Allowing incidentd to get stack traces from processes.

Bug: 72177715 Test: flash device and check incident output Change-Id: I16c172caec235d985a6767642134fbd5e5c23912

Allowing incidentd to get stack traces from processes.
985db6d8 · Kweku Adams · kwekua · 38a84cf8 · 985db6d8 · 985db6d8
Commit 985db6d8 authored 7 years ago by Kweku Adams Committed by kwekua 6 years ago
--- a/private/domain.te
+++ b/private/domain.te
@@ -9,6 +9,7 @@ neverallow {
  domain
  -vold
  -dumpstate
+  userdebug_or_eng(`-incidentd')
  -storaged
  -system_server
  userdebug_or_eng(`-perfprofd')

--- a/private/incidentd.te
+++ b/private/incidentd.te
@@ -46,32 +46,47 @@ userdebug_or_eng(`allow incidentd pstorefs:file r_file_perms');
 allow incidentd incident_data_file:dir rw_dir_perms;
 allow incidentd incident_data_file:file create_file_perms;
-# Get process attributes
+# Enable incidentd to get stack traces.
-# TODO allow incidentd domain:process getattr;
+binder_use(incidentd)
+hwbinder_use(incidentd)
+allow incidentd hwservicemanager:hwservice_manager { list };
+get_prop(incidentd, hwservicemanager_prop)
+allow incidentd hidl_manager_hwservice:hwservice_manager { find };
 # Read files in /proc
 allow incidentd {
+  proc_cmdline
+  proc_pipe_conf
  proc_stat
 }:file r_file_perms;
 # Signal java processes to dump their stack and get the results
-# TODO allow incidentd { appdomain ephemeral_app system_server }:process signal;
+allow incidentd { appdomain ephemeral_app system_server }:process signal;
-# TODO allow incidentd anr_data_file:dir create_dir_perms;
-# TODO allow incidentd anr_data_file:file create_file_perms;
 # Signal native processes to dump their stack.
 # This list comes from native_processes_to_dump in incidentd/utils.c
 allow incidentd {
+  # This list comes from native_processes_to_dump in dumputils/dump_utils.cpp
  audioserver
  cameraserver
  drmserver
  inputflinger
-  mediacodec
  mediadrmserver
  mediaextractor
+  mediametrics
  mediaserver
  sdcardd
+  statsd
  surfaceflinger
+  # This list comes from hal_interfaces_to_dump in dumputils/dump_utils.cpp
+  hal_audio_server
+  hal_bluetooth_server
+  hal_camera_server
+  hal_graphics_composer_server
+  hal_sensors_server
+  hal_vr_server
+  mediacodec # TODO(b/36375899): hal_omx_server
 }:process signal;
 # Allow incidentd to make binder calls to any binder service
@@ -79,7 +94,18 @@ binder_call(incidentd, system_server)
 binder_call(incidentd, appdomain)
 # Reading /proc/PID/maps of other processes
-# TODO allow incidentd self:global_capability_class_set sys_ptrace;
+userdebug_or_eng(`allow incidentd self:global_capability_class_set { sys_ptrace }');
+# incidentd has capability sys_ptrace, but should only use that capability for
+# accessing sensitive /proc/PID files, never for using ptrace attach.
+neverallow incidentd *:process ptrace;
+allow incidentd self:global_capability_class_set {
+    # Send signals to processes
+    kill
+};
+# Connect to tombstoned to intercept dumps.
+unix_socket_connect(incidentd, tombstoned_intercept, tombstoned)
 # Run a shell.
 allow incidentd shell_exec:file rx_file_perms;

--- a/private/system_server.te
+++ b/private/system_server.te
@@ -366,10 +366,11 @@ allow system_server anr_data_file:file create_file_perms;
 #
 # Allow system_server to connect and write to the tombstoned java trace socket in
 # order to dump its traces. Also allow the system server to write its traces to
-# dumpstate during bugreport capture.
+# dumpstate during bugreport capture and incidentd during incident collection.
 unix_socket_connect(system_server, tombstoned_java_trace, tombstoned)
 allow system_server tombstoned:fd use;
 allow system_server dumpstate:fifo_file append;
+allow system_server incidentd:fifo_file append;
 # Read /data/misc/incidents - only read. The fd will be sent over binder,
 # with no DAC access to it, for dropbox to read.

--- a/public/app.te
+++ b/public/app.te
@@ -150,6 +150,7 @@ allow appdomain anr_data_file:file { open append };
 unix_socket_connect(appdomain, tombstoned_java_trace, tombstoned)
 allow appdomain tombstoned:fd use;
 allow appdomain dumpstate:fifo_file append;
+allow appdomain incidentd:fifo_file append;
 # Allow apps to send dump information to dumpstate
 allow appdomain dumpstate:fd use;
@@ -157,6 +158,10 @@ allow appdomain dumpstate:unix_stream_socket { read write getopt getattr shutdow
 allow appdomain dumpstate:fifo_file { write getattr };
 allow appdomain shell_data_file:file { write getattr };
+# Allow apps to send dump information to incidentd
+allow appdomain incidentd:fd use;
+allow appdomain incidentd:fifo_file { write getattr };
 # Write profiles /data/misc/profiles
 allow appdomain user_profile_data_file:dir { search write add_name };
 allow appdomain user_profile_data_file:file create_file_perms;

--- a/public/domain.te
+++ b/public/domain.te
@@ -1034,6 +1034,7 @@ neverallow {
  -tombstoned
  -crash_dump
  -dumpstate
+  -incidentd
  -system_server
  # Processes that can't exec crash_dump
@@ -1041,10 +1042,10 @@ neverallow {
  -mediaextractor
 } tombstoned_crash_socket:unix_stream_socket connectto;
-# Never allow anyone except dumpstate or the system server to connect or write to
+# Never allow anyone except dumpstate, incidentd, or the system server to connect or write to
 # the tombstoned intercept socket.
-neverallow { domain -dumpstate -system_server } tombstoned_intercept_socket:sock_file write;
+neverallow { domain -dumpstate -incidentd -system_server } tombstoned_intercept_socket:sock_file write;
-neverallow { domain -dumpstate -system_server } tombstoned_intercept_socket:unix_stream_socket connectto;
+neverallow { domain -dumpstate -incidentd -system_server } tombstoned_intercept_socket:unix_stream_socket connectto;
 # Android does not support System V IPCs.
 #

--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -57,7 +57,7 @@ allow dumpstate { appdomain system_server }:process signal;
 # Signal native processes to dump their stack.
 allow dumpstate {
-  # This list comes from native_processes_to_dump in dumpstate/utils.c
+  # This list comes from native_processes_to_dump in dumputils/dump_utils.c
  audioserver
  cameraserver
  drmserver
@@ -69,7 +69,7 @@ allow dumpstate {
  sdcardd
  surfaceflinger
-  # This list comes from hal_interfaces_to_dump in dumpstate/utils.c
+  # This list comes from hal_interfaces_to_dump in dumputils/dump_utils.c
  hal_audio_server
  hal_bluetooth_server
  hal_camera_server

--- a/public/te_macros
+++ b/public/te_macros
@@ -505,8 +505,10 @@ userdebug_or_eng(`
 ')
 allow $1 anr_data_file:file append;
 allow $1 dumpstate:fd use;
+allow $1 incidentd:fd use;
 # TODO: Figure out why write is needed.
 allow $1 dumpstate:fifo_file { append write };
+allow $1 incidentd:fifo_file { append write };
 allow $1 system_server:fifo_file { append write };
 allow $1 tombstoned:unix_stream_socket connectto;
 allow $1 tombstoned:fd use;