From 837bc42f5f52760c511140b5ae146898ea75cba8 Mon Sep 17 00:00:00 2001
From: Calin Juravle <calin@google.com>
Date: Tue, 23 Feb 2016 16:34:23 +0000
Subject: [PATCH] Add SElinux policies to allow foreign dex usage tracking.

This is a special profile folder where apps will leave profile markers
for the dex files they load and don't own. System server will read the
markers and decide which apk should be fully compiled instead of
profile guide compiled.

Apps need only to be able to create (touch) files in this directory.
System server needs only to be able to check wheter or not a file with a
given name exists.

Bug: 27334750
Bug: 26080105

Change-Id: I2256e4aba1ec0e5117de6497123223b9a74f404e
---
 app.te           | 7 +++++++
 file.te          | 1 +
 file_contexts    | 1 +
 installd.te      | 2 ++
 system_server.te | 7 +++++++
 untrusted_app.te | 1 +
 6 files changed, 19 insertions(+)

diff --git a/app.te b/app.te
index 5ba0e74ad..ae3a24099 100644
--- a/app.te
+++ b/app.te
@@ -116,6 +116,9 @@ allow appdomain shell_data_file:file { write getattr };
 # Write profiles /data/misc/profiles
 allow appdomain user_profile_data_file:dir { search write add_name };
 allow appdomain user_profile_data_file:file create_file_perms;
+# Profiles for foreign dex files are just markers and only need create permissions.
+allow appdomain user_profile_foreign_dex_data_file:dir { search write add_name };
+allow appdomain user_profile_foreign_dex_data_file:file create;
 
 # Send heap dumps to system_server via an already open file descriptor
 # % adb shell am set-watch-heap com.android.systemui 1048576
@@ -419,3 +422,7 @@ neverallow appdomain {
   security_file
   tmpfs
 }:lnk_file no_w_file_perms;
+
+# Foreign dex profiles are just markers. Prevent apps to do anything but touch them.
+neverallow appdomain user_profile_foreign_dex_data_file:file rw_file_perms;
+neverallow appdomain user_profile_foreign_dex_data_file:dir { open getattr read ioctl remove_name };
diff --git a/file.te b/file.te
index 1efdc58f6..48d68024a 100644
--- a/file.te
+++ b/file.te
@@ -88,6 +88,7 @@ type dalvikcache_data_file, file_type, data_file_type;
 type ota_data_file, file_type, data_file_type;
 # /data/misc/profiles
 type user_profile_data_file, file_type, data_file_type, mlstrustedobject;
+type user_profile_foreign_dex_data_file, file_type, data_file_type, mlstrustedobject;
 # /data/resource-cache
 type resourcecache_data_file, file_type, data_file_type;
 # /data/local - writable by shell
diff --git a/file_contexts b/file_contexts
index e94c95ea5..d777ba1a5 100644
--- a/file_contexts
+++ b/file_contexts
@@ -294,6 +294,7 @@
 # TODO(calin) label profile reference differently so that only
 # profman run as a special user can write to them
 /data/misc/profiles/cur(/.*)?       u:object_r:user_profile_data_file:s0
+/data/misc/profiles/cur/[0-9]+/foreign-dex(/.*)? u:object_r:user_profile_foreign_dex_data_file:s0
 /data/misc/profiles/ref(/.*)?       u:object_r:user_profile_data_file:s0
 
 # Fingerprint data
diff --git a/installd.te b/installd.te
index 688a7e6c0..f4ea424c3 100644
--- a/installd.te
+++ b/installd.te
@@ -115,6 +115,8 @@ allow installd {
 # Similar for the files under /data/misc/profiles/
 allow installd user_profile_data_file:dir create_dir_perms;
 allow installd user_profile_data_file:file create_file_perms;
+allow installd user_profile_data_file:dir rmdir;
+allow installd user_profile_data_file:file unlink;
 
 # Create and use pty created by android_fork_execvp().
 allow installd devpts:chr_file rw_file_perms;
diff --git a/system_server.te b/system_server.te
index 1dd7a6ed4..456691af7 100644
--- a/system_server.te
+++ b/system_server.te
@@ -11,6 +11,13 @@ tmpfs_domain(system_server)
 allow system_server dalvikcache_data_file:file execute;
 allow system_server dalvikcache_data_file:dir r_dir_perms;
 
+# Enable system server to check the foreign dex usage markers.
+# We need search on top level directories so that we can get to the files
+allow system_server user_profile_data_file:dir search;
+allow system_server user_profile_data_file:file getattr;
+allow system_server user_profile_foreign_dex_data_file:dir search;
+allow system_server user_profile_foreign_dex_data_file:file getattr;
+
 # /data/resource-cache
 allow system_server resourcecache_data_file:file r_file_perms;
 allow system_server resourcecache_data_file:dir r_dir_perms;
diff --git a/untrusted_app.te b/untrusted_app.te
index 8672f585d..bc062beff 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -173,6 +173,7 @@ neverallow untrusted_app {
   -media_rw_data_file       # Internal storage. Known that apps can
                             # leave artfacts here after uninstall.
   -user_profile_data_file   # Access to profile files
+  -user_profile_foreign_dex_data_file   # Access to profile files
   userdebug_or_eng(`
     -method_trace_data_file # only on ro.debuggable=1
     -coredump_file          # userdebug/eng only
-- 
GitLab