Home | History | Annotate | Download | only in public 
      1 # dumpstate
      2 type dumpstate, domain, mlstrustedsubject;
      3 type dumpstate_exec, exec_type, file_type;
      4 
      5 net_domain(dumpstate)
      6 binder_use(dumpstate)
      7 wakelock_use(dumpstate)
      8 
      9 # Allow setting process priority, protect from OOM killer, and dropping
     10 # privileges by switching UID / GID
     11 allow dumpstate self:capability { setuid setgid sys_resource };
     12 
     13 # Allow dumpstate to scan through /proc/pid for all processes
     14 r_dir_file(dumpstate, domain)
     15 
     16 allow dumpstate self:capability {
     17     # Send signals to processes
     18     kill
     19     # Run iptables
     20     net_raw
     21     net_admin
     22 };
     23 
     24 # Allow executing files on system, such as:
     25 #   /system/bin/toolbox
     26 #   /system/bin/logcat
     27 #   /system/bin/dumpsys
     28 allow dumpstate system_file:file execute_no_trans;
     29 not_full_treble(`allow dumpstate vendor_file:file execute_no_trans;')
     30 allow dumpstate toolbox_exec:file rx_file_perms;
     31 
     32 # Create and write into /data/anr/
     33 allow dumpstate self:capability { dac_override chown fowner fsetid };
     34 allow dumpstate anr_data_file:dir rw_dir_perms;
     35 allow dumpstate anr_data_file:file create_file_perms;
     36 
     37 # Allow reading /data/system/uiderrors.txt
     38 # TODO: scope this down.
     39 allow dumpstate system_data_file:file r_file_perms;
     40 
     41 # Read dmesg
     42 allow dumpstate self:capability2 syslog;
     43 allow dumpstate kernel:system syslog_read;
     44 
     45 # Read /sys/fs/pstore/console-ramoops
     46 allow dumpstate pstorefs:dir r_dir_perms;
     47 allow dumpstate pstorefs:file r_file_perms;
     48 
     49 # Get process attributes
     50 allow dumpstate domain:process getattr;
     51 
     52 # Signal java processes to dump their stack
     53 allow dumpstate { appdomain system_server }:process signal;
     54 
     55 # Signal native processes to dump their stack.
     56 allow dumpstate {
     57   # This list comes from native_processes_to_dump in dumpstate/utils.c
     58   audioserver
     59   cameraserver
     60   drmserver
     61   inputflinger
     62   mediadrmserver
     63   mediaextractor
     64   mediaserver
     65   sdcardd
     66   surfaceflinger
     67 
     68   # This list comes from hal_interfaces_to_dump in dumpstate/utils.c
     69   hal_audio_server
     70   hal_bluetooth_server
     71   hal_camera_server
     72   hal_graphics_composer_server
     73   hal_vr_server
     74   mediacodec # TODO(b/36375899): hal_omx_server
     75 }:process signal;
     76 
     77 # Connect to tombstoned to intercept dumps.
     78 unix_socket_connect(dumpstate, tombstoned_intercept, tombstoned)
     79 
     80 # TODO: added to match above sysfs rule. Remove me?
     81 allow dumpstate sysfs_usb:file w_file_perms;
     82 
     83 # Other random bits of data we want to collect
     84 allow dumpstate qtaguid_proc:file r_file_perms;
     85 allow dumpstate debugfs:file r_file_perms;
     86 # df for /storage/emulated needs search
     87 allow dumpstate { storage_file block_device }:dir { search getattr };
     88 allow dumpstate fuse_device:chr_file getattr;
     89 allow dumpstate { dm_device cache_block_device }:blk_file getattr;
     90 
     91 # Read /dev/cpuctl and /dev/cpuset
     92 r_dir_file(dumpstate, cgroup)
     93 
     94 # Allow dumpstate to make binder calls to any binder service
     95 binder_call(dumpstate, binderservicedomain)
     96 binder_call(dumpstate, { appdomain netd wificond })
     97 
     98 hal_client_domain(dumpstate, hal_dumpstate)
     99 hal_client_domain(dumpstate, hal_graphics_allocator)
    100 # Vibrate the device after we are done collecting the bugreport
    101 hal_client_domain(dumpstate, hal_vibrator)
    102 # For passthrough mode:
    103 allow dumpstate sysfs_vibrator:file { rw_file_perms getattr };
    104 
    105 # Reading /proc/PID/maps of other processes
    106 allow dumpstate self:capability sys_ptrace;
    107 
    108 # Allow the bugreport service to create a file in
    109 # /data/data/com.android.shell/files/bugreports/bugreport
    110 allow dumpstate shell_data_file:dir create_dir_perms;
    111 allow dumpstate shell_data_file:file create_file_perms;
    112 
    113 # Run a shell.
    114 allow dumpstate shell_exec:file rx_file_perms;
    115 
    116 # For running am and similar framework commands.
    117 # Run /system/bin/app_process.
    118 allow dumpstate zygote_exec:file rx_file_perms;
    119 # Dalvik Compiler JIT.
    120 allow dumpstate ashmem_device:chr_file execute;
    121 allow dumpstate self:process execmem;
    122 # For art.
    123 allow dumpstate dalvikcache_data_file:dir { search getattr };
    124 allow dumpstate dalvikcache_data_file:file { r_file_perms execute };
    125 allow dumpstate dalvikcache_data_file:lnk_file r_file_perms;
    126 
    127 # For Bluetooth
    128 allow dumpstate bluetooth_data_file:dir search;
    129 allow dumpstate bluetooth_logs_data_file:dir r_dir_perms;
    130 allow dumpstate bluetooth_logs_data_file:file r_file_perms;
    131 
    132 # Dumpstate calls screencap, which grabs a screenshot. Needs gpu access
    133 allow dumpstate gpu_device:chr_file rw_file_perms;
    134 
    135 # logd access
    136 read_logd(dumpstate)
    137 control_logd(dumpstate)
    138 read_runtime_log_tags(dumpstate)
    139 
    140 # Read /proc/net
    141 allow dumpstate proc_net:file r_file_perms;
    142 
    143 # Read network state info files.
    144 allow dumpstate net_data_file:dir search;
    145 allow dumpstate net_data_file:file r_file_perms;
    146 
    147 # List sockets via ss.
    148 allow dumpstate self:netlink_tcpdiag_socket { create_socket_perms_no_ioctl nlmsg_read };
    149 
    150 # Access /data/tombstones.
    151 allow dumpstate tombstone_data_file:dir r_dir_perms;
    152 allow dumpstate tombstone_data_file:file r_file_perms;
    153 
    154 # Access /cache/recovery
    155 allow dumpstate cache_recovery_file:dir r_dir_perms;
    156 allow dumpstate cache_recovery_file:file r_file_perms;
    157 
    158 # Access /data/misc/recovery
    159 allow dumpstate recovery_data_file:dir r_dir_perms;
    160 allow dumpstate recovery_data_file:file r_file_perms;
    161 
    162 # Access /data/misc/profiles/{cur,ref}/
    163 userdebug_or_eng(`
    164   allow dumpstate user_profile_data_file:dir r_dir_perms;
    165   allow dumpstate user_profile_data_file:file r_file_perms;
    166 ')
    167 
    168 # Access /data/misc/logd
    169 userdebug_or_eng(`
    170   allow dumpstate misc_logd_file:dir r_dir_perms;
    171   allow dumpstate misc_logd_file:file r_file_perms;
    172 ')
    173 
    174 allow dumpstate { service_manager_type -gatekeeper_service -dumpstate_service -incident_service -virtual_touchpad_service -vr_hwc_service }:service_manager find;
    175 allow dumpstate servicemanager:service_manager list;
    176 allow dumpstate hwservicemanager:hwservice_manager list;
    177 
    178 allow dumpstate devpts:chr_file rw_file_perms;
    179 
    180 # Set properties.
    181 # dumpstate_prop is used to share state with the Shell app.
    182 set_prop(dumpstate, dumpstate_prop)
    183 # dumpstate_options_prop is used to pass extra command-line args.
    184 set_prop(dumpstate, dumpstate_options_prop)
    185 
    186 # Read device's serial number from system properties
    187 get_prop(dumpstate, serialno_prop)
    188 
    189 # Read state of logging-related properties
    190 get_prop(dumpstate, device_logging_prop)
    191 
    192 # Access to /data/media.
    193 # This should be removed if sdcardfs is modified to alter the secontext for its
    194 # accesses to the underlying FS.
    195 allow dumpstate media_rw_data_file:dir getattr;
    196 allow dumpstate proc_interrupts:file r_file_perms;
    197 allow dumpstate proc_zoneinfo:file r_file_perms;
    198 
    199 # Create a service for talking back to system_server
    200 add_service(dumpstate, dumpstate_service)
    201 
    202 ###
    203 ### neverallow rules
    204 ###
    205 
    206 # dumpstate has capability sys_ptrace, but should only use that capability for
    207 # accessing sensitive /proc/PID files, never for using ptrace attach.
    208 neverallow dumpstate *:process ptrace;
    209 
    210 # only system_server, dumpstate and shell can find the dumpstate service
    211 neverallow { domain -system_server -shell -dumpstate } dumpstate_service:service_manager find;
    212 
    213 # Dumpstate should not be writing to any generically labeled sysfs files.
    214 # Create a specific label for the file type
    215 neverallow dumpstate sysfs:file no_w_file_perms;
    216