Merge "dumpstate: remove access to 'proc' and 'sysfs' types."

0a2f8627 · Tri Vo · Gerrit Code Review · 873d6ad6 · 218d87c0 · 0a2f8627
Commit 0a2f8627 authored 7 years ago by Tri Vo Committed by Gerrit Code Review 7 years ago
--- a/private/compat/26.0/26.0.cil
+++ b/private/compat/26.0/26.0.cil
@@ -452,6 +452,7 @@
  ( proc
    proc_abi
    proc_asound
+    proc_buddyinfo
    proc_cmdline
    proc_dirty
    proc_diskstats

--- a/private/domain.te
+++ b/private/domain.te
@@ -24,7 +24,6 @@ full_treble_only(`
  # /proc
  neverallow {
    coredomain
-    -dumpstate
    -vold
    -vendor_init
  } proc:file no_rw_file_perms;
@@ -32,7 +31,6 @@ full_treble_only(`
  # /sys
  neverallow {
    coredomain
-    -dumpstate
    -init
    -ueventd
    -vold

--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -3,6 +3,7 @@ genfscon rootfs / u:object_r:rootfs:s0
 # proc labeling can be further refined (longest matching prefix).
 genfscon proc / u:object_r:proc:s0
 genfscon proc /asound u:object_r:proc_asound:s0
+genfscon proc /buddyinfo u:object_r:proc_buddyinfo:s0
 genfscon proc /cmdline u:object_r:proc_cmdline:s0
 genfscon proc /config.gz u:object_r:config_gz:s0
 genfscon proc /diskstats u:object_r:proc_diskstats:s0

--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -82,8 +82,14 @@ allow dumpstate {
 # Connect to tombstoned to intercept dumps.
 unix_socket_connect(dumpstate, tombstoned_intercept, tombstoned)
-# TODO: added to match above sysfs rule. Remove me?
+# Access to /sys
-allow dumpstate sysfs_usb:file w_file_perms;
+allow dumpstate sysfs_type:dir r_dir_perms;
+allow dumpstate {
+  sysfs_dm
+  sysfs_usb
+  sysfs_zram
+}:file r_file_perms;
 # Other random bits of data we want to collect
 allow dumpstate qtaguid_proc:file r_file_perms;
@@ -113,8 +119,6 @@ hal_client_domain(dumpstate, hal_dumpstate)
 hal_client_domain(dumpstate, hal_graphics_allocator)
 # Vibrate the device after we are done collecting the bugreport
 hal_client_domain(dumpstate, hal_vibrator)
-# For passthrough mode:
-allow dumpstate sysfs_vibrator:file { rw_file_perms getattr };
 # Reading /proc/PID/maps of other processes
 allow dumpstate self:global_capability_class_set sys_ptrace;
@@ -153,15 +157,18 @@ read_runtime_log_tags(dumpstate)
 # Read files in /proc
 allow dumpstate {
+  proc_buddyinfo
  proc_cmdline
  proc_meminfo
+  proc_modules
  proc_net
  proc_pipe_conf
  proc_pagetypeinfo
+  proc_qtaguid_stat
  proc_version
  proc_vmallocinfo
+  proc_vmstat
 }:file r_file_perms;
-r_dir_file(dumpstate, proc)
 # Read network state info files.
 allow dumpstate net_data_file:dir search;
@@ -249,9 +256,6 @@ add_service(dumpstate, dumpstate_service)
 # use /dev/ion for screen capture
 allow dumpstate ion_device:chr_file r_file_perms;
-# read default labeled files in /sys
-r_dir_file(dumpstate, sysfs)
 # Allow dumpstate to run top
 allow dumpstate proc_stat:file r_file_perms;
@@ -282,7 +286,3 @@ neverallow {
  userdebug_or_eng(`-traceur_app')
  -dumpstate
 } dumpstate_service:service_manager find;
-# Dumpstate should not be writing to any generically labeled sysfs files.
-# Create a specific label for the file type
-neverallow dumpstate sysfs:file no_w_file_perms;
--- a/public/file.te
+++ b/public/file.te
@@ -16,6 +16,7 @@ type proc_qtaguid_stat, fs_type, mlstrustedobject;
 type proc_bluetooth_writable, fs_type;
 type proc_abi, fs_type;
 type proc_asound, fs_type;
+type proc_buddyinfo, fs_type;
 type proc_cmdline, fs_type;
 type proc_cpuinfo, fs_type;
 type proc_dirty, fs_type;