perfetto: Make producer socket MLS-aware

The previous selinux rules obtained via audit2allow didn't really work with the case of apps connecting to the producer socket, despite all the allow rules being correctly in place. This was failing our CTS tests. The reason for the failure (see denials pasted below) is due to Multi Level Security (for multi-user), which was still preventing apps form a different level to connect to the traced producer socket and write to the shmem buffers they get passed back. This CL tags the objects being accessed as mlstrusted. CTS tests pass with this CL. Denials: avc: denied { write } for pid=8545 comm="traced_probes" name="traced_producer" dev="tmpfs" ino=23629 scontext=u:r:untrusted_app_25:s0:c512,c768 tcontext=u:object_r:traced_producer_socket:s0 tclass=sock_file permissive=1 avc: denied { write } for pid=8545 comm="traced_probes" name="traced_producer" dev="tmpfs" ino=23629 scontext=u:r:untrusted_app_25:s0:c512,c768 tcontext=u:object_r:traced_producer_socket:s0 tclass=sock_file permissive=1 avc: denied { connectto } for pid=8545 comm="traced_probes" path="/dev/socket/traced_producer" scontext=u:r:untrusted_app_25:s0:c512,c768 tcontext=u:r:traced:s0 tclass=unix_stream_socket permissive=1 avc: denied { connectto } for pid=8545 comm="traced_probes" path="/dev/socket/traced_producer" scontext=u:r:untrusted_app_25:s0:c512,c768 tcontext=u:r:traced:s0 tclass=unix_stream_socket permissive=1 avc: denied { write } for pid=8545 comm="traced_probes" path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429 dev="tmpfs" ino=104483 scontext=u:r:untrusted_app_25:s0:c512,c768 tcontext=u:object_r:traced_tmpfs:s0 tclass=file permissive=1 Change-Id: I1598bc0b07bf39b8d0420b66caf06a4ca884f383 Bug: 73340039 Test: CtsPerfettoTestCases

perfetto: Make producer socket MLS-aware
5ef6669b · Primiano Tucci · fcd48fd5 · 5ef6669b · 5ef6669b
Commit 5ef6669b authored 7 years ago by Primiano Tucci
--- a/private/traced.te
+++ b/private/traced.te
 # Perfetto user-space tracing daemon (unprivileged)
-type traced, domain, coredomain;
+type traced, domain, coredomain, mlstrustedsubject;
 type traced_exec, exec_type, file_type;

 # Allow init to exec the daemon.
 init_daemon_domain(traced)

+# Allow apps in other MLS contexts (for multi-user) to access
+# share memory buffers created by traced.
+typeattribute traced_tmpfs mlstrustedobject;
+
 # Allow traced to start with a lower scheduling class and change
 # class accordingly to what defined in the config provided by
 # the privileged process that controls it.

--- a/public/file.te
+++ b/public/file.te
@@ -327,7 +327,7 @@ type system_ndebug_socket, file_type, data_file_type, core_data_file_type, cored
 type tombstoned_crash_socket, file_type, coredomain_socket, mlstrustedobject;
 type tombstoned_java_trace_socket, file_type, mlstrustedobject;
 type tombstoned_intercept_socket, file_type, coredomain_socket;
-type traced_producer_socket, file_type, coredomain_socket;
+type traced_producer_socket, file_type, coredomain_socket, mlstrustedobject;
 type traced_consumer_socket, file_type, coredomain_socket;
 type uncrypt_socket, file_type, coredomain_socket;
 type vold_socket, file_type, coredomain_socket;