From 715e2ae38379c1fa9b057ed0dbb1121ab9f99a33 Mon Sep 17 00:00:00 2001
From: Max Bires <jbires@google.com>
Date: Tue, 13 Mar 2018 09:56:27 -0700
Subject: [PATCH] Adding ability for priv apps to read traceur fd

Only untrusted apps had privilegs to read file descriptors passed in
from traceur, which was an oversight. This fixes the policy so that priv
apps can also access file descriptors from traceur in order to read
reports shared from traceur.

Bug: 74435522
Test: better bug has access to reports shared from traceur
Change-Id: I591872cdac31eec62edbc81d95f1220f1152427f
---
 private/priv_app.te | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/private/priv_app.te b/private/priv_app.te
index 565aa4aa5..80425dd8a 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -58,6 +58,9 @@ allow priv_app media_rw_data_file:file create_file_perms;
 allow priv_app shell_data_file:file r_file_perms;
 allow priv_app shell_data_file:dir r_dir_perms;
 
+# Allow traceur to pass file descriptors through a content provider to betterbug
+allow priv_app trace_data_file:file { getattr read };
+
 # Allow verifier to access staged apks.
 allow priv_app { apk_tmp_file apk_private_tmp_file }:dir r_dir_perms;
 allow priv_app { apk_tmp_file apk_private_tmp_file }:file r_file_perms;
@@ -191,3 +194,8 @@ neverallow priv_app mlstrustedsubject:process fork;
 # bugs, so we want to ensure priv_app never has this
 # capability.
 neverallow priv_app file_type:file link;
+
+# priv apps should not be able to open trace data files, they should depend
+# upon traceur to pass a file descriptor which they can then read
+neverallow priv_app trace_data_file:dir *;
+neverallow priv_app trace_data_file:file { no_w_file_perms open };
-- 
GitLab