From 5ef6669b0443494d0bd6056b08d9816a17278781 Mon Sep 17 00:00:00 2001
From: Primiano Tucci <primiano@google.com>
Date: Wed, 21 Feb 2018 13:44:39 +0000
Subject: [PATCH] perfetto: Make producer socket MLS-aware

The previous selinux rules obtained via audit2allow didn't really
work with the case of apps connecting to the producer socket,
despite all the allow rules being correctly in place.
This was failing our CTS tests.

The reason for the failure (see denials pasted below) is due to
Multi Level Security (for multi-user), which was still preventing
apps form a different level to connect to the traced producer
socket and write to the shmem buffers they get passed back.
This CL tags the objects being accessed as mlstrusted.
CTS tests pass with this CL.

Denials:
avc: denied { write } for pid=8545 comm="traced_probes" name="traced_producer" dev="tmpfs" ino=23629 scontext=u:r:untrusted_app_25:s0:c512,c768 tcontext=u:object_r:traced_producer_socket:s0 tclass=sock_file permissive=1
avc: denied { write } for pid=8545 comm="traced_probes" name="traced_producer" dev="tmpfs" ino=23629 scontext=u:r:untrusted_app_25:s0:c512,c768 tcontext=u:object_r:traced_producer_socket:s0 tclass=sock_file permissive=1
avc: denied { connectto } for pid=8545 comm="traced_probes" path="/dev/socket/traced_producer" scontext=u:r:untrusted_app_25:s0:c512,c768 tcontext=u:r:traced:s0 tclass=unix_stream_socket permissive=1
avc: denied { connectto } for pid=8545 comm="traced_probes" path="/dev/socket/traced_producer" scontext=u:r:untrusted_app_25:s0:c512,c768 tcontext=u:r:traced:s0 tclass=unix_stream_socket permissive=1
avc: denied { write } for pid=8545 comm="traced_probes" path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429 dev="tmpfs" ino=104483 scontext=u:r:untrusted_app_25:s0:c512,c768 tcontext=u:object_r:traced_tmpfs:s0 tclass=file permissive=1

Change-Id: I1598bc0b07bf39b8d0420b66caf06a4ca884f383
Bug: 73340039
Test: CtsPerfettoTestCases
---
 private/traced.te | 6 +++++-
 public/file.te    | 2 +-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/private/traced.te b/private/traced.te
index 531ecc29c..b6d03117c 100644
--- a/private/traced.te
+++ b/private/traced.te
@@ -1,10 +1,14 @@
 # Perfetto user-space tracing daemon (unprivileged)
-type traced, domain, coredomain;
+type traced, domain, coredomain, mlstrustedsubject;
 type traced_exec, exec_type, file_type;
 
 # Allow init to exec the daemon.
 init_daemon_domain(traced)
 
+# Allow apps in other MLS contexts (for multi-user) to access
+# share memory buffers created by traced.
+typeattribute traced_tmpfs mlstrustedobject;
+
 # Allow traced to start with a lower scheduling class and change
 # class accordingly to what defined in the config provided by
 # the privileged process that controls it.
diff --git a/public/file.te b/public/file.te
index 0aa7ece23..27ee0dcaa 100644
--- a/public/file.te
+++ b/public/file.te
@@ -327,7 +327,7 @@ type system_ndebug_socket, file_type, data_file_type, core_data_file_type, cored
 type tombstoned_crash_socket, file_type, coredomain_socket, mlstrustedobject;
 type tombstoned_java_trace_socket, file_type, mlstrustedobject;
 type tombstoned_intercept_socket, file_type, coredomain_socket;
-type traced_producer_socket, file_type, coredomain_socket;
+type traced_producer_socket, file_type, coredomain_socket, mlstrustedobject;
 type traced_consumer_socket, file_type, coredomain_socket;
 type uncrypt_socket, file_type, coredomain_socket;
 type vold_socket, file_type, coredomain_socket;
-- 
GitLab