crash_dump: remove /system/bin/logcat execute permissions

Currently, crash_dump has the following line: read_logd(crash_dump) which is a macro defined as: ##################################### # read_logd(domain) # Ability to run logcat and read from android # log daemon via sockets define(`read_logd', ` allow $1 logcat_exec:file rx_file_perms; unix_socket_connect($1, logdr, logd) ') which grants both the ability to talk directly to a logd socket, as well as the ability to execute the /system/bin/logcat command line tool. This is unneeded (and problematic) for crash_dump. Crash_dump uses standard, vndk approved libraries to talk directly to logd. It never exec()s the (non-vndk approved) logcat command. As crash_dump is a vndk approved component and executed by vendor code, allowing this transitively makes /system/bin/logcat a vndk component too, which we want to avoid. Instead of using the read_logd() macro, just directly add the unix_socket_connect() call. This allows talking directly to logd, but blocks the use of the (unneeded) /system/bin/logcat executable. Test: crasher binary still works when executed from adb shell Change-Id: I1fe9d0f5f0234c96454a0d91338fa2656f083345

crash_dump: remove /system/bin/logcat execute permissions
Currently, crash_dump has the following line: read_logd(crash_dump) which is a macro defined as: ##################################### # read_logd(domain) # Ability to run logcat and read from android # log daemon via sockets define(`read_logd', ` allow $1 logcat_exec:file rx_file_perms; unix_socket_connect($1, logdr, logd) ') which grants both the ability to talk directly to a logd socket, as well as the ability to execute the /system/bin/logcat command line tool. This is unneeded (and problematic) for crash_dump. Crash_dump uses standard, vndk approved libraries to talk directly to logd. It never exec()s the (non-vndk approved) logcat command. As crash_dump is a vndk approved component and executed by vendor code, allowing this transitively makes /system/bin/logcat a vndk component too, which we want to avoid. Instead of using the read_logd() macro, just directly add the unix_socket_connect() call. This allows talking directly to logd, but blocks the use of the (unneeded) /system/bin/logcat executable. Test: crasher binary still works when executed from adb shell Change-Id: I1fe9d0f5f0234c96454a0d91338fa2656f083345
702fd0af · Nick Kralevich · 58de4843 · 702fd0af
Commit 702fd0af authored 6 years ago by Nick Kralevich
--- a/public/crash_dump.te
+++ b/public/crash_dump.te
@@ -46,7 +46,9 @@ allow crash_dump anr_data_file:file { append getattr };
 # Append to tombstone files.
 allow crash_dump tombstone_data_file:file { append getattr };

-read_logd(crash_dump)
+# crash_dump writes out logcat logs at the bottom of tombstones,
+# which is super useful in some cases.
+unix_socket_connect(crash_dump, logdr, logd)

 # Crash dump is not intended to access the following data types. Since these
 # are WAI, suppress the denials to clean up the logs.