am 8ed750e9: sepolicy: Add write_logd, read_logd & control_logd

* commit '8ed750e9': sepolicy: Add write_logd, read_logd & control_logd

am 8ed750e9: sepolicy: Add write_logd, read_logd & control_logd
7d40044a · Mark Salyzyn · Android Git Automerger · 3fc0df76 · 8ed750e9 · 7d40044a
Commit 7d40044a authored 11 years ago by Mark Salyzyn Committed by Android Git Automerger 11 years ago
--- a/app.te
+++ b/app.te
@@ -187,6 +187,11 @@ selinux_check_context(appdomain)
 # Validate that each process is running in the correct security context.
 allow appdomain domain:process getattr;

+# logd access
+read_logd(appdomain)
+# application inherit logd write socket (urge is to deprecate this long term)
+allow appdomain zygote:unix_dgram_socket write;
+
 ###
 ### Neverallow rules
 ###

--- a/debuggerd.te
+++ b/debuggerd.te
@@ -23,3 +23,6 @@ allow debuggerd system_data_file:file open;

 # Connect to system_server via /data/system/ndebugsocket.
 unix_socket_connect(debuggerd, system_ndebug, system_server)
+
+# logd access
+read_logd(debuggerd)
--- a/domain.te
+++ b/domain.te
@@ -72,6 +72,9 @@ allow domain urandom_device:chr_file rw_file_perms;
 allow domain random_device:chr_file rw_file_perms;
 allow domain properties_device:file r_file_perms;

+# logd access
+write_logd(domain)
+
 # Filesystem accesses.
 allow domain fs_type:filesystem getattr;
 allow domain fs_type:dir getattr;

--- a/dumpstate.te
+++ b/dumpstate.te
@@ -86,3 +86,7 @@ allow dumpstate dumpstate_tmpfs:file execute;
 allow dumpstate self:process execmem;
 # For art.
 allow dumpstate dalvikcache_data_file:file execute;
+
+# logd access
+read_logd(dumpstate)
+control_logd(dumpstate)
--- a/file.te
+++ b/file.te
@@ -107,6 +107,10 @@ type gps_socket, file_type;
 type installd_socket, file_type;
 type keystore_socket, file_type;
 type lmkd_socket, file_type;
+type logd_debug, file_type;
+type logd_socket, file_type;
+type logdr_socket, file_type;
+type logdw_socket, file_type;
 type mdns_socket, file_type;
 type netd_socket, file_type;
 type property_socket, file_type;

--- a/file_contexts
+++ b/file_contexts
@@ -81,6 +81,10 @@
 /dev/socket/installd	u:object_r:installd_socket:s0
 /dev/socket/keystore	u:object_r:keystore_socket:s0
 /dev/socket/lmkd        u:object_r:lmkd_socket:s0
+/dev/logd_debug		u:object_r:logd_debug:s0
+/dev/socket/logd	u:object_r:logd_socket:s0
+/dev/socket/logdr	u:object_r:logdr_socket:s0
+/dev/socket/logdw	u:object_r:logdw_socket:s0
 /dev/socket/mdns	u:object_r:mdns_socket:s0
 /dev/socket/netd	u:object_r:netd_socket:s0
 /dev/socket/property_service	u:object_r:property_socket:s0
@@ -144,6 +148,7 @@
 /system/bin/clatd	u:object_r:clatd_exec:s0
 /system/bin/lmkd        u:object_r:lmkd_exec:s0
 /system/bin/inputflinger u:object_r:inputflinger_exec:s0
+/system/bin/logd        u:object_r:logd_exec:s0
 #############################
 # Vendor files
 #

--- a/logd.te
+++ b/logd.te
+# android user-space log manager
+type logd, domain;
+type logd_exec, exec_type, file_type;
+
+init_daemon_domain(logd)
+allow logd self:unix_stream_socket *;
+
+allow logd self:capability { setuid setgid sys_nice };
+
+r_dir_file(logd, domain)
+
+userdebug_or_eng(`
+  # Debug output
+  type_transition logd device:file logd_debug;
+  allow logd device:dir rw_dir_perms;
+  allow logd logd_debug:file create_file_perms;
+')
+
+###
+### Neverallow rules
+###
+### logd should NEVER do any of this
+
+# Block device access.
+neverallow logd dev_type:blk_file { read write };
+
+# ptrace any other app
+neverallow logd domain:process ptrace;
+
+# Write to /system.
+neverallow logd system_file:dir_file_class_set write;
+
+# Write to files in /data/data or system files on /data
+neverallow logd { app_data_file system_data_file }:dir_file_class_set write;
--- a/system_server.te
+++ b/system_server.te
@@ -245,3 +245,7 @@ selinux_manage_policy(system_server)
 # See discussion of Unlabeled files in domain.te for more information.
 # This rule is for dalvikcache mmap/mprotect PROT_EXEC.
 allow system_server unlabeled:file execute;
+
+# logd access, system_server inherit logd write socket
+# (urge is to deprecate this long term)
+allow system_server zygote:unix_dgram_socket write;
--- a/te_macros
+++ b/te_macros
@@ -273,15 +273,6 @@ allow $1 security_file:lnk_file { create rename unlink };
 allow $1 security_prop:property_service set;
 ')

-#####################################
-# access_logcat(domain)
-# Ability to read from logcat logs
-# and execute the logcat command
-define(`access_logcat', `
-allow $1 log_device:chr_file read;
-allow $1 system_file:file x_file_perms;
-')
-
 #####################################
 # access_kmsg(domain)
 # Ability to read from kernel logs
@@ -338,3 +329,35 @@ define(`userdebug_or_eng', ifelse(target_build_variant, `eng', $1, ifelse(target
 # has ceased.
 #
 define(`permissive_or_unconfined', ifelse(force_permissive_to_unconfined, `false', permissive $1;, unconfined_domain($1)))
+
+#####################################
+# write_logd(domain)
+# Ability to write to android log
+# daemon via sockets
+define(`write_logd', `
+userdebug_or_eng(`
+  # Debug output
+  type_transition $1 device:file logd_debug;
+  allow $1 device:dir rw_dir_perms;
+  allow $1 logd_debug:file create_file_perms;
+')
+unix_socket_send($1, logdw, logd)
+')
+
+#####################################
+# read_logd(domain)
+# Ability to read from android
+# log daemon via sockets
+define(`read_logd', `
+unix_socket_connect($1, logdr, logd)
+')
+
+#####################################
+# control_logd(domain)
+# Ability to control
+# android log daemon via sockets
+define(`control_logd', `
+# Group AID_LOG checked by filesystem & logd
+# to permit control commands
+unix_socket_connect($1, logd, logd)
+')