From e4b3e0b684e2e6b4e74d22c2ffb3a4a601bff098 Mon Sep 17 00:00:00 2001
From: Mark Salyzyn <salyzyn@google.com>
Date: Tue, 20 Feb 2018 11:02:39 -0800
Subject: [PATCH] llkd: add live-lock daemon

Introduce a standalone live-lock daemon (llkd), to catch kernel
or native user space deadlocks and take mitigating actions.

Test: llkd_unit_test
Bug: 33808187
Bug: 72838192
Change-Id: If869ecd06e5ce7b04bba1dafd0a77971b71aa517
---
 private/compat/26.0/26.0.ignore.cil |  3 +++
 private/compat/27.0/27.0.ignore.cil |  3 +++
 private/file_contexts               |  1 +
 private/genfs_contexts              |  2 +-
 private/llkd.te                     | 32 +++++++++++++++++++++++++++++
 public/llkd.te                      |  3 +++
 6 files changed, 43 insertions(+), 1 deletion(-)
 create mode 100644 private/llkd.te
 create mode 100644 public/llkd.te

diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 8b9415ab3..b0b5f19b4 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -62,6 +62,9 @@
     incident_helper
     incident_helper_exec
     kmsg_debug_device
+    llkd
+    llkd_exec
+    llkd_tmpfs
     last_boot_reason_prop
     mediaprovider_tmpfs
     netd_stable_secret_prop
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 86aa89088..d2ab47477 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -54,6 +54,9 @@
     incident_helper
     incident_helper_exec
     last_boot_reason_prop
+    llkd
+    llkd_exec
+    llkd_tmpfs
     lowpan_device
     lowpan_prop
     lowpan_service
diff --git a/private/file_contexts b/private/file_contexts
index 393993aa8..b55fb9d38 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -249,6 +249,7 @@
 /system/bin/dnsmasq     u:object_r:dnsmasq_exec:s0
 /system/bin/healthd     u:object_r:healthd_exec:s0
 /system/bin/clatd	u:object_r:clatd_exec:s0
+/system/bin/llkd        u:object_r:llkd_exec:s0
 /system/bin/lmkd        u:object_r:lmkd_exec:s0
 /system/bin/usbd   u:object_r:usbd_exec:s0
 /system/bin/inputflinger u:object_r:inputflinger_exec:s0
diff --git a/private/genfs_contexts b/private/genfs_contexts
index eca489c28..c07691826 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -38,7 +38,7 @@ genfscon proc /sys/kernel/domainname u:object_r:proc_hostname:s0
 genfscon proc /sys/kernel/dmesg_restrict u:object_r:proc_security:s0
 genfscon proc /sys/kernel/hostname u:object_r:proc_hostname:s0
 genfscon proc /sys/kernel/hotplug u:object_r:usermodehelper:s0
-genfscon proc /sys/kernel/hung_task_timeout_secs u:object_r:proc_hung_task:s0
+genfscon proc /sys/kernel/hung_task_ u:object_r:proc_hung_task:s0
 genfscon proc /sys/kernel/kptr_restrict u:object_r:proc_security:s0
 genfscon proc /sys/kernel/modprobe u:object_r:usermodehelper:s0
 genfscon proc /sys/kernel/modules_disabled u:object_r:proc_security:s0
diff --git a/private/llkd.te b/private/llkd.te
new file mode 100644
index 000000000..54c6d049b
--- /dev/null
+++ b/private/llkd.te
@@ -0,0 +1,32 @@
+# llkd Live LocK Daemon
+typeattribute llkd coredomain;
+
+init_daemon_domain(llkd)
+
+allow llkd self:global_capability_class_set kill;
+
+# llkd optionally locks itself in memory, to prevent it from being
+# swapped out and unable to discover a kernel in live-lock state.
+allow llkd self:global_capability_class_set ipc_lock;
+
+# Send kill signals to _anyone_ suffering from Live Lock
+allow llkd domain:process sigkill;
+
+# live lock watchdog process allowed to look through /proc/
+allow llkd domain:dir r_dir_perms;
+allow llkd domain:file r_file_perms;
+allow llkd domain:lnk_file read;
+# Set /proc/sys/kernel/hung_task_*
+allow llkd proc_hung_task:file rw_file_perms;
+
+# live lock watchdog process allowed to dump process trace and
+# reboot because orderly shutdown may not be possible.
+allow llkd proc_sysrq:file w_file_perms;
+allow llkd kmsg_device:chr_file w_file_perms;
+
+### neverallow rules
+
+neverallow { domain -init } llkd:process { dyntransition transition };
+
+# never honor LD_PRELOAD
+neverallow * llkd:process noatsecure;
diff --git a/public/llkd.te b/public/llkd.te
new file mode 100644
index 000000000..afc508d4f
--- /dev/null
+++ b/public/llkd.te
@@ -0,0 +1,3 @@
+# llkd Live LocK Daemon
+type llkd, domain, mlstrustedsubject;
+type llkd_exec, exec_type, file_type;
-- 
GitLab