te
+++ b/app.te
@@ -68,6 +68,10 @@ allow appdomain wallpaper_file:file { read write };
 allow appdomain anr_data_file:dir search;
 allow appdomain anr_data_file:file { open append };

+# Allow apps to send dump information to dumpstate
+allow appdomain dumpstate:fd use;
+allow appdomain dumpstate:unix_stream_socket { read write getopt getattr };
+
 # Write to /proc/net/xt_qtaguid/ctrl file.
 allow appdomain qtaguid_proc:file rw_file_perms;
 # Everybody can read the xt_qtaguid resource tracking misc dev.

--- a/binderservicedomain.te
+++ b/binderservicedomain.te
+# Rules common to all binder service domains
+
+# Alow dumpstate to collect information from binder services
+allow binderservicedomain dumpstate:fd use;
+allow binderservicedomain dumpstate:unix_stream_socket { read write getopt getattr };
--- a/dumpstate.te
+++ b/dumpstate.te
+# dumpstate
+type dumpstate, domain;
+permissive dumpstate;
+type dumpstate_exec, exec_type, file_type;
+
+init_daemon_domain(dumpstate)
+net_domain(dumpstate)
+relabelto_domain(dumpstate)
+binder_use(dumpstate)
+
+# Drop privileges by switching UID / GID
+allow dumpstate self:capability { setuid setgid };
+
+# Allow dumpstate to scan through /proc/pid for all processes
+r_dir_file(dumpstate, domain)
+
+# Send signals to processes
+allow dumpstate self:capability kill;
+
+# Allow executing files on system, such as:
+#   /system/bin/toolbox
+#   /system/bin/logcat
+#   /system/bin/dumpsys
+allow dumpstate system_file:file execute_no_trans;
+
+# Create and write into /data/anr/
+allow dumpstate self:capability { dac_override chown fowner fsetid };
+allow dumpstate anr_data_file:dir { rw_dir_perms relabelto };
+allow dumpstate anr_data_file:file create_file_perms;
+allow dumpstate system_data_file:dir { create_dir_perms relabelfrom };
+
+# Allow reading /data/system/uiderrors.txt
+# TODO: scope this down.
+allow dumpstate system_data_file:file r_file_perms;
+
+# Read dmesg
+allow dumpstate self:capability2 syslog;
+allow dumpstate kernel:system syslog_read;
+
+# Get process attributes
+allow dumpstate domain:process getattr;
+
+# Signal java processes to dump their stack
+allow dumpstate { appdomain system_server }:process signal;
+
+# Signal native processes to dump their stack.
+# This list comes from native_processes_to_dump in dumpstate/utils.c
+allow dumpstate { drmserver mediaserver sdcardd surfaceflinger }:process signal;
+
+# The /system/bin/ip command needs this for routing table information.
+allow dumpstate self:netlink_route_socket { write getattr setopt };
+
+# The vdc command needs to talk to the vold socket.
+unix_socket_connect(dumpstate, vold, vold)
+
+# Vibrate the device after we're done collecting the bugreport
+# /sys/class/timed_output/vibrator/enable
+# TODO: create a new file class, instead of allowing write access to all of /sys
+allow dumpstate sysfs:file w_file_perms;
+
+# Other random bits of data we want to collect
+allow dumpstate qtaguid_proc:file r_file_perms;
+allow dumpstate debugfs:file r_file_perms;
+
+# Allow dumpstate to make binder calls to any binder service
+binder_call(dumpstate, binderservicedomain)
+binder_call(dumpstate, appdomain)
+
+# Reading /proc/PID/maps of other processes
+allow dumpstate self:capability sys_ptrace;
--- a/file.te
+++ b/file.te
@@ -101,6 +101,7 @@ type download_file, file_type;
 type adbd_socket, file_type;
 type bluetooth_socket, file_type;
 type dnsproxyd_socket, file_type, mlstrustedobject;
+type dumpstate_socket, file_type;
 type gps_socket, file_type;
 type installd_socket, file_type;
 type keystore_socket, file_type;

--- a/file_contexts
+++ b/file_contexts
@@ -77,6 +77,7 @@
 /dev/socket/adbd	u:object_r:adbd_socket:s0
 /dev/socket/bluetooth	u:object_r:bluetooth_socket:s0
 /dev/socket/dnsproxyd	u:object_r:dnsproxyd_socket:s0
+/dev/socket/dumpstate	u:object_r:dumpstate_socket:s0
 /dev/socket/gps		u:object_r:gps_socket:s0
 /dev/socket/installd	u:object_r:installd_socket:s0
 /dev/socket/keystore	u:object_r:keystore_socket:s0
@@ -121,6 +122,7 @@
 /system/bin/servicemanager	u:object_r:servicemanager_exec:s0
 /system/bin/surfaceflinger	u:object_r:surfaceflinger_exec:s0
 /system/bin/drmserver	u:object_r:drmserver_exec:s0
+/system/bin/dumpstate   u:object_r:dumpstate_exec:s0
 /system/bin/vold	u:object_r:vold_exec:s0
 /system/bin/netd	u:object_r:netd_exec:s0
 /system/bin/rild	u:object_r:rild_exec:s0

--- a/healthd.te
+++ b/healthd.te
@@ -11,6 +11,7 @@ allow healthd self:capability { net_admin mknod };
 allow healthd self:capability2 block_suspend;
 allow healthd self:netlink_kobject_uevent_socket create_socket_perms;
 binder_use(healthd)
+binder_service(healthd)
 binder_call(healthd, system_server)

 # Workaround for 0x10 / block_suspend capability2 denials.

--- a/su.te
+++ b/su.te
@@ -2,6 +2,10 @@ type su, domain;
 type su_exec, exec_type, file_type;
 domain_auto_trans(shell, su_exec, su)

+# Allow dumpstate to call su on userdebug / eng builds to collect
+# additional information.
+domain_auto_trans(dumpstate, su_exec, su)
+
 # su is unconfined.
 unconfined_domain(su)